Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan, not sure which one, MB is popping up every minute

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan, not sure which one, MB is popping up every minute

Unread postby bfvmg » November 2nd, 2022, 2:36 pm

Hello,
I was distracted and accidently installed a fake teamviewer and got a trojan. I ran MB and it removed 6 infected files, but now I keep getting a Malwarebytes popup that states a Potential threat blocked, outbound connection, to a known malicious. Actual it has been to several different sites/IP addresses now. I can post those if you want, but I looked it up and its a Russian site. Every pop up says it Windows explorer dot exe that is attempting to make the connection.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02
Ran by bfvmg (administrator) on LARRYGDESKTOP (02-11-2022 12:27:12)
Running from C:\Users\Gaming Rig\Downloads
Loaded Profiles: Gaming Rig & bfvmg
Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Private Internet Access\pia-service.exe ->) (Private Internet Access, Inc. -> The OpenVPN Project) C:\Program Files\Private Internet Access\pia-openvpn.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(E:\Dropbox\keepassportable\KeePassPortable.exe ->) (Dominik Reichl) [File not signed] E:\Dropbox\keepassportable\App\keepass\KeePass.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Private Internet Access, Inc. -> Private Internet Access Incorporated) C:\Program Files\Private Internet Access\pia-client.exe
(explorer.exe ->) (Rare Ideas, LLC -> PortableApps.com) E:\Dropbox\keepassportable\KeePassPortable.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe
(services.exe ->) (Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Private Internet Access, Inc. -> ) C:\Program Files\Private Internet Access\pia-service.exe
(svchost.exe ->) (0) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (0) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6957520 2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11209952 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1067528 2022-07-26] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 49CBE933151872E17C8EAE7F0ABA97FB610F6477 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 9B74964506C7ED9138070D08D5F8B969866560C8 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [Private Internet Access] => C:\Program Files\Private Internet Access\pia-client.exe [5158848 2022-04-04] (Private Internet Access, Inc. -> Private Internet Access Incorporated)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13668840 2022-10-12] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [StopDesktop] => cmd /c start C:\Users\GAMING~1\StopDesktop.lnk -ep unrestricted -file C:\Users\GAMING~1\ToolPack.ps1 (No File) <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 1
HKLM\...\Windows x64\Print Processors\Canon MG2900 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCB.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-04-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\WINDOWS\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-02] (Google LLC -> Google LLC)
BootExecute: autocheck autochk *

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19269DDC-1B48-4B31-9DE4-8EE7C68875B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-07] (Google Inc -> Google Inc.)
Task: {1DAA26B7-11AD-4944-943D-B6514A3974D9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {217EF46A-EF9F-4DFE-9858-D85DF39DBE29} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {25029949-D923-44DB-8703-7BA5AB505463} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {290B844D-4C77-4758-8D1E-6E563D8ECCCC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {350F38B1-60E5-4710-BE45-AAC258DB350E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {65C23062-46B9-42CA-AE43-00220E6BB023} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D0F0406-9387-4921-828B-AF393A49DAC1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {6EA36273-61B5-46A5-8885-6EB293DF795C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {75C87FBA-121F-482D-B790-041EDF898641} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {77864F3C-9D13-4581-BF08-B83D0DB21FDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-07] (Google Inc -> Google Inc.)
Task: {795FFCC3-7C13-4502-96F3-1E12452A9B35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AB6984A-59A4-4DBF-A681-4D44D5BDB8C1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {80B28A30-B6BE-4649-8A5C-79E04F970EF8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {95B783B9-F60B-4B0D-A95E-42F94C2B16DA} - System32\Tasks\DropboxUpdateTaskMachineCore1d557d9b57b3d33 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {979CA967-685E-4F50-BAC6-4C74FFA992A6} - System32\Tasks\DropboxUpdateTaskMachineUA1d557d9b584db26 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A33393DB-4508-4B88-A3D0-4495635CAD81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A9CB30F7-A058-4E2F-82ED-591A3115F703} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BB9414F3-AE3A-43C5-B887-24C98F1FFB01} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe --startup (No File)
Task: {BD06E9B0-2B4F-4B62-A750-D01B8CB7B25A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C061CB52-E64C-4925-BE4B-CB50B0BD94AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C1B161CD-0C2D-48D4-B9B2-36016834236A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {D711F53F-A217-4B76-9161-B9B5D8ECB96A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3A194CA-4038-402A-8EB3-322A420864B1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E46E26F3-14BE-4914-B2DA-CE7E33AF3EF1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EEF094B4-12C8-4D38-869A-80A0E04A2CE3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F80E0379-29C5-4111-83F6-13D4F692E903} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d557d9b57b3d33.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d557d9b584db26.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{14e346d2-01e8-4920-82a8-d20a04213961}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{14e346d2-01e8-4920-82a8-d20a04213961}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9033b1a2-3d2b-4ecb-8656-ac02f1133a37}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{b35b1497-c300-4231-bab0-7b9bf6322769}: [DhcpNameServer] 10.0.0.243

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\bfvmg\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-02]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-07-26] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default [2019-09-07]
CHR Extension: (Slides) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-01]
CHR Extension: (Docs) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-01]
CHR Extension: (Google Drive) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-01]
CHR Extension: (YouTube) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-01]
CHR Extension: (Adobe Acrobat) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-07]
CHR Extension: (Sheets) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-01]
CHR Extension: (Gmail) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923656 2022-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8356816 2018-12-13] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-05-31] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.207.1002.0003\FileSyncHelper.exe [3475888 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2131432 2022-10-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-09-05] (GOG Sp. z o.o. -> GOG.com)
R2 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [875392 2022-01-21] (Glarysoft LTD -> Glarysoft Ltd)
R2 GUPMService; C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe [65408 2022-01-21] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.207.1002.0003\OneDriveUpdaterService.exe [3840944 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1254368 2022-04-04] (Private Internet Access, Inc. -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4452184 2022-04-04] (Private Internet Access, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [30720 2022-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Identiv)
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-11-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-11-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469280 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-02 12:18 - 2022-11-02 12:18 - 000069313 _____ C:\Users\Gaming Rig\Desktop\Addition.txt
2022-11-02 12:07 - 2022-11-02 12:07 - 000038656 _____ C:\Users\Gaming Rig\Desktop\FRST.txt
2022-11-02 11:46 - 2022-11-02 12:28 - 000029233 _____ C:\Users\Gaming Rig\Downloads\FRST.txt
2022-11-02 11:46 - 2022-11-02 12:27 - 000000000 ____D C:\FRST
2022-11-02 11:45 - 2022-11-02 11:45 - 002374144 _____ (Farbar) C:\Users\Gaming Rig\Downloads\FRST64.exe
2022-11-02 11:20 - 2022-11-02 11:20 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\mbam
2022-11-02 11:18 - 2022-11-02 11:18 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-02 11:18 - 2022-11-02 11:18 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-11-02 11:18 - 2022-11-02 11:17 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-02 11:17 - 2022-11-02 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-02 11:17 - 2022-11-02 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-02 09:49 - 2022-11-02 09:49 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Microsoft_Corporation
2022-11-02 09:40 - 2022-11-02 09:40 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\DropboxElectron
2022-11-02 09:40 - 2022-11-02 09:40 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\com.adobe.dunamis
2022-11-02 09:32 - 2022-11-02 09:35 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\gnupg
2022-11-02 09:32 - 2022-11-02 09:32 - 000000000 ____D C:\ProgramData\GNU
2022-11-02 09:31 - 2022-11-02 09:33 - 000252928 _____ (M2-Team) C:\Users\bfvmg\AppData\Roaming\Nsudo.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 030585424 _____ (g10 Code GmbH) C:\Users\bfvmg\AppData\Roaming\gpg4win-2.2.5.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 000167086 _____ C:\Users\bfvmg\AppData\Roaming\p107skw.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 000033410 _____ C:\Users\bfvmg\AppData\Roaming\djwndd.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 000000000 ____D C:\Program Files (x86)\GNU
2022-11-02 09:30 - 2022-11-02 09:35 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Installingi
2022-11-02 09:30 - 2022-11-02 09:30 - 000057408 _____ (NirSoft) C:\Users\Gaming Rig\AppData\Roaming\nircmd.exe
2022-11-02 09:30 - 2022-11-02 09:30 - 000009667 _____ C:\Users\bfvmg\AppData\Roaming\io.ps1
2022-11-02 09:30 - 2022-11-02 09:30 - 000004795 _____ C:\Users\Gaming Rig\AppData\Roaming\requestadmin.bat
2022-11-02 09:30 - 2022-11-02 09:30 - 000001732 _____ C:\Users\Gaming Rig\AppData\Roaming\user.ps1
2022-11-02 09:30 - 2022-11-02 09:30 - 000001155 _____ C:\Users\Gaming Rig\AppData\Roaming\newtest.bat
2022-11-02 09:27 - 2022-11-02 09:27 - 000000000 ____H C:\Users\Gaming Rig\Documents\Default.rdp
2022-10-31 16:20 - 2022-10-31 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-10-18 15:40 - 2022-10-24 16:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1002
2022-10-18 15:40 - 2022-10-24 16:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1001
2022-10-18 15:40 - 2022-10-24 16:13 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-10-17 14:08 - 2022-10-24 16:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-10-17 14:08 - 2022-10-24 16:13 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-17 14:08 - 2022-10-17 14:08 - 000000000 ___RD C:\Users\Default\OneDrive
2022-10-17 14:07 - 2022-10-17 14:07 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-10-17 14:06 - 2022-10-17 14:06 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-17 14:02 - 2022-11-02 09:37 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-17 14:02 - 2022-10-17 14:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-14 01:32 - 2022-10-23 13:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2022-10-14 01:32 - 2022-10-23 13:48 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-14 01:32 - 2022-10-23 13:48 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-12 03:07 - 2022-10-12 03:07 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 03:07 - 2022-10-12 03:07 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 03:06 - 2022-10-12 03:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-12 03:06 - 2022-10-12 03:06 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 03:00 - 2022-10-12 03:00 - 000000000 ___HD C:\$WinREAgent
2022-10-11 10:16 - 2022-10-11 10:16 - 000002393 _____ C:\Users\Gaming Rig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-10-11 10:16 - 2022-10-11 10:16 - 000000000 ____D C:\Users\Gaming Rig\AppData\Roaming\Teams

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-02 12:26 - 2017-09-07 19:00 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-02 12:25 - 2017-09-07 19:21 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-02 12:02 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-02 11:30 - 2018-12-13 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-02 11:30 - 2018-12-13 09:46 - 000000000 ____D C:\Program Files (x86)\Java
2022-11-02 11:29 - 2018-12-13 09:46 - 000168096 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2022-11-02 11:25 - 2022-01-27 08:51 - 000000000 ____D C:\Users\Gaming Rig
2022-11-02 11:18 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-02 10:57 - 2022-01-27 09:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-02 09:54 - 2022-01-27 09:32 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-02 09:54 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-02 09:48 - 2022-08-17 19:55 - 000000000 ____D C:\Users\Gaming Rig\AppData\Roaming\DropboxElectron
2022-11-02 09:48 - 2022-06-09 11:51 - 000000000 ___RD C:\Users\Gaming Rig\Creative Cloud Files
2022-11-02 09:48 - 2019-02-02 14:08 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\CrashDumps
2022-11-02 09:48 - 2017-09-09 07:23 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Dropbox
2022-11-02 09:47 - 2022-01-27 09:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-02 09:47 - 2022-01-27 09:21 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-02 09:47 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-02 09:47 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-02 09:46 - 2022-08-30 12:00 - 000000000 ____D C:\Program Files\HID Global
2022-11-02 09:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Registration
2022-11-02 09:40 - 2022-06-09 11:45 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\Adobe
2022-11-02 09:40 - 2022-06-09 11:41 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Adobe
2022-11-02 09:40 - 2018-11-16 19:52 - 000000000 ____D C:\Users\bfvmg\AppData\Local\D3DSCache
2022-11-02 09:40 - 2018-06-01 22:39 - 000000000 ____D C:\Users\bfvmg\AppData\Local\PlaceholderTileLogoFolder
2022-11-02 09:40 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Packages
2022-11-02 09:40 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Dropbox
2022-11-02 09:38 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-02 09:38 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-02 09:37 - 2022-01-27 09:21 - 000447992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-02 09:37 - 2018-06-01 22:38 - 000002336 _____ C:\Users\bfvmg\Desktop\Google Chrome.lnk
2022-11-02 09:37 - 2018-06-01 22:38 - 000000000 ___RD C:\Users\bfvmg\3D Objects
2022-11-02 09:37 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\ConnectedDevicesPlatform
2022-11-02 09:37 - 2017-09-07 18:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-02 02:27 - 2017-09-07 19:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-02 01:20 - 2022-09-09 10:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-01 06:33 - 2018-02-13 20:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-31 16:21 - 2017-09-09 07:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-10-29 20:32 - 2022-01-27 09:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-29 20:32 - 2022-01-27 09:21 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-23 13:48 - 2022-01-27 09:31 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-20 05:58 - 2019-08-22 02:54 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\PlaceholderTileLogoFolder
2022-10-19 13:27 - 2017-11-17 19:39 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Packages
2022-10-17 14:07 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-14 17:25 - 2022-01-27 14:47 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-14 17:25 - 2022-01-27 14:47 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d813929e4cc512
2022-10-12 03:46 - 2019-03-10 10:30 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2022-10-12 03:45 - 2018-05-21 20:37 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\D3DSCache
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 03:10 - 2019-12-07 03:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 03:10 - 2019-12-07 03:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 03:10 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 03:06 - 2022-01-27 09:23 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 02:59 - 2017-09-07 22:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 02:56 - 2017-09-07 22:00 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 10:16 - 2018-04-04 21:38 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\SquirrelTemp

==================== Files in the root of some directories ========

2022-09-05 14:30 - 2022-09-05 14:30 - 001106998 _____ (SQLite Development Team) C:\ProgramData\sqlite3.dll
2022-11-02 09:31 - 2022-11-02 09:31 - 000033410 _____ () C:\Users\bfvmg\AppData\Roaming\djwndd.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 030585424 _____ (g10 Code GmbH) C:\Users\bfvmg\AppData\Roaming\gpg4win-2.2.5.exe
2022-11-02 09:30 - 2022-11-02 09:30 - 000009667 _____ () C:\Users\bfvmg\AppData\Roaming\io.ps1
2022-11-02 09:31 - 2022-11-02 09:33 - 000252928 _____ (M2-Team) C:\Users\bfvmg\AppData\Roaming\Nsudo.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 000167086 _____ () C:\Users\bfvmg\AppData\Roaming\p107skw.exe.gpg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



==================== End of Addition.txt =======================
You do not have the required permissions to view the files attached to this post.
User avatar
bfvmg
Active Member
 
Posts: 14
Joined: March 15th, 2009, 11:00 pm
Advertisement
Register to Remove

Re: Trojan, not sure which one, MB is popping up every minut

Unread postby Gary R » November 3rd, 2022, 2:30 am

No clear signs of any active malware in your logs, however a few things that need further investigation, and a few things that need "tidying" up.

First ....

There are signs that you connect to a private network ...

Tcpip\Parameters: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{b35b1497-c300-4231-bab0-7b9bf6322769}: [DhcpNameServer] 10.0.0.243

... though this may (or may not) be used by ...

Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 3.3.1+06924 - Private Internet Access, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden

... which is a VPN network.

Do you know this address, do you use this VPN ???

You also have an Internet Explorer entry for connection to ...

IE trusted site: HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\osd.mil -> hxxps://dmdc.osd.mil

... which is related to Dept of Defence identity management

Is this a site you connect to ???


Next ....

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: Select all ) .....
Code: Select all
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 49CBE933151872E17C8EAE7F0ABA97FB610F6477 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 9B74964506C7ED9138070D08D5F8B969866560C8 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [StopDesktop] => cmd /c start C:\Users\GAMING~1\StopDesktop.lnk -ep unrestricted -file C:\Users\GAMING~1\ToolPack.ps1 (No File) <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 1
FirewallRules: [{01FCE285-1D0C-4B37-8FDD-F58F564C43DA}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{6B2F3F5F-DDFB-4F53-BDE2-EA6449C82240}] => (Allow) E:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [UDP Query User{E030CD2B-020F-4B46-B339-A2B2951CA3C0}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File
FirewallRules: [TCP Query User{640265B4-9E61-466D-A954-D5AB56B86057}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe => No File
FirewallRules: [UDP Query User{012C35B5-C2BB-417F-832D-2A679C1816BC}C:\users\gaming rig\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\gaming rig\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [TCP Query User{22190FBF-A116-4CB3-BF6C-6DFC9912F1CA}C:\users\gaming rig\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\gaming rig\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{2B6D49EE-1295-463C-A219-DADC920D75CE}C:\program files (x86)\portalarium\shroud of the avatar\shroud of the avatar - launcher.exe] => (Allow) C:\program files (x86)\portalarium\shroud of the avatar\shroud of the avatar - launcher.exe => No File
FirewallRules: [TCP Query User{35B28DF1-9620-4892-8230-9CFB639AEB82}C:\program files (x86)\portalarium\shroud of the avatar\shroud of the avatar - launcher.exe] => (Allow) C:\program files (x86)\portalarium\shroud of the avatar\shroud of the avatar - launcher.exe => No File
FirewallRules: [UDP Query User{93437402-8032-4FD9-B942-B08EF6E3358D}C:\users\gaming rig\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\gaming rig\appdata\local\mycomgames\gamecenter.exe => No File
FirewallRules: [TCP Query User{959794C2-159B-4E53-9891-062B1B8474B0}C:\users\gaming rig\appdata\local\mycomgames\gamecenter.exe] => (Allow) C:\users\gaming rig\appdata\local\mycomgames\gamecenter.exe => No File
FirewallRules: [UDP Query User{51FFA74C-41AF-4AFD-9717-CD431066B615}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{E5B05F47-6100-425E-9C88-1D30B89EF605}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [{78E4A945-B45A-4A37-BED7-15383524591F}] => (Block) E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe => No File
FirewallRules: [{86A0ED8E-83A3-47CF-B488-81F9F05DAB33}] => (Block) E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe => No File
FirewallRules: [UDP Query User{181DE4C8-ED68-4DBF-8B9F-CEA845BB7C1A}E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe => No File
FirewallRules: [TCP Query User{E1830725-7E7F-450B-95B9-DD5540195382}E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe] => (Allow) E:\mygames\armored warfare mycom\bin64\armoredwarfare.exe => No File
FirewallRules: [{6E964043-52B5-4C80-8125-50247D801CB6}] => (Block) C:\honeybot\honeybot.exe => No File
FirewallRules: [{03FFED94-8C41-48BE-B670-850C8F316E82}] => (Block) C:\honeybot\honeybot.exe => No File
FirewallRules: [UDP Query User{7F685854-7149-4337-8537-5062D9D8FD54}C:\honeybot\honeybot.exe] => (Allow) C:\honeybot\honeybot.exe => No File
FirewallRules: [TCP Query User{795CF741-DE47-4765-AB3C-1E88687D8A13}C:\honeybot\honeybot.exe] => (Allow) C:\honeybot\honeybot.exe => No File
FirewallRules: [{516CB8BC-3CF7-4628-8097-1616414597FF}] => (Block) C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [{A8C38EE1-3E8A-4DFA-A21F-23AD708DAB41}] => (Block) C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [UDP Query User{6DFF007B-79BE-4DBB-B2AB-A592057307EC}C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [TCP Query User{24E42917-3DE0-42F6-98F3-D12C21DF2969}C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\gaming rig\appdata\local\mycomgames\mycomgames.exe => No File
FirewallRules: [UDP Query User{1BCDA602-B07E-4AA3-ADA9-56E3A0A41BA6}E:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) E:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe => No File
FirewallRules: [TCP Query User{939E0516-F344-43CE-8FED-D3B59075FE16}E:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe] => (Allow) E:\steamlibrary\steamapps\common\empyrion - galactic survival\empyrion.exe => No File
FirewallRules: [{5A38482C-09A4-4893-98AB-C2967C5AFDF3}] => (Block) E:\steamlibrary\steamapps\common\just survive\h1z1.exe => No File
FirewallRules: [{4C288CB9-16A5-483B-BFB6-C64E60B41521}] => (Block) E:\steamlibrary\steamapps\common\just survive\h1z1.exe => No File
FirewallRules: [UDP Query User{F94C7231-32C9-4598-82F9-9626E0E32B0C}E:\steamlibrary\steamapps\common\just survive\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\just survive\h1z1.exe => No File
FirewallRules: [TCP Query User{85A13817-066F-45EE-BBDA-66BEFBBEEED8}E:\steamlibrary\steamapps\common\just survive\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\just survive\h1z1.exe => No File
FirewallRules: [{BEED65B3-9164-47F6-8C72-02FE857DFF02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E3104AF4-3D1F-4A41-8645-CDB0E7DEA1B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{878D7565-B722-4119-B0B1-6444FA5130DC}E:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [UDP Query User{9FD476CA-E59A-4342-B3B8-159472455764}E:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\steamlibrary\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [TCP Query User{3B511BCD-6436-47E8-A871-7AD4EEEA57BC}E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe] => (Allow) E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe => No File
FirewallRules: [UDP Query User{BE1D3B67-2D76-4FBA-88B1-25C8877B269D}E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe] => (Allow) E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe => No File
FirewallRules: [TCP Query User{A80B7E42-D375-426D-B03A-7FCD69B0FE08}E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe] => (Allow) E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe => No File
FirewallRules: [UDP Query User{D28D8762-42FA-47BF-8E1B-2327F1806F90}E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe] => (Allow) E:\steamlibrary\steamapps\common\scum\scum\binaries\win64\scum.exe => No File
FirewallRules: [TCP Query User{55A61785-C276-454B-8259-11CE1FF935E5}E:\steamlibrary\steamapps\common\breathedge\breathedge\binaries\win64\breathedge.exe] => (Allow) E:\steamlibrary\steamapps\common\breathedge\breathedge\binaries\win64\breathedge.exe => No File
FirewallRules: [UDP Query User{9147CB73-8933-4CBD-A983-E5A8E8E70B18}E:\steamlibrary\steamapps\common\breathedge\breathedge\binaries\win64\breathedge.exe] => (Allow) E:\steamlibrary\steamapps\common\breathedge\breathedge\binaries\win64\breathedge.exe => No File
FirewallRules: [TCP Query User{9E2D165F-E850-4F20-85DC-039CAF64358F}C:\users\gaming rig\appdata\local\logmein rescue applet\lmir0fb1a001.tmp\lmi_rescue.exe] => (Allow) C:\users\gaming rig\appdata\local\logmein rescue applet\lmir0fb1a001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{C58DFB48-C07E-4870-9D7B-696A7DE63035}C:\users\gaming rig\appdata\local\logmein rescue applet\lmir0fb1a001.tmp\lmi_rescue.exe] => (Allow) C:\users\gaming rig\appdata\local\logmein rescue applet\lmir0fb1a001.tmp\lmi_rescue.exe => No File
FirewallRules: [TCP Query User{08DEA6E3-CD82-4099-B829-B7CD4874D9E7}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{5610B36E-40BF-4810-B4AB-C60D1F364465}C:\program files (x86)\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\destiny 2\destiny2.exe => No File
FirewallRules: [{788363AD-EF7C-4E5F-B9A8-4BCFC27FA331}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe => No File
FirewallRules: [{AEB228D6-CF24-4A5E-95C2-B6C8CC495658}] => (Block) C:\program files (x86)\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{EAABE612-8DFD-4A9F-B499-1D084E61A14E}C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe => No File
FirewallRules: [UDP Query User{4AC5C7D0-C312-4174-B803-318294E96EB0}C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe] => (Allow) C:\program files (x86)\bethesda.net launcher\games\fallout76\fallout76.exe => No File
FirewallRules: [TCP Query User{AF4C60F5-925A-49A6-8493-D36EDEE50B2A}E:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7B86F141-CB1C-45B2-A0B3-89AB8FBFBF4F}E:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe => No File
FirewallRules: [{D322734A-D3DC-4FAD-A918-EEC94004F5B2}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{6B40357B-8AD3-48E9-AAD3-47CB73FF5807}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{33473595-659E-4BBE-85F7-4B80546F6D4D}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{E3A7764E-86B6-4D7F-8ED4-0D3C73B44B7E}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{B6C09082-012D-4A13-90F5-464FF4EA1B3B}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{0B66EA85-EAA5-4EC8-8374-59978905C6A6}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{0A8D4391-B7E5-4A4E-A52F-6D5CEC1A003D}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{BCE10E4B-50C9-4E45-9553-C346E44CFABD}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{46A5B2FB-2579-4AE2-AA99-5C84112194D9}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{884AC4E3-09DA-4DB6-8D95-362045B7624A}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{FD61B69C-454F-498C-8F9E-4833A8A2B249}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{51F2A8C2-4DED-43C6-BC4E-6BA43AC3D973}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{93DEE352-F955-4617-96ED-867BBDCE85E2}] => (Allow) E:\SteamLibrary\steamapps\common\Miscreated\Bin64\Miscreated.exe => No File
FirewallRules: [{20AA0989-40E8-4B2D-92A8-B109D7CE7B9C}] => (Allow) E:\SteamLibrary\steamapps\common\Miscreated\Bin64\Miscreated.exe => No File
FirewallRules: [{C3BC2B66-1C6A-4B73-B720-21DD55A37788}] => (Allow) E:\SteamLibrary\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll => No File
FirewallRules: [{894FECAD-EE87-4C30-9E70-8B4922F1595E}] => (Allow) E:\SteamLibrary\steamapps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll => No File
FirewallRules: [TCP Query User{D7A7F1DA-19B1-405E-8090-97616003C203}E:\wizardsofthecoast\mtgarena\mtga.exe] => (Allow) E:\wizardsofthecoast\mtgarena\mtga.exe => No File
FirewallRules: [UDP Query User{11BB3A39-330D-4567-B05D-AA271C51C831}E:\wizardsofthecoast\mtgarena\mtga.exe] => (Allow) E:\wizardsofthecoast\mtgarena\mtga.exe => No File
FirewallRules: [{8167D36E-99FC-42B1-B825-BB617C43122E}] => (Block) E:\wizardsofthecoast\mtgarena\mtga.exe => No File
FirewallRules: [{BAF6EF6F-C0B0-4CE0-88F2-508D2DCF2D65}] => (Block) E:\wizardsofthecoast\mtgarena\mtga.exe => No File
FirewallRules: [TCP Query User{5CDAF4DE-5E43-427D-9F9E-C5521099AEC9}C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [UDP Query User{DDEB95E8-722F-4620-BADC-CA709D62E505}C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [TCP Query User{CB8E3F13-BBF4-4BFA-95E4-32B574A71861}E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3B392D1D-3612-45CB-8019-E0970B971627}E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe => No File
FirewallRules: [{2ADED551-50E6-4190-AA7F-447F2E3919B2}] => (Block) E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe => No File
FirewallRules: [{08068A89-483C-486F-BBCE-54D65608B131}] => (Block) E:\steamlibrary\steamapps\common\outlaws of the old west\outlaws\binaries\win64\outlaws-win64-shipping.exe => No File
FirewallRules: [TCP Query User{62F461DA-DCB8-43FB-B2C4-D69091F0DDF8}E:\steamlibrary\steamapps\common\armored warfare\gamecenter\gamecenter.exe] => (Allow) E:\steamlibrary\steamapps\common\armored warfare\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{85194AFD-3C0B-4946-B121-7722EA4502CD}E:\steamlibrary\steamapps\common\armored warfare\gamecenter\gamecenter.exe] => (Allow) E:\steamlibrary\steamapps\common\armored warfare\gamecenter\gamecenter.exe => No File
FirewallRules: [TCP Query User{F14C6EF3-EEF2-4FA1-B352-55B588BC8DBE}E:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) E:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [UDP Query User{32C2F661-DD3B-4E55-972E-01DB3D9C4F45}E:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) E:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe => No File
FirewallRules: [TCP Query User{D52A565B-83EF-44EE-8420-F88FD28BEC79}E:\mygames\mtga\mtga.exe] => (Allow) E:\mygames\mtga\mtga.exe => No File
FirewallRules: [UDP Query User{8EEA7DAF-C47C-4976-9830-CBB83FA3B1DF}E:\mygames\mtga\mtga.exe] => (Allow) E:\mygames\mtga\mtga.exe => No File
FirewallRules: [{B5D8C21B-9E05-4230-A50D-8AF302775F78}] => (Block) E:\mygames\mtga\mtga.exe => No File
FirewallRules: [{DE1B0185-6912-4DFE-B33E-49631B90887C}] => (Block) E:\mygames\mtga\mtga.exe => No File
FirewallRules: [TCP Query User{55E0129A-A765-4CED-8022-B7496640DB1C}E:\steamlibrary\steamapps\common\xera\xera\binaries\win64\xera-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\xera\xera\binaries\win64\xera-win64-shipping.exe (Spotted Kiwi Interactive) [File not signed]
FirewallRules: [UDP Query User{907FD2E7-8DE7-4A1F-8A20-EA2E95EA37B9}E:\steamlibrary\steamapps\common\xera\xera\binaries\win64\xera-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\xera\xera\binaries\win64\xera-win64-shipping.exe (Spotted Kiwi Interactive) [File not signed]
FirewallRules: [TCP Query User{7B8ECFAF-39C9-404B-AC02-E49D34069A06}C:\users\gaming rig\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\gaming rig\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{BBF36B20-3F02-4BAD-A9BD-94765A4FBF5A}C:\users\gaming rig\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\gaming rig\appdata\local\discord\app-1.0.9004\discord.exe => No File
EmptyTemp:
CMD: ipconfig /flushdns

  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25697
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan, not sure which one, MB is popping up every minut

Unread postby bfvmg » November 3rd, 2022, 11:34 am

Hi Gary,
Due to the large amount of leftover files I see that I have, and based on your assessment that there was no obvious malware running, I decided to simply reset my PC.
So far, no Malwarebytes Popups with something trying to contact a malicious site, no malware that MB could find, so I think I am in the clear right now.

FYI, I teach Cybersecurity for Purdue University, that is why I have honeybot, wireshark, and some other "C|EH" apps on my PC.
This goes to prove that even professionals, if they are rushed and distracted, can make mistakes and do stupid stuff!

Thank you for your assistance. It is much appreciated!
User avatar
bfvmg
Active Member
 
Posts: 14
Joined: March 15th, 2009, 11:00 pm

Re: Trojan, not sure which one, MB is popping up every minut

Unread postby Gary R » November 3rd, 2022, 1:20 pm

You're welcome.

Glad we could help.

As things appear to be resolved, I'll now close this topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25697
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware