I was distracted and accidently installed a fake teamviewer and got a trojan. I ran MB and it removed 6 infected files, but now I keep getting a Malwarebytes popup that states a Potential threat blocked, outbound connection, to a known malicious. Actual it has been to several different sites/IP addresses now. I can post those if you want, but I looked it up and its a Russian site. Every pop up says it Windows explorer dot exe that is attempting to make the connection.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02
Ran by bfvmg (administrator) on LARRYGDESKTOP (02-11-2022 12:27:12)
Running from C:\Users\Gaming Rig\Downloads
Loaded Profiles: Gaming Rig & bfvmg
Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Private Internet Access\pia-service.exe ->) (Private Internet Access, Inc. -> The OpenVPN Project) C:\Program Files\Private Internet Access\pia-openvpn.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(E:\Dropbox\keepassportable\KeePassPortable.exe ->) (Dominik Reichl) [File not signed] E:\Dropbox\keepassportable\App\keepass\KeePass.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Private Internet Access, Inc. -> Private Internet Access Incorporated) C:\Program Files\Private Internet Access\pia-client.exe
(explorer.exe ->) (Rare Ideas, LLC -> PortableApps.com) E:\Dropbox\keepassportable\KeePassPortable.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe
(services.exe ->) (Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Private Internet Access, Inc. -> ) C:\Program Files\Private Internet Access\pia-service.exe
(svchost.exe ->) (0) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (0) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6957520 2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11209952 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1067528 2022-07-26] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 49CBE933151872E17C8EAE7F0ABA97FB610F6477 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: 9B74964506C7ED9138070D08D5F8B969866560C8 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\ DisallowedCertificates: AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9 (U)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [Private Internet Access] => C:\Program Files\Private Internet Access\pia-client.exe [5158848 2022-04-04] (Private Internet Access, Inc. -> Private Internet Access Incorporated)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13668840 2022-10-12] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\...\Run: [StopDesktop] => cmd /c start C:\Users\GAMING~1\StopDesktop.lnk -ep unrestricted -file C:\Users\GAMING~1\ToolPack.ps1 (No File) <==== ATTENTION
HKU\S-1-5-21-1194324949-2680677275-2362750293-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1194324949-2680677275-2362750293-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 1
HKLM\...\Windows x64\Print Processors\Canon MG2900 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCB.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-04-07] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\WINDOWS\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-02] (Google LLC -> Google LLC)
BootExecute: autocheck autochk *
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {19269DDC-1B48-4B31-9DE4-8EE7C68875B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-07] (Google Inc -> Google Inc.)
Task: {1DAA26B7-11AD-4944-943D-B6514A3974D9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {217EF46A-EF9F-4DFE-9858-D85DF39DBE29} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {25029949-D923-44DB-8703-7BA5AB505463} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {290B844D-4C77-4758-8D1E-6E563D8ECCCC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {350F38B1-60E5-4710-BE45-AAC258DB350E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {65C23062-46B9-42CA-AE43-00220E6BB023} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D0F0406-9387-4921-828B-AF393A49DAC1} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {6EA36273-61B5-46A5-8885-6EB293DF795C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {75C87FBA-121F-482D-B790-041EDF898641} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {77864F3C-9D13-4581-BF08-B83D0DB21FDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-07] (Google Inc -> Google Inc.)
Task: {795FFCC3-7C13-4502-96F3-1E12452A9B35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AB6984A-59A4-4DBF-A681-4D44D5BDB8C1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {80B28A30-B6BE-4649-8A5C-79E04F970EF8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {95B783B9-F60B-4B0D-A95E-42F94C2B16DA} - System32\Tasks\DropboxUpdateTaskMachineCore1d557d9b57b3d33 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {979CA967-685E-4F50-BAC6-4C74FFA992A6} - System32\Tasks\DropboxUpdateTaskMachineUA1d557d9b584db26 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A33393DB-4508-4B88-A3D0-4495635CAD81} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A9CB30F7-A058-4E2F-82ED-591A3115F703} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BB9414F3-AE3A-43C5-B887-24C98F1FFB01} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe --startup (No File)
Task: {BD06E9B0-2B4F-4B62-A750-D01B8CB7B25A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C061CB52-E64C-4925-BE4B-CB50B0BD94AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C1B161CD-0C2D-48D4-B9B2-36016834236A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {D711F53F-A217-4B76-9161-B9B5D8ECB96A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3A194CA-4038-402A-8EB3-322A420864B1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4166064 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E46E26F3-14BE-4914-B2DA-CE7E33AF3EF1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EEF094B4-12C8-4D38-869A-80A0E04A2CE3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F80E0379-29C5-4111-83F6-13D4F692E903} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d557d9b57b3d33.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d557d9b584db26.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{14e346d2-01e8-4920-82a8-d20a04213961}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{14e346d2-01e8-4920-82a8-d20a04213961}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9033b1a2-3d2b-4ecb-8656-ac02f1133a37}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{b35b1497-c300-4231-bab0-7b9bf6322769}: [DhcpNameServer] 10.0.0.243
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\bfvmg\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-02]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-07-26] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default [2019-09-07]
CHR Extension: (Slides) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-01]
CHR Extension: (Docs) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-01]
CHR Extension: (Google Drive) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-01]
CHR Extension: (YouTube) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-01]
CHR Extension: (Adobe Acrobat) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-07]
CHR Extension: (Sheets) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-01]
CHR Extension: (Gmail) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\bfvmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923656 2022-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8356816 2018-12-13] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2022-10-28] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-05-31] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.207.1002.0003\FileSyncHelper.exe [3475888 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2131432 2022-10-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-09-05] (GOG Sp. z o.o. -> GOG.com)
R2 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [875392 2022-01-21] (Glarysoft LTD -> Glarysoft Ltd)
R2 GUPMService; C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe [65408 2022-01-21] (Glarysoft LTD -> Glarysoft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.207.1002.0003\OneDriveUpdaterService.exe [3840944 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1254368 2022-04-04] (Private Internet Access, Inc. -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4452184 2022-04-04] (Private Internet Access, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [30720 2022-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193992 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-11-02] (Malwarebytes Inc. -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Identiv)
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-11-20] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-11-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469280 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-11-02 12:18 - 2022-11-02 12:18 - 000069313 _____ C:\Users\Gaming Rig\Desktop\Addition.txt
2022-11-02 12:07 - 2022-11-02 12:07 - 000038656 _____ C:\Users\Gaming Rig\Desktop\FRST.txt
2022-11-02 11:46 - 2022-11-02 12:28 - 000029233 _____ C:\Users\Gaming Rig\Downloads\FRST.txt
2022-11-02 11:46 - 2022-11-02 12:27 - 000000000 ____D C:\FRST
2022-11-02 11:45 - 2022-11-02 11:45 - 002374144 _____ (Farbar) C:\Users\Gaming Rig\Downloads\FRST64.exe
2022-11-02 11:20 - 2022-11-02 11:20 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\mbam
2022-11-02 11:18 - 2022-11-02 11:18 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000193992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-11-02 11:18 - 2022-11-02 11:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-11-02 11:18 - 2022-11-02 11:18 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-11-02 11:18 - 2022-11-02 11:17 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-11-02 11:17 - 2022-11-02 11:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-11-02 11:17 - 2022-11-02 11:17 - 000000000 ____D C:\Program Files\Malwarebytes
2022-11-02 09:49 - 2022-11-02 09:49 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Microsoft_Corporation
2022-11-02 09:40 - 2022-11-02 09:40 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\DropboxElectron
2022-11-02 09:40 - 2022-11-02 09:40 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\com.adobe.dunamis
2022-11-02 09:32 - 2022-11-02 09:35 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\gnupg
2022-11-02 09:32 - 2022-11-02 09:32 - 000000000 ____D C:\ProgramData\GNU
2022-11-02 09:31 - 2022-11-02 09:33 - 000252928 _____ (M2-Team) C:\Users\bfvmg\AppData\Roaming\Nsudo.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 030585424 _____ (g10 Code GmbH) C:\Users\bfvmg\AppData\Roaming\gpg4win-2.2.5.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 000167086 _____ C:\Users\bfvmg\AppData\Roaming\p107skw.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 000033410 _____ C:\Users\bfvmg\AppData\Roaming\djwndd.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 000000000 ____D C:\Program Files (x86)\GNU
2022-11-02 09:30 - 2022-11-02 09:35 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Installingi
2022-11-02 09:30 - 2022-11-02 09:30 - 000057408 _____ (NirSoft) C:\Users\Gaming Rig\AppData\Roaming\nircmd.exe
2022-11-02 09:30 - 2022-11-02 09:30 - 000009667 _____ C:\Users\bfvmg\AppData\Roaming\io.ps1
2022-11-02 09:30 - 2022-11-02 09:30 - 000004795 _____ C:\Users\Gaming Rig\AppData\Roaming\requestadmin.bat
2022-11-02 09:30 - 2022-11-02 09:30 - 000001732 _____ C:\Users\Gaming Rig\AppData\Roaming\user.ps1
2022-11-02 09:30 - 2022-11-02 09:30 - 000001155 _____ C:\Users\Gaming Rig\AppData\Roaming\newtest.bat
2022-11-02 09:27 - 2022-11-02 09:27 - 000000000 ____H C:\Users\Gaming Rig\Documents\Default.rdp
2022-10-31 16:20 - 2022-10-31 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2022-10-28 00:25 - 2022-10-28 00:25 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-10-18 15:40 - 2022-10-24 16:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1002
2022-10-18 15:40 - 2022-10-24 16:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1194324949-2680677275-2362750293-1001
2022-10-18 15:40 - 2022-10-24 16:13 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-10-17 14:08 - 2022-10-24 16:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-10-17 14:08 - 2022-10-24 16:13 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-17 14:08 - 2022-10-17 14:08 - 000000000 ___RD C:\Users\Default\OneDrive
2022-10-17 14:07 - 2022-10-17 14:07 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-10-17 14:06 - 2022-10-17 14:06 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-10-17 14:06 - 2022-10-17 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-17 14:02 - 2022-11-02 09:37 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-17 14:02 - 2022-10-17 14:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-14 01:32 - 2022-10-23 13:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2022-10-14 01:32 - 2022-10-23 13:48 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-14 01:32 - 2022-10-23 13:48 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-12 03:07 - 2022-10-12 03:07 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 03:07 - 2022-10-12 03:07 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-12 03:07 - 2022-10-12 03:07 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 03:06 - 2022-10-12 03:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-12 03:06 - 2022-10-12 03:06 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 03:00 - 2022-10-12 03:00 - 000000000 ___HD C:\$WinREAgent
2022-10-11 10:16 - 2022-10-11 10:16 - 000002393 _____ C:\Users\Gaming Rig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-10-11 10:16 - 2022-10-11 10:16 - 000000000 ____D C:\Users\Gaming Rig\AppData\Roaming\Teams
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-11-02 12:26 - 2017-09-07 19:00 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-02 12:25 - 2017-09-07 19:21 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-02 12:02 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-02 11:30 - 2018-12-13 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-11-02 11:30 - 2018-12-13 09:46 - 000000000 ____D C:\Program Files (x86)\Java
2022-11-02 11:29 - 2018-12-13 09:46 - 000168096 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2022-11-02 11:25 - 2022-01-27 08:51 - 000000000 ____D C:\Users\Gaming Rig
2022-11-02 11:18 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-02 10:57 - 2022-01-27 09:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-02 09:54 - 2022-01-27 09:32 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-02 09:54 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-02 09:48 - 2022-08-17 19:55 - 000000000 ____D C:\Users\Gaming Rig\AppData\Roaming\DropboxElectron
2022-11-02 09:48 - 2022-06-09 11:51 - 000000000 ___RD C:\Users\Gaming Rig\Creative Cloud Files
2022-11-02 09:48 - 2019-02-02 14:08 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\CrashDumps
2022-11-02 09:48 - 2017-09-09 07:23 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Dropbox
2022-11-02 09:47 - 2022-01-27 09:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-02 09:47 - 2022-01-27 09:21 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-02 09:47 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-02 09:47 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-02 09:46 - 2022-08-30 12:00 - 000000000 ____D C:\Program Files\HID Global
2022-11-02 09:46 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Registration
2022-11-02 09:40 - 2022-06-09 11:45 - 000000000 ____D C:\Users\bfvmg\AppData\Roaming\Adobe
2022-11-02 09:40 - 2022-06-09 11:41 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Adobe
2022-11-02 09:40 - 2018-11-16 19:52 - 000000000 ____D C:\Users\bfvmg\AppData\Local\D3DSCache
2022-11-02 09:40 - 2018-06-01 22:39 - 000000000 ____D C:\Users\bfvmg\AppData\Local\PlaceholderTileLogoFolder
2022-11-02 09:40 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Packages
2022-11-02 09:40 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\Dropbox
2022-11-02 09:38 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-02 09:38 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-02 09:37 - 2022-01-27 09:21 - 000447992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-02 09:37 - 2018-06-01 22:38 - 000002336 _____ C:\Users\bfvmg\Desktop\Google Chrome.lnk
2022-11-02 09:37 - 2018-06-01 22:38 - 000000000 ___RD C:\Users\bfvmg\3D Objects
2022-11-02 09:37 - 2018-06-01 22:38 - 000000000 ____D C:\Users\bfvmg\AppData\Local\ConnectedDevicesPlatform
2022-11-02 09:37 - 2017-09-07 18:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-02 02:27 - 2017-09-07 19:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-02 01:20 - 2022-09-09 10:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-01 06:33 - 2018-02-13 20:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-31 16:21 - 2017-09-09 07:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-10-29 20:32 - 2022-01-27 09:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-29 20:32 - 2022-01-27 09:21 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-23 13:48 - 2022-01-27 09:31 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-20 05:58 - 2019-08-22 02:54 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\PlaceholderTileLogoFolder
2022-10-19 13:27 - 2017-11-17 19:39 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\Packages
2022-10-17 14:07 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-14 17:25 - 2022-01-27 14:47 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-14 17:25 - 2022-01-27 14:47 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d813929e4cc512
2022-10-12 03:46 - 2019-03-10 10:30 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2022-10-12 03:45 - 2018-05-21 20:37 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\D3DSCache
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-12 03:43 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-12 03:10 - 2019-12-07 03:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 03:10 - 2019-12-07 03:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 03:10 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 03:06 - 2022-01-27 09:23 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 02:59 - 2017-09-07 22:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 02:56 - 2017-09-07 22:00 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 10:16 - 2018-04-04 21:38 - 000000000 ____D C:\Users\Gaming Rig\AppData\Local\SquirrelTemp
==================== Files in the root of some directories ========
2022-09-05 14:30 - 2022-09-05 14:30 - 001106998 _____ (SQLite Development Team) C:\ProgramData\sqlite3.dll
2022-11-02 09:31 - 2022-11-02 09:31 - 000033410 _____ () C:\Users\bfvmg\AppData\Roaming\djwndd.exe.gpg
2022-11-02 09:31 - 2022-11-02 09:31 - 030585424 _____ (g10 Code GmbH) C:\Users\bfvmg\AppData\Roaming\gpg4win-2.2.5.exe
2022-11-02 09:30 - 2022-11-02 09:30 - 000009667 _____ () C:\Users\bfvmg\AppData\Roaming\io.ps1
2022-11-02 09:31 - 2022-11-02 09:33 - 000252928 _____ (M2-Team) C:\Users\bfvmg\AppData\Roaming\Nsudo.exe
2022-11-02 09:31 - 2022-11-02 09:31 - 000167086 _____ () C:\Users\bfvmg\AppData\Roaming\p107skw.exe.gpg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
==================== End of Addition.txt =======================