Solved My mail keeps reopening itself...

DarkFurion

Posts: 9   +0
It seems I got a virus that keep opening my mail program on windows 10.I tried scaning with malwarebytes but it didnt find anything.If I disable Mail than Google Chrome is the one opened.So new tabs are open then and there and is very annoying.
 
Welcome aboard
file.php


Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by anduc (administrator) on DESKTOP-NC4FND6 (Gigabyte Technology Co., Ltd. H67A-USB3-B3) (01-05-2019 11:13:37)
Running from C:\Users\anduc\Desktop
Loaded Profiles: anduc (Available Profiles: anduc)
Platform: Windows 10 Home Version 1809 17763.107 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.731.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\anduc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3286981972-3961765893-2546697801-1001\...\Run: [Discord] => C:\Users\anduc\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3286981972-3961765893-2546697801-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-17] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\Installer\chrmstp.exe [2019-05-01] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {DB624EA0-7C57-45A6-BBB0-385E4388F862} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-01] (Google Inc -> Google LLC)
Task: {E53EFF6F-9596-4AA3-B218-6004BC3B132E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-01] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 95.77.94.88 78.96.7.88
Tcpip\..\Interfaces\{3f37376d-0ceb-44a7-b889-2b94b2b1b416}: [DhcpNameServer] 95.77.94.88 78.96.7.88

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-01] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-01] (Google Inc -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default [2019-05-01]
CHR Extension: (Prezentări) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-01]
CHR Extension: (Documente) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-01]
CHR Extension: (Disc Google) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-01]
CHR Extension: (YouTube) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-01]
CHR Extension: (Foi de calcul) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-01]
CHR Extension: (Documente Google Offline) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-01]
CHR Extension: (AdBlock) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-01]
CHR Extension: (PlățI prin Magazinul web Chrome) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-01]
CHR Extension: (Gmail) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\anduc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3830488 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-05-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-04-30] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 11:13 - 2019-05-01 11:14 - 000012474 _____ C:\Users\anduc\Desktop\FRST.txt
2019-05-01 11:13 - 2019-05-01 11:13 - 000000000 ____D C:\Users\anduc\Desktop\FRST-OlderVersion
2019-05-01 11:13 - 2019-05-01 11:13 - 000000000 ____D C:\FRST
2019-05-01 11:12 - 2019-05-01 11:13 - 002429952 _____ (Farbar) C:\Users\anduc\Desktop\FRST64.exe
2019-05-01 11:02 - 2019-05-01 11:02 - 000000000 ___HD C:\OneDriveTemp
2019-05-01 06:40 - 2019-05-01 06:40 - 000000000 ____D C:\AdwCleaner
2019-05-01 06:25 - 2019-05-01 06:25 - 000008192 __RSH C:\BOOTSECT.BAK
2019-05-01 06:25 - 2019-05-01 05:28 - 000000000 ____D C:\Windows\Panther
2019-05-01 06:25 - 2018-10-30 01:39 - 000408074 __RSH C:\bootmgr
2019-05-01 06:25 - 2018-09-15 10:28 - 000000001 ___SH C:\BOOTNXT
2019-05-01 06:04 - 2019-05-01 11:05 - 000000000 ____D C:\Users\anduc\AppData\Local\Ubisoft Game Launcher
2019-05-01 06:04 - 2019-05-01 06:04 - 000001278 _____ C:\Users\anduc\Desktop\Uplay.lnk
2019-05-01 06:04 - 2019-05-01 06:04 - 000000000 ____D C:\Users\anduc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2019-05-01 06:03 - 2019-05-01 06:03 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2019-05-01 06:00 - 2019-05-01 06:00 - 000000000 ____D C:\Users\anduc\AppData\Local\Steam
2019-05-01 06:00 - 2019-05-01 06:00 - 000000000 ____D C:\Users\anduc\AppData\Local\CEF
2019-05-01 05:58 - 2019-05-01 11:02 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-01 05:58 - 2019-05-01 05:58 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2019-05-01 05:58 - 2019-05-01 05:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-05-01 05:53 - 2019-05-01 06:01 - 000000000 ____D C:\ProgramData\Packages
2019-05-01 05:52 - 2019-05-01 05:52 - 000000000 ____D C:\Users\anduc\AppData\Roaming\Google
2019-05-01 05:51 - 2019-05-01 06:04 - 000000000 ____D C:\Users\anduc\AppData\Local\Google
2019-05-01 05:51 - 2019-05-01 05:51 - 000003626 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-01 05:51 - 2019-05-01 05:51 - 000003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-01 05:51 - 2019-05-01 05:51 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-01 05:51 - 2019-05-01 05:51 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-01 05:51 - 2019-05-01 05:51 - 000000000 ____D C:\Program Files (x86)\Google
2019-05-01 05:48 - 2019-04-30 21:41 - 000000000 ____D C:\Users\anduc\AppData\Local\D3DSCache
2019-05-01 05:43 - 2019-05-01 05:43 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-01 05:43 - 2019-05-01 05:43 - 000000000 ____D C:\Users\anduc\AppData\Local\mbam
2019-05-01 05:42 - 2019-05-01 05:42 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-01 05:42 - 2019-05-01 05:42 - 000000000 ____D C:\Users\anduc\AppData\Local\mbamtray
2019-05-01 05:42 - 2019-05-01 05:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-01 05:42 - 2019-05-01 05:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-01 05:42 - 2019-05-01 05:42 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-01 05:42 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-05-01 05:42 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-01 05:40 - 2019-05-01 05:40 - 000000000 ____D C:\Users\anduc\AppData\Local\OneDrive
2019-05-01 05:39 - 2019-04-30 21:34 - 000000000 ____D C:\Users\anduc\AppData\Local\PlaceholderTileLogoFolder
2019-05-01 05:38 - 2019-05-01 05:38 - 000002237 _____ C:\Users\anduc\Desktop\Discord.lnk
2019-05-01 05:38 - 2019-05-01 05:38 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2019-05-01 05:38 - 2019-05-01 05:38 - 000000000 ____D C:\Users\anduc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-05-01 05:38 - 2019-05-01 05:38 - 000000000 ____D C:\Users\anduc\AppData\Local\SquirrelTemp
2019-05-01 05:38 - 2019-05-01 05:38 - 000000000 ____D C:\Users\anduc\AppData\Local\Discord
2019-05-01 05:38 - 2019-05-01 05:38 - 000000000 ____D C:\Users\anduc\AppData\Local\Comms
2019-05-01 05:38 - 2019-05-01 05:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-05-01 05:38 - 2019-04-30 22:29 - 000000000 ____D C:\Users\anduc\AppData\Roaming\Discord
2019-05-01 05:37 - 2019-05-01 11:02 - 000000000 ___RD C:\Users\anduc\OneDrive
2019-05-01 05:37 - 2019-05-01 05:38 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3286981972-3961765893-2546697801-1001
2019-05-01 05:37 - 2019-05-01 05:37 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-05-01 05:37 - 2019-05-01 05:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-05-01 05:37 - 2019-04-30 23:46 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-01 05:37 - 2019-04-30 22:34 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-01 05:37 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-05-01 05:37 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-05-01 05:37 - 2017-10-27 19:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-05-01 05:37 - 2017-10-27 19:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-05-01 05:37 - 2017-10-27 19:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-05-01 05:37 - 2017-10-27 19:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2019-05-01 05:37 - 2017-10-25 13:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2019-05-01 05:37 - 2017-09-14 02:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-05-01 05:37 - 2017-09-14 02:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-05-01 05:37 - 2017-09-14 02:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2019-05-01 05:37 - 2017-09-14 02:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2019-05-01 05:36 - 2019-05-01 05:38 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-05-01 05:36 - 2019-05-01 05:38 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-05-01 05:36 - 2019-05-01 05:37 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-05-01 05:36 - 2019-05-01 05:36 - 000001446 _____ C:\Users\anduc\Desktop\Microsoft Edge.lnk
2019-05-01 05:36 - 2019-05-01 05:36 - 000000000 ___HD C:\Users\anduc\MicrosoftEdgeBackups
2019-05-01 05:35 - 2019-05-01 06:41 - 000000000 ____D C:\Users\anduc\AppData\Local\ConnectedDevicesPlatform
2019-05-01 05:35 - 2019-05-01 06:11 - 000000000 ____D C:\Users\anduc\AppData\Local\Publishers
2019-05-01 05:35 - 2019-05-01 05:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-05-01 05:35 - 2019-05-01 05:35 - 000000000 ___RD C:\Users\anduc\3D Objects
2019-05-01 05:35 - 2019-05-01 05:35 - 000000000 ____D C:\Users\anduc\AppData\Roaming\Adobe
2019-05-01 05:35 - 2019-05-01 05:35 - 000000000 ____D C:\Users\anduc\AppData\Local\VirtualStore
2019-05-01 05:35 - 2019-05-01 05:35 - 000000000 ____D C:\Users\anduc\AppData\Local\MicrosoftEdge
2019-05-01 05:35 - 2019-04-30 22:35 - 000000000 ____D C:\Users\anduc\AppData\Local\Packages
2019-05-01 05:34 - 2019-05-01 05:38 - 000002367 _____ C:\Users\anduc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-01 05:34 - 2019-05-01 05:34 - 000000020 ___SH C:\Users\anduc\ntuser.ini
2019-05-01 05:34 - 2019-04-30 22:21 - 000000000 ____D C:\Users\anduc
2019-05-01 05:33 - 2019-05-01 05:33 - 000000000 ____D C:\ProgramData\USOShared
2019-05-01 05:33 - 2018-09-15 10:28 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-05-01 05:31 - 2019-05-01 05:31 - 000000000 _SHDL C:\Documents and Settings
2019-05-01 05:27 - 2019-05-01 05:27 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-01 05:27 - 2019-05-01 05:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-05-01 05:27 - 2019-05-01 05:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-05-01 05:27 - 2019-05-01 05:27 - 000000000 ____D C:\Windows\ServiceProfiles
2019-05-01 05:27 - 2019-04-30 22:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-01 05:27 - 2019-04-30 21:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-04-30 22:29 - 2019-04-30 22:29 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-04-30 22:28 - 2019-04-30 22:28 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-30 22:28 - 2019-04-30 22:28 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-04-30 22:28 - 2019-04-30 22:28 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 11:05 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\appcompat
2019-05-01 11:05 - 2018-09-15 10:31 - 000000000 ____D C:\Windows\INF
2019-05-01 11:02 - 2018-09-15 10:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-01 06:25 - 2018-09-15 10:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-05-01 06:09 - 2018-09-15 10:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-01 05:53 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\ServiceState
2019-05-01 05:42 - 2018-09-15 10:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-05-01 05:37 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\Help
2019-05-01 05:34 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-05-01 05:34 - 2018-09-15 10:23 - 000000000 ____D C:\Windows\CbsTemp
2019-05-01 05:33 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\system32\spool
2019-05-01 05:33 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-05-01 05:33 - 2018-09-15 10:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-05-01 05:27 - 2018-09-15 10:33 - 000000000 ___RD C:\Windows\PrintDialog
2019-05-01 05:27 - 2018-09-15 10:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-05-01 05:27 - 2018-09-15 09:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-04-30 22:40 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\AppReadiness
2019-04-30 22:28 - 2018-09-15 09:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-04-30 21:26 - 2018-09-15 10:33 - 000000000 ____D C:\Windows\LiveKernelReports

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 
And the Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by anduc (01-05-2019 11:14:40)
Running from C:\Users\anduc\Desktop
Windows 10 Home Version 1809 17763.107 (X64) (2019-05-01 02:32:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3286981972-3961765893-2546697801-500 - Administrator - Disabled)
anduc (S-1-5-21-3286981972-3961765893-2546697801-1001 - Administrator - Enabled) => C:\Users\anduc
DefaultAccount (S-1-5-21-3286981972-3961765893-2546697801-503 - Limited - Disabled)
Guest (S-1-5-21-3286981972-3961765893-2546697801-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3286981972-3961765893-2546697801-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Discord (HKU\S-1-5-21-3286981972-3961765893-2546697801-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3286981972-3961765893-2546697801-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 86.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-05-01 05:37 - 2017-10-27 19:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-05-01 05:37 - 2017-10-27 19:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2019-04-23 14:24 - 2019-04-23 14:24 - 000043520 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libUbiCustomEvent.dll
2019-04-23 14:24 - 2019-04-23 14:24 - 086726656 _____ () [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\libcef.dll
2019-04-23 14:24 - 2019-04-23 14:24 - 000583168 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\chrome_elf.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
2019-05-01 05:42 - 2019-03-13 09:22 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 10:31 - 2018-09-15 10:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3286981972-3961765893-2546697801-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 95.77.94.88 - 78.96.7.88
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FDE410C-FB50-4950-8F41-5A17B2B570BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{6EE96DB7-D851-480B-9551-1A118BD0B08F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BD568413-7AE5-4780-82F0-53A3C1B7EB06}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DB159A44-0D8E-4D4B-9DCB-0C37239BB218}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7503344D-0EC1-413A-BDF3-72BA355276E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ECFB2D83-4E7F-498B-8E50-46D8C892C946}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{096890C3-4225-4D20-A649-A5CCC099D876}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8F883C36-DB2E-4B25-84AC-B8B31FCA8C54}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51F18829-73AE-465A-8B30-82FB1D87819A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E0D2F370-327E-4499-90B0-6388A1764A39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1283F6DD-966E-43BD-B5D3-833C3D6D5DDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35A1E751-9999-4FBE-B1E9-225F95FD6395}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5917B7BA-0AEC-4AC5-A62A-902B605CCF12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.105.152.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{603C1540-0280-41D3-8D12-744232D8DD9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{23DC71E3-9153-4AEC-8CB0-B9864D352233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )

==================== Restore Points =========================

01-05-2019 05:38:48 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2019 10:27:29 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/30/2019 10:26:04 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (05/01/2019 05:58:17 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

Error: (05/01/2019 05:33:24 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (05/01/2019 05:33:24 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (05/01/2019 11:07:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NC4FND6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-NC4FND6\anduc SID (S-1-5-21-3286981972-3961765893-2546697801-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/01/2019 11:02:57 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NC4FND6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-NC4FND6\anduc SID (S-1-5-21-3286981972-3961765893-2546697801-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 11:46:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NC4FND6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-NC4FND6\anduc SID (S-1-5-21-3286981972-3961765893-2546697801-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 10:30:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 10:30:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 10:30:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 10:29:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NC4FND6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-NC4FND6\anduc SID (S-1-5-21-3286981972-3961765893-2546697801-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/30/2019 10:29:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NC4FND6)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-NC4FND6\anduc SID (S-1-5-21-3286981972-3961765893-2546697801-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-04-30 22:21:46.406
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B5127233-2718-4777-9C5F-809DDBED860C}
Scan Type: Antimalware
Scan Parameters: Full Scan

==================== Memory info ===========================

BIOS: Award Software International, Inc. F5 03/31/2011
Motherboard: Gigabyte Technology Co., Ltd. H67A-USB3-B3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 53%
Total physical RAM: 8175.36 MB
Available physical RAM: 3826.97 MB
Total Virtual: 10095.36 MB
Available Virtual: 5266.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.03 GB) (Free:181.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:97.22 GB) (Free:97.12 GB) NTFS
Drive e: (ESD-USB) (Removable) (Total:14.86 GB) (Free:11.07 GB) FAT32
Drive f: () (Fixed) (Total:833.85 GB) (Free:833.6 GB) NTFS

\\?\Volume{7b9eb423-0000-0000-0000-f04d18000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 2770EA11)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7B9EB423)
Partition 1: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: A5552C4E)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Anti-Malware V13.1.10.0 (x64) [Apr 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : anduc [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190423_114402, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/01 12:54:31 (Duration : 00:04:25)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/1/19
Scan Time: 1:01 PM
Log File: 0702d77a-6bf8-11e9-b69b-50e54935d80b.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10410
License: Trial

-System Information-
OS: Windows 10 (Build 17763.107)
CPU: x64
File System: NTFS
User: DESKTOP-NC4FND6\anduc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 260459
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-01-2019
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [01/05/2019 06:40:20]
AdwCleaner[C00].txt - [1436 octets] - [01/05/2019 06:40:49]
AdwCleaner[S01].txt - [1372 octets] - [01/05/2019 13:03:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Nothing malicious there.
I suggest new topic in Windows forum.
Good luck!
 
Back