Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Someone got into my PC

Hacker Security breach Bank account Remote access Compromised

  • Please log in to reply

#1
Alarico

Alarico

    GeekU Junior

  • GeekU Junior
  • 340 posts
Hi,

Two days ago my missus received a phone call from someone that tricked her into believing it was our internet provider informing her of a security breach. She thought it was all legit so she installed a remote access program, then run commands through Ctrl+R, then got into her personal emails, bank account, pics of her driver license, and she even created a Crypto account. The conversation went on for an hour or so until she realized someone was moving the mouse cursor, so she got scared, shut the PC and router and called me. Instantly we temporarily closed bank accounts and changed passwords of whatever we could think of might be compromised. Our banks are requesting us now to clean our computers befor giving again online access to our accounts.

I'd appreciate heaps if you could help me out with this. Thank you very much.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2021
Ran by Pepinaso (administrator) on DESKTOP-33RB2E0 (Dell Inc. XPS 8930) (12-04-2021 10:18:13)
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\GfxDownloadWrapper.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f881c4be237ce854\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\Pepinaso\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(Scarlet.Crush Productions) [File not signed] D:\Programs\Game resources\ScpServer\ScpServer\bin\ScpService.exe
(Stefan Weil -> hxxps://www.qemu.org) [File not signed] C:\Program Files\qemu\qemu-system-x86_64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-08-26] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-12-10] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-03-31] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [MyBackupPC] => C:\Program Files (x86)\MyBackupPC\mybackuppc.exe [170791 2015-11-03] (Rerware LLC) [File not signed]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952568 2020-10-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\Windows\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E06751-826B-4603-BD40-B111718F075D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {097DCB18-DE8B-4605-A87C-28B8D4769651} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {297B47DF-E49A-4EAD-A28E-F237DBC81F24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-22] (Google Inc -> Google Inc.)
Task: {3422A22A-2D7E-4011-83A4-9156B0626128} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5A555DFB-375A-4C95-8CF9-254CEADE3076} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F8D31F7-EC27-4C38-A4CB-19839C4204FB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {682319F3-7769-41DB-9132-B964CC612804} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7A18BE1B-7552-41FC-9F49-FB48998140FA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)
Task: {7BA24C6E-4CE5-446B-A099-37AA3A06A5FA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C4B9E65-C2EA-44E5-8FBC-2C16C3DED7F5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D6387E4-DDE0-43E1-AA37-AB7192EBF84E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {823C4C9A-875E-4EEE-8455-443076FF19B2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {876CE266-1DA2-4253-AB92-70DC34351736} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9869B4C8-B4C0-48A9-A44C-066AA8F0C566} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2882408 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {A05227D4-6005-446F-99EC-C85AFE59A1E8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B053F918-9386-4DD9-8D41-0545E860295C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2250E43-8367-473C-A1A5-A0992F28D945} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B95D0D7F-ADF3-4F23-A16C-BD9730DF1580} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {BA54908D-C29B-474D-A435-B513F6A7A4EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BECDE22D-6D16-473B-926E-385B71961A08} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4E100DC-EC8B-42DC-A3CF-9859D89215C8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C77AF200-E9D6-43DF-8426-4D03F21C7706} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {D36DFF95-03F1-4746-B416-D7BA3B41E21B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E69FB258-44C1-4B80-88B3-F75E52E033D8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F161D09C-E31F-49E2-B456-1BB4A7A160FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD85BE00-DB7D-422B-A188-A23CE080DD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-22] (Google Inc -> Google Inc.)
Task: {FED27294-C628-4E9A-AB60-019ABD9C1CA1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{53770182-6d40-42ac-abb8-3d2bcdb4067c}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{54622783-9511-467c-a339-933b50c081a2}: [DhcpNameServer] 192.168.20.1 0.0.0.0

Edge:
=======
DownloadDir: C:\Users\Pepinaso\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pepinaso\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-01]
Edge DownloadDir: C:\Users\Pepinaso\Downloads
Edge StartupUrls: Default -> "hxxps://google.com.au/"

FireFox:
========
FF DefaultProfile: ua1sipfp.default
FF ProfilePath: C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default [2021-04-03]
FF DownloadDir: D:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\ua1sipfp.default -> www.google.com.au
FF Notifications: Mozilla\Firefox\Profiles\ua1sipfp.default -> hxxps://web.whatsapp.com; hxxps://theaussieenglishclassroom.com
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\@windscribeff.xpi [2021-02-26]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\[email protected] [2021-02-26] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-08]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default [2021-04-12]
CHR DownloadDir: D:\Downloads
CHR Notifications: Default -> hxxps://shop.samsung.com; hxxps://www.bootbarn.com
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-22]
CHR Extension: (Docs) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-22]
CHR Extension: (Google Drive) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2020-11-20]
CHR Extension: (Sheets) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-24]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13]
CHR Profile: C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-03-31] (Dropbox, Inc -> Dropbox, Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-03-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
R2 Ds3Service; D:\Programs\Game resources\ScpServer\ScpServer\bin\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\FileSyncHelper.exe [2233704 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73928 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775840 2020-04-16] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2663128 2020-04-16] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73928 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\OneDriveUpdaterService.exe [2602368 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [122368 2020-01-08] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [230176 2020-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73944 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73944 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [27896 2021-04-07] (WDKTestCert Amit_K_Tiwari,132158070448517957 -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-09] (Techporch Incorporated -> Dell Computer Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [187848 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-07-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-25] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc. -> Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (OOO Sfera-Tehno -> Atola) [File not signed]
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VKbms; C:\WINDOWS\System32\drivers\VKbms.sys [13312 2010-09-30] (G-SPY Co., Ltd. -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 08:31 - 2021-04-12 08:31 - 000060417 _____ C:\Users\Pepinaso\Desktop\Addition.txt
2021-04-12 08:30 - 2021-04-12 10:18 - 000031922 _____ C:\Users\Pepinaso\Desktop\FRST.txt
2021-04-12 08:27 - 2021-04-12 08:26 - 002297856 _____ (Farbar) C:\Users\Pepinaso\Desktop\FRST64.exe
2021-04-12 07:37 - 2021-04-12 07:37 - 000000000 ____D C:\Users\Pepinaso\AppData\LocalLow\Intel
2021-04-12 07:36 - 2021-04-12 08:07 - 000441760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-07 17:21 - 2021-04-07 17:21 - 000000000 ____D C:\Users\Pepinaso\Documents\Zoom
2021-04-07 16:15 - 2021-04-07 16:15 - 000027896 _____ C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-04-06 01:22 - 2021-04-06 01:22 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-04-06 01:22 - 2021-01-18 08:09 - 000161384 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-04-06 01:22 - 2021-01-18 08:09 - 000136888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 001781616 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001781616 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001377648 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001377648 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001087704 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 001087704 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000499096 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000419224 _____ C:\WINDOWS\system32\ze_loader.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000361880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000285592 _____ C:\WINDOWS\system32\igfxCPL.cpl
2021-04-06 01:22 - 2021-01-18 08:08 - 000140184 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-04-03 16:33 - 2021-04-03 16:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-02 05:11 - 2021-04-02 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-03-15 16:15 - 2021-03-15 16:15 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-03-15 16:15 - 2021-03-15 16:15 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 10:18 - 2020-01-25 08:08 - 000000000 ____D C:\FRST
2021-04-12 10:18 - 2018-11-07 09:37 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-12 10:16 - 2020-11-18 16:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-12 10:16 - 2020-07-31 08:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-12 10:16 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-12 10:16 - 2018-11-15 12:28 - 000000000 __SHD C:\Users\Pepinaso\IntelGraphicsProfiles
2021-04-12 10:16 - 2018-11-07 09:31 - 000000000 ____D C:\Intel
2021-04-12 09:52 - 2019-12-07 19:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-12 08:28 - 2020-07-31 08:37 - 001781530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-12 08:28 - 2020-07-30 20:52 - 000790712 _____ C:\WINDOWS\system32\perfh00A.dat
2021-04-12 08:28 - 2020-07-30 20:52 - 000157464 _____ C:\WINDOWS\system32\perfc00A.dat
2021-04-12 08:28 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-12 08:25 - 2019-04-06 20:08 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-04-12 08:03 - 2020-11-19 16:20 - 000000000 ____D C:\Program Files\DIFX
2021-04-12 07:58 - 2018-11-07 09:36 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-12 07:57 - 2018-11-07 09:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-12 07:55 - 2020-06-21 15:54 - 000000000 ____D C:\Enterprise19ED
2021-04-12 07:45 - 2020-05-02 12:28 - 000000000 ____D C:\Users\Pepinaso\Documents\My Digital Editions
2021-04-12 07:41 - 2018-11-15 14:34 - 000000000 ____D C:\ProgramData\Adobe
2021-04-12 07:36 - 2021-02-26 17:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-12 07:36 - 2018-11-15 12:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-08 16:22 - 2020-07-31 08:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-08 12:30 - 2020-10-25 15:08 - 000000000 ____D C:\Users\Pepinaso\AppData\Roaming\vlc
2021-04-08 05:10 - 2018-11-15 13:25 - 000000000 ____D C:\Users\Pepinaso\AppData\Local\CrashDumps
2021-04-07 22:22 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-07 22:22 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-07 15:46 - 2020-07-30 20:24 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-07 03:55 - 2018-12-08 12:55 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-03 16:33 - 2019-01-31 05:15 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-03 16:33 - 2018-11-15 12:44 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-03 16:33 - 2018-11-15 12:44 - 000000000 ____D C:\Users\Pepinaso\AppData\LocalLow\Mozilla
2021-04-03 15:45 - 2020-08-01 18:35 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 05:11 - 2018-11-17 07:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-03-31 07:01 - 2018-11-22 05:39 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-30 09:27 - 2019-02-21 08:30 - 000000000 ___RD C:\Users\larac\OneDrive
2021-03-30 09:27 - 2019-02-21 05:21 - 000000000 ____D C:\Users\larac\AppData\Local\Packages
2021-03-30 09:26 - 2019-02-21 05:21 - 000000000 __SHD C:\Users\larac\IntelGraphicsProfiles
2021-03-24 21:11 - 2020-02-21 08:32 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-03-16 09:41 - 2018-11-07 09:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-15 16:15 - 2018-11-15 12:30 - 000000000 ___RD C:\Users\Pepinaso\OneDrive
2021-03-14 14:48 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories ========

2019-06-18 11:02 - 2019-06-18 11:02 - 000535552 _____ (Dirección General de la Policía) C:\Users\Pepinaso\AppData\Local\DNIeService.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021
Ran by Pepinaso (12-04-2021 10:18:59)
Running from C:\Users\Pepinaso\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2020-07-30 22:37:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-153542611-3615973289-1248043461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-153542611-3615973289-1248043461-503 - Limited - Disabled)
Guest (S-1-5-21-153542611-3615973289-1248043461-501 - Limited - Disabled)
larac (S-1-5-21-153542611-3615973289-1248043461-1002 - Limited - Enabled) => C:\Users\larac
marco (S-1-5-21-153542611-3615973289-1248043461-1004 - Limited - Disabled)
Pepinaso (S-1-5-21-153542611-3615973289-1248043461-1001 - Administrator - Enabled) => C:\Users\Pepinaso
WDAGUtilityAccount (S-1-5-21-153542611-3615973289-1248043461-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM)
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{98962E99-9DC0-4B16-9D48-2EED1F5D117E}) (Version: 1.2.6577 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 119.4.1772 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
foobar2000 v1.5.3 (HKLM-x32\...\foobar2000) (Version: 1.5.3 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2014.14.0.1540 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.9.1040 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{754CC9DC-3DB4-4FB2-B71E-87331DB9EA17}) (Version: 7.5.4 - Intel Corporation)
Intel® Optane Pinning Explorer Extensions (HKLM\...\{EEA36044-96B5-4E2A-AC59-3FC742EEDEF4}) (Version: 17.5.9.1040 - Intel Corporation)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Killer Performance Driver Suite UWD (HKLM\...\{3138A18C-B69F-4C99-ACB7-E579DF171032}) (Version: 2.0.1175 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{D9007C95-A9B6-41FD-B6DF-B97DFFC4BE84}) (Version: 2.3.1513 - Rivet Networks)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 - es-es (HKLM\...\o365homepremretail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{2D98CD18-5754-4D94-B7E8-E6E11DAA56B1}) (Version: 13.0.811.168 - Microsoft Corporation)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Project - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Visio - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MyBackupPC from Rerware, LLC (HKLM-x32\...\MyBackupPC) (Version: - )
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.56.33908 - Electronic Arts, Inc.)
psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10518 - Qualcomm)
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version: - RAR Password Unlocker, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RescuePRO Deluxe 7.0.0.8 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 7.0.0.8 - LC Technology International, Inc.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Skype version 8.65 (HKLM-x32\...\Skype_is1) (Version: 8.65 - Skype Technologies S.A.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vysor (HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Vysor) (Version: 2.2.2 - ClockworkMod)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.60 - Waves Audio Ltd)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XnView 2.49.2 (HKLM-x32\...\XnView_is1) (Version: 2.49.2 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-07] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2 [2021-02-26] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-02-26] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-03-02] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2 [2021-02-26] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-30] (Dolby Laboratories)
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20201.255.0_x64__rz1tebttyb220 [2020-06-02] (Dolby Laboratories)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2020.4.45.0_x64__t5j2fzbtdg37r [2020-12-18] (DTS, Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-12-11] (Apple Inc.) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag [2020-08-12] (Rivet Networks LLC) [Startup Task]
Lake Baikal -> C:\Program Files\WindowsApps\Microsoft.LakeBaikal_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.33.0_x64__htrsf667h5kn2 [2021-03-30] (Dell Inc)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-26] (NVIDIA Corp.)
Panoramic Cityscapes PREMIUM -> C:\Program Files\WindowsApps\Microsoft.PanoramicCityscapesPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3224.0_x86__mcezb6ze687jp [2021-03-30] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-11-17] (CYBERLINK CORPORATION.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-153542611-3615973289-1248043461-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-153542611-3615973289-1248043461-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pepinaso\Dropbox [2018-11-17 08:01]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-10] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2019-12-12] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-10] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxDTCM.dll [2021-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2013-12-01 16:33 - 2013-12-01 16:33 - 000033792 _____ () [File not signed] c:\program files\qemu\iconv.dll
2013-12-02 19:15 - 2013-12-02 19:15 - 000071168 _____ () [File not signed] c:\program files\qemu\libbz2-1.dll
2018-02-19 19:33 - 2018-02-19 19:33 - 000891392 _____ () [File not signed] c:\program files\qemu\libcairo-2.dll
2018-02-19 19:33 - 2018-02-19 19:33 - 000033792 _____ () [File not signed] c:\program files\qemu\libcairo-gobject-2.dll
2018-03-15 06:51 - 2018-03-15 06:51 - 000528384 _____ () [File not signed] c:\program files\qemu\libcurl-4.dll
2017-09-06 12:01 - 2017-09-06 12:01 - 001472000 _____ () [File not signed] c:\program files\qemu\libepoxy-0.dll
2017-07-18 16:22 - 2017-07-18 16:22 - 000159232 _____ () [File not signed] c:\program files\qemu\libexpat-1.dll
2015-11-22 22:01 - 2015-11-22 22:01 - 000031744 _____ () [File not signed] c:\program files\qemu\libffi-6.dll
2018-02-19 19:22 - 2018-02-19 19:22 - 000276480 _____ () [File not signed] c:\program files\qemu\libfontconfig-1.dll
2018-03-19 18:06 - 2018-03-19 18:06 - 000642048 _____ () [File not signed] c:\program files\qemu\libfreetype-6.dll
2019-06-20 07:07 - 2019-06-20 07:07 - 001271779 _____ () [File not signed] c:\program files\qemu\libgcc_s_seh-1.dll
2017-02-08 12:42 - 2017-02-08 12:42 - 000553984 _____ () [File not signed] c:\program files\qemu\libgmp-10.dll
2018-03-15 14:13 - 2018-03-15 14:13 - 001287168 _____ () [File not signed] c:\program files\qemu\libgnutls-30.dll
2018-04-10 22:35 - 2018-04-10 22:35 - 000702976 _____ () [File not signed] c:\program files\qemu\libharfbuzz-0.dll
2018-03-15 15:40 - 2018-03-15 15:40 - 000170496 _____ () [File not signed] c:\program files\qemu\libhogweed-4.dll
2017-09-24 17:19 - 2017-09-24 17:19 - 000148992 _____ () [File not signed] c:\program files\qemu\libidn2-0.dll
2017-12-17 17:49 - 2017-12-17 17:49 - 000414720 _____ () [File not signed] c:\program files\qemu\libjpeg-8.dll
2014-06-30 17:01 - 2014-06-30 17:01 - 000136192 _____ () [File not signed] c:\program files\qemu\liblzo2-2.dll
2018-03-15 15:40 - 2018-03-15 15:40 - 000216576 _____ () [File not signed] c:\program files\qemu\libnettle-6.dll
2018-03-15 16:10 - 2018-03-15 16:10 - 000140800 _____ () [File not signed] c:\program files\qemu\libnghttp2-14.dll
2018-04-08 16:29 - 2018-04-08 16:29 - 001059840 _____ () [File not signed] c:\program files\qemu\libp11-kit-0.dll
2017-04-23 17:36 - 2017-04-23 17:36 - 000296960 _____ () [File not signed] c:\program files\qemu\libpcre-1.dll
2016-08-07 16:59 - 2016-08-07 16:59 - 000662016 _____ () [File not signed] c:\program files\qemu\libpixman-1-0.dll
2017-12-17 17:38 - 2017-12-17 17:38 - 000219648 _____ () [File not signed] c:\program files\qemu\libpng16-16.dll
2016-04-08 08:48 - 2016-04-08 08:48 - 000175104 _____ () [File not signed] c:\program files\qemu\libssh2-1.dll
2018-03-19 11:50 - 2018-03-19 11:50 - 000098304 _____ () [File not signed] c:\program files\qemu\libtasn1-6.dll
2015-01-29 08:48 - 2015-01-29 08:48 - 000035328 _____ () [File not signed] c:\program files\qemu\libusbredirparser-1.dll
2017-12-07 21:21 - 2017-12-07 21:21 - 000921600 _____ () [File not signed] c:\program files\qemu\SDL2.dll
2017-03-03 12:48 - 2017-03-03 12:48 - 000091136 _____ () [File not signed] c:\program files\qemu\zlib1.dll
2021-04-07 22:22 - 2021-04-07 22:22 - 022044672 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2\DellCustomerConnect.dll
2019-03-12 10:35 - 2012-06-14 16:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-10-23 11:54 - 2016-10-23 11:54 - 000132608 _____ (Free Software Foundation) [File not signed] c:\program files\qemu\libintl-8.dll
2015-11-22 21:04 - 2015-11-22 21:04 - 001829888 _____ (Free Software Foundation) [File not signed] c:\program files\qemu\libunistring-2.dll
2017-06-19 04:41 - 2017-06-19 04:41 - 000137728 _____ (libusb.info) [File not signed] c:\program files\qemu\libusb-1.0.dll
2018-11-11 10:47 - 2018-11-11 10:47 - 000592104 _____ (MingW-W64 Project. All rights reserved.) [File not signed] c:\program files\qemu\libwinpthread-1.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000284672 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpango-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000058880 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangocairo-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000079872 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangoft2-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000067072 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangowin32-1.0-0.dll
2020-08-12 19:57 - 2020-08-12 19:58 - 001774080 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\System.Data.SQLite.dll
2018-02-19 19:14 - 2018-02-19 19:14 - 000128000 _____ (Sun Microsystems Inc.) [File not signed] c:\program files\qemu\libatk-1.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 001358848 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgio-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 001105920 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libglib-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 000023040 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgmodule-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 000304128 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgobject-2.0-0.dll
2018-02-19 19:43 - 2018-02-19 19:43 - 000152576 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgdk_pixbuf-2.0-0.dll
2018-02-19 21:37 - 2018-02-19 21:37 - 001186304 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgdk-3-0.dll
2018-02-19 21:38 - 2018-02-19 21:38 - 006704128 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgtk-3-0.dll
2018-03-27 15:13 - 2018-03-27 15:13 - 002249728 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\program files\qemu\libeay32.dll
2018-03-27 15:13 - 2018-03-27 15:13 - 000400384 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\program files\qemu\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-au
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1001 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1001 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.es -> hxxp://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\fnmt.es%20,%20https -> hxxps://fnmt.es%20,%20https
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\gob.es -> hxxps://fnmt.gob.es

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 09:38 - 2019-05-06 20:04 - 000001118 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
0.0.0.0 keystone.mwbsys.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 telemetry.mwbsys.com
0.0.0.0 serius.mwbsys.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pepinaso\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "MyBackupPC"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4C497C5E-79B7-4B50-B2C9-6862FEADC3D4}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0FECC90B-8171-46A8-9B1C-86936FA38935}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{A3F9EB4A-B2DD-4820-8795-A0B7A6D3FE50}C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{70B43EA4-CEC2-4F97-8F94-F14659EE5BD5}C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{14E9F0A1-2F9F-4850-AC4D-F3A879558E6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A534E2E8-998A-4E4F-AE67-0756C8E8B1F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F297C9BE-6281-45EB-87F4-653763DC6FE2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{776C887D-9353-47BA-B302-E171804CC5E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D4706ABE-5D95-478A-8279-478FC2FE2926}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{466E0DD1-2F8B-48DF-BB01-ED64D746B5EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAFFCAAE-346E-4BBD-95EC-3E6144DB72A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20079.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32B988A9-29F9-49D7-B4E0-713AAE981854}] => (Allow) C:\Users\Pepinaso\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{67885BE0-93C9-46B0-96A0-826717085C79}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9DBE777-D09B-4EC6-9FA9-B0EFBF17F46F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A81F9C2D-9FB2-4CDC-BABA-A9E1CB079864}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{58C17C4A-3284-4556-BF79-6A711185D386}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2561B3EE-2EFB-4B26-B03F-D0D2C61387B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05BBACC2-AE42-412C-9892-9024F95DCB99}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CE2C2F1-3052-4F53-B196-A07A49E98A82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA81C066-61CA-4577-B7F7-6BE39BE47650}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C8B328E-03E7-4DD7-94C0-6382C653765F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E385D-5764-421C-AABD-F0D90322E20F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6FBD1DBA-F301-4481-8B4B-B3E12792F35D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E82A44F-2DFC-48F2-8831-A85FC3DA3186}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{A8D40B45-E44C-4224-9116-4AEA81087C57}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8631FE4F-504C-4005-A6C6-74E834AFE76E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{069A3108-BBD0-4814-9626-139886AAB09F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C4FED68-9B24-4D18-992F-5BB0C9463252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{326B1388-3850-43AB-9AE0-13ADE6C7ECC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C1579041-928A-4D7C-A3E0-736D9FFBBFD2}] => (Allow) C:\Users\Pepinaso\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{25DB9142-9607-42E8-833D-B77E7A6B5D4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00837DF4-A833-4E34-BA53-250B5BDE64A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E9F8DA3-8B45-4890-B6D4-D8DC7C704889}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D5FD69F-1C48-496C-B9D9-96F6F0E16398}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8373CE33-EE6E-456D-8396-E5B3FC066EFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2000EE5-BE05-4959-BE83-DAD1ECD8B9E9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E8A72F11-5141-4F8B-B42F-B718DC77CFEF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E893778A-BB8C-4398-B3E8-E0051EDD1374}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{6627FEFB-795D-4CE9-9F4F-B9B293C27744}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

07-04-2021 15:44:43 Dell SupportAssist Remediation
12-04-2021 07:38:22 Revo Uninstaller Pro's restore point - AnyDesk
12-04-2021 07:40:10 Revo Uninstaller Pro's restore point - Adobe Acrobat XI Pro
12-04-2021 07:40:33 Removed Adobe Acrobat XI Pro.
12-04-2021 07:43:38 Revo Uninstaller Pro's restore point - Adobe Digital Editions 4.5
12-04-2021 07:47:05 Revo Uninstaller Pro's restore point - Cyberpunk 2077 MULTi18 - ElAmigos version 1.03
12-04-2021 07:52:33 Revo Uninstaller Pro's restore point - Folder Size 4.5.0.0
12-04-2021 07:54:21 Revo Uninstaller Pro's restore point - MYOB AccountRight Enterprise v19.11.1 ED
12-04-2021 07:56:11 Revo Uninstaller Pro's restore point - MYOB ODBC Direct v10 AUS
12-04-2021 08:00:44 Revo Uninstaller Pro's restore point - PlayStationNow
12-04-2021 08:00:57 Removed PlayStationNow
12-04-2021 08:01:38 Revo Uninstaller Pro's restore point - Windscribe
12-04-2021 08:02:37 Revo Uninstaller Pro's restore point - Windows Driver Package - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION®3 Driver Package (01/20/2012 1.4.0.0)
12-04-2021 08:04:31 Revo Uninstaller Pro's restore point - REDlauncher
12-04-2021 08:05:08 Revo Uninstaller Pro's restore point - PowerISO 7.8

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/12/2021 10:16:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x10a0
Faulting application start time: 0x01d72f31225207d1
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: 85936761-f1ab-446f-88bc-e16b2cd6f94b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 09:50:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1104
Faulting application start time: 0x01d72f2d72a70add
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: e013a77d-f330-4574-8963-c8c2e3bfe53d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 08:23:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x111c
Faulting application start time: 0x01d72f21393ef33d
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: 9203e1c8-80ed-4c4b-9c89-5aa69e9affcb
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 08:07:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1018
Faulting application start time: 0x01d72f1f1c1c67f9
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: d5a750c8-d125-479b-bbfb-7850534c73f1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 07:39:36 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (04/12/2021 07:39:36 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/12/2021 07:38:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb17460-a6f7-426f-855a-ee716ac4f3ef}

Error: (04/12/2021 07:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1004
Faulting application start time: 0x01d72f1ac00a6584
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: a4cb8966-4850-4662-b64f-b72f21019d26
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Services x64 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the System Services x64 service to connect.

Error: (04/12/2021 09:52:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Services x64 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the System Services x64 service to connect.

Error: (04/12/2021 08:23:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2021-04-08 10:17:45
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {87DF554E-79AE-43DB-ADAF-A9DF02143CC3}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-07 09:58:27
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {081897AD-66C6-4380-A65D-0DAD6BCF9E18}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-06 09:57:42
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {FBE01DE9-6586-4144-924D-8D953934C3DB}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-05 10:16:01
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {2C04CFB0-E2D3-48D7-9301-F64584EF7B2B}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-03 11:11:57
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {A7831899-5E07-428F-8891-EC3481B42C20}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2020-09-22 15:45:59
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Installer\MSI9FC4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-22 15:45:53
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Installer\MSI8867.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Dell Inc. 1.1.16 01/06/2021
Motherboard: Dell Inc. 0DF42J
Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 16190.71 MB
Available physical RAM: 11870.61 MB
Total Virtual: 18622.71 MB
Available Virtual: 9695.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:221.42 GB) (Free:122.19 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1149.9 GB) NTFS
Drive g: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Packard Bell) (Fixed) (Total:2027.9 GB) (Free:1307.57 GB) NTFS

\\?\Volume{8d1d88d4-0b08-4afe-9748-79ef21164fdc}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.51 GB) NTFS
\\?\Volume{44a63dce-3f3a-4b52-9bae-2530d3861fc9}\ (Image) (Fixed) (Total:14.24 GB) (Free:0.21 GB) NTFS
\\?\Volume{07501a9c-6485-4670-8c7f-b641ef5dc8e8}\ (DELLSUPPORT) (Fixed) (Total:1.08 GB) (Free:0.31 GB) NTFS
\\?\Volume{e96d90ef-0000-0000-0000-100000000000}\ (PQSERVICE) (Fixed) (Total:20 GB) (Free:2.3 GB) NTFS
\\?\Volume{b44e8c54-9a64-4947-be87-0d7fbbcb135a}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 50C36C57)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 50C36C1E)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: E96D90EF)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2027.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, Alarico. :)
 
I'm sorry to here about what happened regarding your computer. The good thing is that you immediately changed all your passwords and talked to your Bank.

Here, will check the computer for malware. Although I'm sure you know the rules, I have to ask you to pay attention to the following, before we start:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=====================================
 
I have reviewed your logs and here are my first comments:
 
1. Hosts file
 
This is the content of your Hosts file:

127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
0.0.0.0 keystone.mwbsys.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 telemetry.mwbsys.com
0.0.0.0 serius.mwbsys.com

Although you uninstalled both Malwarebytes and PowerDVD, the method you used to bypass their activation is illegal. This method will be removed in the proposed fix.
 
 
2. Firewall rules
 
Are you aware of these blocked items?
 
C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe
C:\program files\mozilla firefox\firefox.exe
 
 
3. IE trusted sites
 
Are you aware of these sites, marked as trusted in Internet Explorer?

fnmt.es -> hxxps://fnmt.es
fnmt.gob.es -> hxxps://fnmt.gob.es

 
4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Hosts:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  1. Your reply about the firewall rules and the trusted sites
  2. The fixlog.txt

 


  • 0

#3
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 340 posts

Howdy !
 
I was having a read at your profile...belated congrats on completing the G2G "marathon", good on you!
 
 

Are you aware of these blocked items?

C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe
C:\program files\mozilla firefox\firefox.exe

 
No, I wasn't. Actually, I've used both programs with no apparent issue...awkward.
 
 

Are you aware of these sites, marked as trusted in Internet Explorer?
 
fnmt.es -> hxxps://fnmt.es
fnmt.gob.es -> hxxps://fnmt.gob.es

 
My missus is Spanish, and she had to access https://www.fnmt.es/ in order to create an electronic signature to prove her ID in a different country.
 

"Fixlog.txt" as follows:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
Ran by Pepinaso (15-04-2021 10:19:42) Run:1
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso & larac
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Hosts:
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E2E7F1-677B-40E3-A6B2-36D232063638} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\PowerDVD18Agent" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PowerDVD18Agent" => not found
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310f586a-0b47-11e9-990c-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3cf84d-0e0e-11eb-9993-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cbe1ecf-93a4-11eb-99d0-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56b01c3-6356-11eb-99c2-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310f586a-0b47-11e9-990c-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3cf84d-0e0e-11eb-9993-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cbe1ecf-93a4-11eb-99d0-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56b01c3-6356-11eb-99c2-b88584a5f865} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135339100 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 67219153 B
Edge => 216986 B
Chrome => 568922552 B
Firefox => 167967445 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 66332316 B
systemprofile32 => 66370882 B
LocalService => 66370882 B
NetworkService => 67158826 B
Pepinaso => 81625354 B
larac => 82990144 B
 
RecycleBin => 4930868 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:21:11 ====
 
 
Btw, can you tell me if any of the "stuff" you found has to do with someone fraudulently accessing my computer?
 
Thanks mate


  • 0






Similar Topics


Also tagged with one or more of these keywords: Hacker, Security breach, Bank account, Remote access, Compromised

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP