Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Someone got into my PC

Hacker Security breach Bank account Remote access Compromised

  • Please log in to reply

#1
Alarico

Alarico

    GeekU Junior

  • GeekU Junior
  • 345 posts
Hi,

Two days ago my missus received a phone call from someone that tricked her into believing it was our internet provider informing her of a security breach. She thought it was all legit so she installed a remote access program, then run commands through Ctrl+R, then got into her personal emails, bank account, pics of her driver license, and she even created a Crypto account. The conversation went on for an hour or so until she realized someone was moving the mouse cursor, so she got scared, shut the PC and router and called me. Instantly we temporarily closed bank accounts and changed passwords of whatever we could think of might be compromised. Our banks are requesting us now to clean our computers befor giving again online access to our accounts.

I'd appreciate heaps if you could help me out with this. Thank you very much.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2021
Ran by Pepinaso (administrator) on DESKTOP-33RB2E0 (Dell Inc. XPS 8930) (12-04-2021 10:18:13)
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\GfxDownloadWrapper.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f881c4be237ce854\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\Pepinaso\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(Scarlet.Crush Productions) [File not signed] D:\Programs\Game resources\ScpServer\ScpServer\bin\ScpService.exe
(Stefan Weil -> hxxps://www.qemu.org) [File not signed] C:\Program Files\qemu\qemu-system-x86_64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [340480 2018-08-26] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-12-10] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-03-31] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [MyBackupPC] => C:\Program Files (x86)\MyBackupPC\mybackuppc.exe [170791 2015-11-03] (Rerware LLC) [File not signed]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952568 2020-10-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\Windows\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E06751-826B-4603-BD40-B111718F075D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {097DCB18-DE8B-4605-A87C-28B8D4769651} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {297B47DF-E49A-4EAD-A28E-F237DBC81F24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-22] (Google Inc -> Google Inc.)
Task: {3422A22A-2D7E-4011-83A4-9156B0626128} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5A555DFB-375A-4C95-8CF9-254CEADE3076} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F8D31F7-EC27-4C38-A4CB-19839C4204FB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {682319F3-7769-41DB-9132-B964CC612804} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7A18BE1B-7552-41FC-9F49-FB48998140FA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)
Task: {7BA24C6E-4CE5-446B-A099-37AA3A06A5FA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C4B9E65-C2EA-44E5-8FBC-2C16C3DED7F5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D6387E4-DDE0-43E1-AA37-AB7192EBF84E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {823C4C9A-875E-4EEE-8455-443076FF19B2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {876CE266-1DA2-4253-AB92-70DC34351736} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9869B4C8-B4C0-48A9-A44C-066AA8F0C566} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2882408 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {A05227D4-6005-446F-99EC-C85AFE59A1E8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B053F918-9386-4DD9-8D41-0545E860295C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2250E43-8367-473C-A1A5-A0992F28D945} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B95D0D7F-ADF3-4F23-A16C-BD9730DF1580} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {BA54908D-C29B-474D-A435-B513F6A7A4EF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BECDE22D-6D16-473B-926E-385B71961A08} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4E100DC-EC8B-42DC-A3CF-9859D89215C8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C77AF200-E9D6-43DF-8426-4D03F21C7706} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {D36DFF95-03F1-4746-B416-D7BA3B41E21B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E69FB258-44C1-4B80-88B3-F75E52E033D8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F161D09C-E31F-49E2-B456-1BB4A7A160FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD85BE00-DB7D-422B-A188-A23CE080DD31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-22] (Google Inc -> Google Inc.)
Task: {FED27294-C628-4E9A-AB60-019ABD9C1CA1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-28] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{53770182-6d40-42ac-abb8-3d2bcdb4067c}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{54622783-9511-467c-a339-933b50c081a2}: [DhcpNameServer] 192.168.20.1 0.0.0.0

Edge:
=======
DownloadDir: C:\Users\Pepinaso\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pepinaso\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-01]
Edge DownloadDir: C:\Users\Pepinaso\Downloads
Edge StartupUrls: Default -> "hxxps://google.com.au/"

FireFox:
========
FF DefaultProfile: ua1sipfp.default
FF ProfilePath: C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default [2021-04-03]
FF DownloadDir: D:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\ua1sipfp.default -> www.google.com.au
FF Notifications: Mozilla\Firefox\Profiles\ua1sipfp.default -> hxxps://web.whatsapp.com; hxxps://theaussieenglishclassroom.com
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\@windscribeff.xpi [2021-02-26]
FF Extension: (MyJDownloader Browser Extension) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\[email protected] [2021-02-26] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Pepinaso\AppData\Roaming\Mozilla\Firefox\Profiles\ua1sipfp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-08]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default [2021-04-12]
CHR DownloadDir: D:\Downloads
CHR Notifications: Default -> hxxps://shop.samsung.com; hxxps://www.bootbarn.com
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-22]
CHR Extension: (Docs) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-22]
CHR Extension: (Google Drive) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2020-11-20]
CHR Extension: (Sheets) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-24]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13]
CHR Profile: C:\Users\Pepinaso\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-03-31] (Dropbox, Inc -> Dropbox, Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-03-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [19128 2021-04-01] (Dell Inc -> Dell INC.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
R2 Ds3Service; D:\Programs\Game resources\ScpServer\ScpServer\bin\ScpService.exe [381952 2014-04-03] (Scarlet.Crush Productions) [File not signed]
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\FileSyncHelper.exe [2233704 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73928 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775840 2020-04-16] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2663128 2020-04-16] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73928 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\OneDriveUpdaterService.exe [2602368 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [122368 2020-01-08] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [230176 2020-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73944 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73944 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [27896 2021-04-07] (WDKTestCert Amit_K_Tiwari,132158070448517957 -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-09] (Techporch Incorporated -> Dell Computer Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [187848 2020-04-16] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-07-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-25] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-14] (Razer Inc. -> Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (OOO Sfera-Tehno -> Atola) [File not signed]
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VKbms; C:\WINDOWS\System32\drivers\VKbms.sys [13312 2010-09-30] (G-SPY Co., Ltd. -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 08:31 - 2021-04-12 08:31 - 000060417 _____ C:\Users\Pepinaso\Desktop\Addition.txt
2021-04-12 08:30 - 2021-04-12 10:18 - 000031922 _____ C:\Users\Pepinaso\Desktop\FRST.txt
2021-04-12 08:27 - 2021-04-12 08:26 - 002297856 _____ (Farbar) C:\Users\Pepinaso\Desktop\FRST64.exe
2021-04-12 07:37 - 2021-04-12 07:37 - 000000000 ____D C:\Users\Pepinaso\AppData\LocalLow\Intel
2021-04-12 07:36 - 2021-04-12 08:07 - 000441760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-07 17:21 - 2021-04-07 17:21 - 000000000 ____D C:\Users\Pepinaso\Documents\Zoom
2021-04-07 16:15 - 2021-04-07 16:15 - 000027896 _____ C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-04-06 01:22 - 2021-04-06 01:22 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-04-06 01:22 - 2021-01-18 08:09 - 000161384 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-04-06 01:22 - 2021-01-18 08:09 - 000136888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 001781616 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001781616 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001377648 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001377648 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-06 01:22 - 2021-01-18 08:08 - 001087704 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 001087704 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000499096 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000419224 _____ C:\WINDOWS\system32\ze_loader.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000361880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-06 01:22 - 2021-01-18 08:08 - 000285592 _____ C:\WINDOWS\system32\igfxCPL.cpl
2021-04-06 01:22 - 2021-01-18 08:08 - 000140184 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-04-03 16:33 - 2021-04-03 16:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-02 05:11 - 2021-04-02 05:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-03-31 03:52 - 2021-03-31 03:52 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-03-15 16:15 - 2021-03-15 16:15 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-03-15 16:15 - 2021-03-15 16:15 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 10:18 - 2020-01-25 08:08 - 000000000 ____D C:\FRST
2021-04-12 10:18 - 2018-11-07 09:37 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-12 10:16 - 2020-11-18 16:41 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-12 10:16 - 2020-07-31 08:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-12 10:16 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-12 10:16 - 2018-11-15 12:28 - 000000000 __SHD C:\Users\Pepinaso\IntelGraphicsProfiles
2021-04-12 10:16 - 2018-11-07 09:31 - 000000000 ____D C:\Intel
2021-04-12 09:52 - 2019-12-07 19:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-12 08:28 - 2020-07-31 08:37 - 001781530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-12 08:28 - 2020-07-30 20:52 - 000790712 _____ C:\WINDOWS\system32\perfh00A.dat
2021-04-12 08:28 - 2020-07-30 20:52 - 000157464 _____ C:\WINDOWS\system32\perfc00A.dat
2021-04-12 08:28 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-12 08:25 - 2019-04-06 20:08 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-04-12 08:03 - 2020-11-19 16:20 - 000000000 ____D C:\Program Files\DIFX
2021-04-12 07:58 - 2018-11-07 09:36 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-12 07:57 - 2018-11-07 09:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-04-12 07:55 - 2020-06-21 15:54 - 000000000 ____D C:\Enterprise19ED
2021-04-12 07:45 - 2020-05-02 12:28 - 000000000 ____D C:\Users\Pepinaso\Documents\My Digital Editions
2021-04-12 07:41 - 2018-11-15 14:34 - 000000000 ____D C:\ProgramData\Adobe
2021-04-12 07:36 - 2021-02-26 17:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-12 07:36 - 2018-11-15 12:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-08 16:22 - 2020-07-31 08:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-08 12:30 - 2020-10-25 15:08 - 000000000 ____D C:\Users\Pepinaso\AppData\Roaming\vlc
2021-04-08 05:10 - 2018-11-15 13:25 - 000000000 ____D C:\Users\Pepinaso\AppData\Local\CrashDumps
2021-04-07 22:22 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-07 22:22 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-07 15:46 - 2020-07-30 20:24 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-07 03:55 - 2018-12-08 12:55 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-03 16:33 - 2019-01-31 05:15 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-03 16:33 - 2018-11-15 12:44 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-03 16:33 - 2018-11-15 12:44 - 000000000 ____D C:\Users\Pepinaso\AppData\LocalLow\Mozilla
2021-04-03 15:45 - 2020-08-01 18:35 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 05:11 - 2018-11-17 07:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-03-31 07:01 - 2018-11-22 05:39 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-30 09:27 - 2019-02-21 08:30 - 000000000 ___RD C:\Users\larac\OneDrive
2021-03-30 09:27 - 2019-02-21 05:21 - 000000000 ____D C:\Users\larac\AppData\Local\Packages
2021-03-30 09:26 - 2019-02-21 05:21 - 000000000 __SHD C:\Users\larac\IntelGraphicsProfiles
2021-03-24 21:11 - 2020-02-21 08:32 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-03-16 09:41 - 2018-11-07 09:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-15 16:15 - 2018-11-15 12:30 - 000000000 ___RD C:\Users\Pepinaso\OneDrive
2021-03-14 14:48 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories ========

2019-06-18 11:02 - 2019-06-18 11:02 - 000535552 _____ (Dirección General de la Policía) C:\Users\Pepinaso\AppData\Local\DNIeService.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021
Ran by Pepinaso (12-04-2021 10:18:59)
Running from C:\Users\Pepinaso\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2020-07-30 22:37:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-153542611-3615973289-1248043461-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-153542611-3615973289-1248043461-503 - Limited - Disabled)
Guest (S-1-5-21-153542611-3615973289-1248043461-501 - Limited - Disabled)
larac (S-1-5-21-153542611-3615973289-1248043461-1002 - Limited - Enabled) => C:\Users\larac
marco (S-1-5-21-153542611-3615973289-1248043461-1004 - Limited - Disabled)
Pepinaso (S-1-5-21-153542611-3615973289-1248043461-1001 - Administrator - Enabled) => C:\Users\Pepinaso
WDAGUtilityAccount (S-1-5-21-153542611-3615973289-1248043461-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM)
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{98962E99-9DC0-4B16-9D48-2EED1F5D117E}) (Version: 1.2.6577 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E9E87628-7D88-4557-9A80-49B2B4A81460}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{ef6a1215-d616-4e4f-9453-525ed9903031}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 119.4.1772 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
foobar2000 v1.5.3 (HKLM-x32\...\foobar2000) (Version: 1.5.3 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2014.14.0.1540 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.9.1040 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1943.2 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\{754CC9DC-3DB4-4FB2-B71E-87331DB9EA17}) (Version: 7.5.4 - Intel Corporation)
Intel® Optane Pinning Explorer Extensions (HKLM\...\{EEA36044-96B5-4E2A-AC59-3FC742EEDEF4}) (Version: 17.5.9.1040 - Intel Corporation)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Killer Performance Driver Suite UWD (HKLM\...\{3138A18C-B69F-4C99-ACB7-E579DF171032}) (Version: 2.0.1175 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{D9007C95-A9B6-41FD-B6DF-B97DFFC4BE84}) (Version: 2.3.1513 - Rivet Networks)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft 365 - es-es (HKLM\...\o365homepremretail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{2D98CD18-5754-4D94-B7E8-E6E11DAA56B1}) (Version: 13.0.811.168 - Microsoft Corporation)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Project - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Visio - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MyBackupPC from Rerware, LLC (HKLM-x32\...\MyBackupPC) (Version: - )
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.56.33908 - Electronic Arts, Inc.)
psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10518 - Qualcomm)
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version: - RAR Password Unlocker, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
RescuePRO Deluxe 7.0.0.8 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 7.0.0.8 - LC Technology International, Inc.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Skype version 8.65 (HKLM-x32\...\Skype_is1) (Version: 8.65 - Skype Technologies S.A.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vysor (HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Vysor) (Version: 2.2.2 - ClockworkMod)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.60 - Waves Audio Ltd)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XnView 2.49.2 (HKLM-x32\...\XnView_is1) (Version: 2.49.2 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2 [2021-04-07] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.70.0_x64__htrsf667h5kn2 [2021-02-26] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-02-26] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-03-02] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2 [2021-02-26] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-30] (Dolby Laboratories)
Dolby Atmos -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmos_3.20201.255.0_x64__rz1tebttyb220 [2020-06-02] (Dolby Laboratories)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2020.4.45.0_x64__t5j2fzbtdg37r [2020-12-18] (DTS, Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-12-11] (Apple Inc.) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag [2020-08-12] (Rivet Networks LLC) [Startup Task]
Lake Baikal -> C:\Program Files\WindowsApps\Microsoft.LakeBaikal_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-03-27] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.33.0_x64__htrsf667h5kn2 [2021-03-30] (Dell Inc)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-26] (NVIDIA Corp.)
Panoramic Cityscapes PREMIUM -> C:\Program Files\WindowsApps\Microsoft.PanoramicCityscapesPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.3224.0_x86__mcezb6ze687jp [2021-03-30] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-12] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-11-17] (CYBERLINK CORPORATION.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-153542611-3615973289-1248043461-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-153542611-3615973289-1248043461-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pepinaso\Dropbox [2018-11-17 08:01]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-10] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2019-12-12] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-10] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxDTCM.dll [2021-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_f3fdc49044533477\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2013-12-01 16:33 - 2013-12-01 16:33 - 000033792 _____ () [File not signed] c:\program files\qemu\iconv.dll
2013-12-02 19:15 - 2013-12-02 19:15 - 000071168 _____ () [File not signed] c:\program files\qemu\libbz2-1.dll
2018-02-19 19:33 - 2018-02-19 19:33 - 000891392 _____ () [File not signed] c:\program files\qemu\libcairo-2.dll
2018-02-19 19:33 - 2018-02-19 19:33 - 000033792 _____ () [File not signed] c:\program files\qemu\libcairo-gobject-2.dll
2018-03-15 06:51 - 2018-03-15 06:51 - 000528384 _____ () [File not signed] c:\program files\qemu\libcurl-4.dll
2017-09-06 12:01 - 2017-09-06 12:01 - 001472000 _____ () [File not signed] c:\program files\qemu\libepoxy-0.dll
2017-07-18 16:22 - 2017-07-18 16:22 - 000159232 _____ () [File not signed] c:\program files\qemu\libexpat-1.dll
2015-11-22 22:01 - 2015-11-22 22:01 - 000031744 _____ () [File not signed] c:\program files\qemu\libffi-6.dll
2018-02-19 19:22 - 2018-02-19 19:22 - 000276480 _____ () [File not signed] c:\program files\qemu\libfontconfig-1.dll
2018-03-19 18:06 - 2018-03-19 18:06 - 000642048 _____ () [File not signed] c:\program files\qemu\libfreetype-6.dll
2019-06-20 07:07 - 2019-06-20 07:07 - 001271779 _____ () [File not signed] c:\program files\qemu\libgcc_s_seh-1.dll
2017-02-08 12:42 - 2017-02-08 12:42 - 000553984 _____ () [File not signed] c:\program files\qemu\libgmp-10.dll
2018-03-15 14:13 - 2018-03-15 14:13 - 001287168 _____ () [File not signed] c:\program files\qemu\libgnutls-30.dll
2018-04-10 22:35 - 2018-04-10 22:35 - 000702976 _____ () [File not signed] c:\program files\qemu\libharfbuzz-0.dll
2018-03-15 15:40 - 2018-03-15 15:40 - 000170496 _____ () [File not signed] c:\program files\qemu\libhogweed-4.dll
2017-09-24 17:19 - 2017-09-24 17:19 - 000148992 _____ () [File not signed] c:\program files\qemu\libidn2-0.dll
2017-12-17 17:49 - 2017-12-17 17:49 - 000414720 _____ () [File not signed] c:\program files\qemu\libjpeg-8.dll
2014-06-30 17:01 - 2014-06-30 17:01 - 000136192 _____ () [File not signed] c:\program files\qemu\liblzo2-2.dll
2018-03-15 15:40 - 2018-03-15 15:40 - 000216576 _____ () [File not signed] c:\program files\qemu\libnettle-6.dll
2018-03-15 16:10 - 2018-03-15 16:10 - 000140800 _____ () [File not signed] c:\program files\qemu\libnghttp2-14.dll
2018-04-08 16:29 - 2018-04-08 16:29 - 001059840 _____ () [File not signed] c:\program files\qemu\libp11-kit-0.dll
2017-04-23 17:36 - 2017-04-23 17:36 - 000296960 _____ () [File not signed] c:\program files\qemu\libpcre-1.dll
2016-08-07 16:59 - 2016-08-07 16:59 - 000662016 _____ () [File not signed] c:\program files\qemu\libpixman-1-0.dll
2017-12-17 17:38 - 2017-12-17 17:38 - 000219648 _____ () [File not signed] c:\program files\qemu\libpng16-16.dll
2016-04-08 08:48 - 2016-04-08 08:48 - 000175104 _____ () [File not signed] c:\program files\qemu\libssh2-1.dll
2018-03-19 11:50 - 2018-03-19 11:50 - 000098304 _____ () [File not signed] c:\program files\qemu\libtasn1-6.dll
2015-01-29 08:48 - 2015-01-29 08:48 - 000035328 _____ () [File not signed] c:\program files\qemu\libusbredirparser-1.dll
2017-12-07 21:21 - 2017-12-07 21:21 - 000921600 _____ () [File not signed] c:\program files\qemu\SDL2.dll
2017-03-03 12:48 - 2017-03-03 12:48 - 000091136 _____ () [File not signed] c:\program files\qemu\zlib1.dll
2021-04-07 22:22 - 2021-04-07 22:22 - 022044672 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.52.0_x64__htrsf667h5kn2\DellCustomerConnect.dll
2019-03-12 10:35 - 2012-06-14 16:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-10-23 11:54 - 2016-10-23 11:54 - 000132608 _____ (Free Software Foundation) [File not signed] c:\program files\qemu\libintl-8.dll
2015-11-22 21:04 - 2015-11-22 21:04 - 001829888 _____ (Free Software Foundation) [File not signed] c:\program files\qemu\libunistring-2.dll
2017-06-19 04:41 - 2017-06-19 04:41 - 000137728 _____ (libusb.info) [File not signed] c:\program files\qemu\libusb-1.0.dll
2018-11-11 10:47 - 2018-11-11 10:47 - 000592104 _____ (MingW-W64 Project. All rights reserved.) [File not signed] c:\program files\qemu\libwinpthread-1.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000284672 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpango-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000058880 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangocairo-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000079872 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangoft2-1.0-0.dll
2018-02-19 20:27 - 2018-02-19 20:27 - 000067072 _____ (Red Hat Software) [File not signed] c:\program files\qemu\libpangowin32-1.0-0.dll
2020-08-12 19:57 - 2020-08-12 19:58 - 001774080 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3267.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\System.Data.SQLite.dll
2018-02-19 19:14 - 2018-02-19 19:14 - 000128000 _____ (Sun Microsystems Inc.) [File not signed] c:\program files\qemu\libatk-1.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 001358848 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgio-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 001105920 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libglib-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 000023040 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgmodule-2.0-0.dll
2018-02-19 18:19 - 2018-02-19 18:19 - 000304128 _____ (The GLib developer community) [File not signed] c:\program files\qemu\libgobject-2.0-0.dll
2018-02-19 19:43 - 2018-02-19 19:43 - 000152576 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgdk_pixbuf-2.0-0.dll
2018-02-19 21:37 - 2018-02-19 21:37 - 001186304 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgdk-3-0.dll
2018-02-19 21:38 - 2018-02-19 21:38 - 006704128 _____ (The GTK developer community) [File not signed] c:\program files\qemu\libgtk-3-0.dll
2018-03-27 15:13 - 2018-03-27 15:13 - 002249728 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\program files\qemu\libeay32.dll
2018-03-27 15:13 - 2018-03-27 15:13 - 000400384 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\program files\qemu\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-au
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1001 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1001 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.es -> hxxp://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\fnmt.es%20,%20https -> hxxps://fnmt.es%20,%20https
IE trusted site: HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\gob.es -> hxxps://fnmt.gob.es

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 09:38 - 2019-05-06 20:04 - 000001118 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
0.0.0.0 keystone.mwbsys.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 telemetry.mwbsys.com
0.0.0.0 serius.mwbsys.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pepinaso\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "MyBackupPC"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4C497C5E-79B7-4B50-B2C9-6862FEADC3D4}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0FECC90B-8171-46A8-9B1C-86936FA38935}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [UDP Query User{A3F9EB4A-B2DD-4820-8795-A0B7A6D3FE50}C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{70B43EA4-CEC2-4F97-8F94-F14659EE5BD5}C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe] => (Allow) C:\users\pepinaso\appdata\local\vysor\app-2.1.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [{14E9F0A1-2F9F-4850-AC4D-F3A879558E6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A534E2E8-998A-4E4F-AE67-0756C8E8B1F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F297C9BE-6281-45EB-87F4-653763DC6FE2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{776C887D-9353-47BA-B302-E171804CC5E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D4706ABE-5D95-478A-8279-478FC2FE2926}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{466E0DD1-2F8B-48DF-BB01-ED64D746B5EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BAFFCAAE-346E-4BBD-95EC-3E6144DB72A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20079.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32B988A9-29F9-49D7-B4E0-713AAE981854}] => (Allow) C:\Users\Pepinaso\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{67885BE0-93C9-46B0-96A0-826717085C79}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9DBE777-D09B-4EC6-9FA9-B0EFBF17F46F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A81F9C2D-9FB2-4CDC-BABA-A9E1CB079864}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{58C17C4A-3284-4556-BF79-6A711185D386}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2561B3EE-2EFB-4B26-B03F-D0D2C61387B6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05BBACC2-AE42-412C-9892-9024F95DCB99}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CE2C2F1-3052-4F53-B196-A07A49E98A82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA81C066-61CA-4577-B7F7-6BE39BE47650}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C8B328E-03E7-4DD7-94C0-6382C653765F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E385D-5764-421C-AABD-F0D90322E20F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6FBD1DBA-F301-4481-8B4B-B3E12792F35D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E82A44F-2DFC-48F2-8831-A85FC3DA3186}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{A8D40B45-E44C-4224-9116-4AEA81087C57}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{8631FE4F-504C-4005-A6C6-74E834AFE76E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{069A3108-BBD0-4814-9626-139886AAB09F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C4FED68-9B24-4D18-992F-5BB0C9463252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{326B1388-3850-43AB-9AE0-13ADE6C7ECC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C1579041-928A-4D7C-A3E0-736D9FFBBFD2}] => (Allow) C:\Users\Pepinaso\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{25DB9142-9607-42E8-833D-B77E7A6B5D4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00837DF4-A833-4E34-BA53-250B5BDE64A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E9F8DA3-8B45-4890-B6D4-D8DC7C704889}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D5FD69F-1C48-496C-B9D9-96F6F0E16398}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8373CE33-EE6E-456D-8396-E5B3FC066EFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2000EE5-BE05-4959-BE83-DAD1ECD8B9E9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E8A72F11-5141-4F8B-B42F-B718DC77CFEF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E893778A-BB8C-4398-B3E8-E0051EDD1374}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{6627FEFB-795D-4CE9-9F4F-B9B293C27744}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

07-04-2021 15:44:43 Dell SupportAssist Remediation
12-04-2021 07:38:22 Revo Uninstaller Pro's restore point - AnyDesk
12-04-2021 07:40:10 Revo Uninstaller Pro's restore point - Adobe Acrobat XI Pro
12-04-2021 07:40:33 Removed Adobe Acrobat XI Pro.
12-04-2021 07:43:38 Revo Uninstaller Pro's restore point - Adobe Digital Editions 4.5
12-04-2021 07:47:05 Revo Uninstaller Pro's restore point - Cyberpunk 2077 MULTi18 - ElAmigos version 1.03
12-04-2021 07:52:33 Revo Uninstaller Pro's restore point - Folder Size 4.5.0.0
12-04-2021 07:54:21 Revo Uninstaller Pro's restore point - MYOB AccountRight Enterprise v19.11.1 ED
12-04-2021 07:56:11 Revo Uninstaller Pro's restore point - MYOB ODBC Direct v10 AUS
12-04-2021 08:00:44 Revo Uninstaller Pro's restore point - PlayStationNow
12-04-2021 08:00:57 Removed PlayStationNow
12-04-2021 08:01:38 Revo Uninstaller Pro's restore point - Windscribe
12-04-2021 08:02:37 Revo Uninstaller Pro's restore point - Windows Driver Package - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION®3 Driver Package (01/20/2012 1.4.0.0)
12-04-2021 08:04:31 Revo Uninstaller Pro's restore point - REDlauncher
12-04-2021 08:05:08 Revo Uninstaller Pro's restore point - PowerISO 7.8

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/12/2021 10:16:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x10a0
Faulting application start time: 0x01d72f31225207d1
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: 85936761-f1ab-446f-88bc-e16b2cd6f94b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 09:50:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1104
Faulting application start time: 0x01d72f2d72a70add
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: e013a77d-f330-4574-8963-c8c2e3bfe53d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 08:23:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x111c
Faulting application start time: 0x01d72f21393ef33d
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: 9203e1c8-80ed-4c4b-9c89-5aa69e9affcb
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 08:07:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1018
Faulting application start time: 0x01d72f1f1c1c67f9
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: d5a750c8-d125-479b-bbfb-7850534c73f1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/12/2021 07:39:36 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (04/12/2021 07:39:36 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/12/2021 07:38:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9bb17460-a6f7-426f-855a-ee716ac4f3ef}

Error: (04/12/2021 07:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Faulting module name: OriginWebHelperService.exe, version: 10.5.56.33908, time stamp: 0x5dd474e2
Exception code: 0xc0000005
Fault offset: 0x00098210
Faulting process ID: 0x1004
Faulting application start time: 0x01d72f1ac00a6584
Faulting application path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Faulting module path: C:\Program Files (x86)\Origin\OriginWebHelperService.exe
Report ID: a4cb8966-4850-4662-b64f-b72f21019d26
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Services x64 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/12/2021 10:17:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the System Services x64 service to connect.

Error: (04/12/2021 09:52:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Services x64 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/12/2021 09:51:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the System Services x64 service to connect.

Error: (04/12/2021 08:23:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2021-04-08 10:17:45
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {87DF554E-79AE-43DB-ADAF-A9DF02143CC3}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-07 09:58:27
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {081897AD-66C6-4380-A65D-0DAD6BCF9E18}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-06 09:57:42
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {FBE01DE9-6586-4144-924D-8D953934C3DB}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-05 10:16:01
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {2C04CFB0-E2D3-48D7-9301-F64584EF7B2B}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

Date: 2021-04-03 11:11:57
Description:
El examen de Microsoft Defender Antivirus se detuvo antes de completarse.
Id. de examen: {A7831899-5E07-428F-8891-EC3481B42C20}
Tipo de examen: Antimalware
Parámetros de examen: Quick Scan
Usuario: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2020-09-22 15:45:59
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Installer\MSI9FC4.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-09-22 15:45:53
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Installer\MSI8867.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Dell Inc. 1.1.16 01/06/2021
Motherboard: Dell Inc. 0DF42J
Processor: Intel® Core™ i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 16190.71 MB
Available physical RAM: 11870.61 MB
Total Virtual: 18622.71 MB
Available Virtual: 9695.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:221.42 GB) (Free:122.19 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1862.89 GB) (Free:1149.9 GB) NTFS
Drive g: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Packard Bell) (Fixed) (Total:2027.9 GB) (Free:1307.57 GB) NTFS

\\?\Volume{8d1d88d4-0b08-4afe-9748-79ef21164fdc}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.51 GB) NTFS
\\?\Volume{44a63dce-3f3a-4b52-9bae-2530d3861fc9}\ (Image) (Fixed) (Total:14.24 GB) (Free:0.21 GB) NTFS
\\?\Volume{07501a9c-6485-4670-8c7f-b641ef5dc8e8}\ (DELLSUPPORT) (Fixed) (Total:1.08 GB) (Free:0.31 GB) NTFS
\\?\Volume{e96d90ef-0000-0000-0000-100000000000}\ (PQSERVICE) (Fixed) (Total:20 GB) (Free:2.3 GB) NTFS
\\?\Volume{b44e8c54-9a64-4947-be87-0d7fbbcb135a}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 50C36C57)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 50C36C1E)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: E96D90EF)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2027.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

Hi, Alarico. :)
 
I'm sorry to here about what happened regarding your computer. The good thing is that you immediately changed all your passwords and talked to your Bank.

Here, will check the computer for malware. Although I'm sure you know the rules, I have to ask you to pay attention to the following, before we start:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=====================================
 
I have reviewed your logs and here are my first comments:
 
1. Hosts file
 
This is the content of your Hosts file:

127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
0.0.0.0 keystone.mwbsys.com
0.0.0.0 telemetry.malwarebytes.com
0.0.0.0 telemetry.mwbsys.com
0.0.0.0 serius.mwbsys.com

Although you uninstalled both Malwarebytes and PowerDVD, the method you used to bypass their activation is illegal. This method will be removed in the proposed fix.
 
 
2. Firewall rules
 
Are you aware of these blocked items?
 
C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe
C:\program files\mozilla firefox\firefox.exe
 
 
3. IE trusted sites
 
Are you aware of these sites, marked as trusted in Internet Explorer?

fnmt.es -> hxxps://fnmt.es
fnmt.gob.es -> hxxps://fnmt.gob.es

 
4. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Hosts:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  1. Your reply about the firewall rules and the trusted sites
  2. The fixlog.txt

 


  • 0

#3
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Howdy !
 
I was having a read at your profile...belated congrats on completing the G2G "marathon", good on you!
 
 

Are you aware of these blocked items?

C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe
C:\program files\mozilla firefox\firefox.exe

 
No, I wasn't. Actually, I've used both programs with no apparent issue...awkward.
 
 

Are you aware of these sites, marked as trusted in Internet Explorer?
 
fnmt.es -> hxxps://fnmt.es
fnmt.gob.es -> hxxps://fnmt.gob.es

 
My missus is Spanish, and she had to access https://www.fnmt.es/ in order to create an electronic signature to prove her ID in a different country.
 

"Fixlog.txt" as follows:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
Ran by Pepinaso (15-04-2021 10:19:42) Run:1
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso & larac
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> DefaultScope {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
SearchScopes: HKU\S-1-5-21-153542611-3615973289-1248043461-1002 -> {40E2E7F1-677B-40E3-A6B2-36D232063638} URL =
HKLM\...\StartupApproved\Run32: => "PowerDVD18Agent"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} - "G:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {310f586a-0b47-11e9-990c-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {7e3cf84d-0e0e-11eb-9993-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {9cbe1ecf-93a4-11eb-99d0-b88584a5f865} - "I:\Setup.exe" /s
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\...\MountPoints2: {c56b01c3-6356-11eb-99c2-b88584a5f865} - "J:\Setup.exe" /s
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Hosts:
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E2E7F1-677B-40E3-A6B2-36D232063638} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\PowerDVD18Agent" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PowerDVD18Agent" => not found
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310f586a-0b47-11e9-990c-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b4bc217-2cf2-11ea-9958-9cb6d0b83db8} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3cf84d-0e0e-11eb-9993-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cbe1ecf-93a4-11eb-99d0-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56b01c3-6356-11eb-99c2-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{310f586a-0b47-11e9-990c-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e3cf84d-0e0e-11eb-9993-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cbe1ecf-93a4-11eb-99d0-b88584a5f865} => removed successfully
HKU\S-1-5-21-153542611-3615973289-1248043461-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c56b01c3-6356-11eb-99c2-b88584a5f865} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135339100 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 67219153 B
Edge => 216986 B
Chrome => 568922552 B
Firefox => 167967445 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 66332316 B
systemprofile32 => 66370882 B
LocalService => 66370882 B
NetworkService => 67158826 B
Pepinaso => 81625354 B
larac => 82990144 B
 
RecycleBin => 4930868 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:21:11 ====
 
 
Btw, can you tell me if any of the "stuff" you found has to do with someone fraudulently accessing my computer?
 
Thanks mate


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

I was having a read at your profile...belated congrats on completing the G2G "marathon", good on you!

 
I hope the same for you too, soon! :)
 

Btw, can you tell me if any of the "stuff" you found has to do with someone fraudulently accessing my computer?

 
No, there is no way to tell what happened during the remote access they tried to have. And there is no active malware infection shown in the above logs.
 
Let's do, however, some other scans with AdwCleaner and Malwarebytes.

1. AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Hi,
 

In your next reply, please post: 

  • The AdwCleaner[S0*].txt

 
 
 # -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-16-2021
# Duration: 00:00:10
# OS:       Windows 10 Home
# Scanned:  31973
# Detected: 15
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\Updater
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN 
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT 
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A18BE1B-7552-41FC-9F49-FB48998140FA}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A18BE1B-7552-41FC-9F49-FB48998140FA}  
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate 
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE 
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE 
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
  

In your next reply, please post:

  • The Malwarebytes report

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 16/04/2021
Scan Time: 10:14
Log File: b7c75430-9e48-11eb-8f10-b88584a5f865.json
 
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39455
Licence: Trial
 
-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-33RB2E0\Pepinaso
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 321809
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 0 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

Hi, Alarico.

Malwarebytes detected nothing, but AdwCleaner detected a potentially unwanted program that needs to get deleted:
 
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\Updater

Let's clean.
 
1. AdwCleaner (Clean mode)

The section at the bottom under "Preinstalled Software" is software that was apparently installed when the device was new, which you may or may not use. No need to keep something you do not need/use. but it is your computer, so your choice.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check the PUP detected and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove. It is your PC so if you wish to keep them, feel free to do so.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start ADWCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Uninstall unnecessary (?) programs (Optional)
 
If you decide to uninstall any of the preinstalled software, you may consider to uninstall these programs. This is optional. Depending on the AdwCleaner's action in the previous step, you may not see some of the following, since they got uninstalled. At this step you can also uninstall any program you do not use/need.
 
Dell Digital Delivery Services
Dell Mobile Connect Drivers
Dell SupportAssist
Dell SupportAssist Remediation
Dell Update - SupportAssist Update Plugin
Dell Update for Windows 10
 
To uninstall them:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the above programs in the list:
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

3. Uninstall unnecessary (?) apps (Optional)
 
These Dell apps also came preinstalled with the computer. Uninstall whatever you do not use/need.
 
Dell Customer Connect
Dell Digital Delivery
Dell Mobile Connect [Startup Task]
Dell SupportAssist for Home PCs
Dell Update
 My Dell

To uninstall them:
 
Press the Start button, find the above apps, one by one, right click on them and select Uninstall.
 
Repeat the procedure for any application you don't use/need.
 
 
4. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition.txt and FRST.txt (attached please).

  • 0

#7
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Hi DR M,
 

In your next reply please post:

  • The AdwCleaner[C0*].txt

 

 # -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-16-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\System\Setup\FirstBoot\Services\Updater
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2912 octets] - [16/04/2021 09:43:54]
AdwCleaner[S01].txt - [2973 octets] - [16/04/2021 10:24:55]
AdwCleaner[S02].txt - [3034 octets] - [16/04/2021 19:00:38]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 
 
Thanks mate

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

Hi, Alarico.
 
1. Uninstall a program
 
Revo Uninstaller Pro 3.1.8 is pirated. Please uninstall it. If you want Revo, have in mind that the free version can do what an ordinary user wants it to do: completely uninstall programs. Therefore, you don't need Pro to do your job.

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Revo Uninstaller Pro 3.1.8
  • Select the above program and click Uninstall.
  • Restart the computer.

 

2. Check programs with CKScanner

  • Download CKScanner from here and save it to your desktop.
  • Double click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

3. Do you recognize these?

 

C:\ProgramData\FLEXnet
C:\ProgramData\Wondershare

 


  • 0

#9
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Hi DR M,
 
My screen went totally black right now for about 3-4 seconds before doing anything, just reading your reply...any idea why this could have happened? First time I've ever noticed this.
 
 

1. Uninstall a program
 

Revo Uninstaller Pro 3.1.8

 

 
Done.
 
 

2. Check programs with CKScanner


 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.928.1.10\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.928.1.10\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\ssh-keygen.exe
scanner sequence 3.EM.11.SFNAWZ
 ----- EOF ----- 
 
 

3. Do you recognize these?
 
C:\ProgramData\FLEXnet
C:\ProgramData\Wondershare

 
 
FLEXnet might be related to ISUSPM.exe, which could've been bundled up with a program I installed long time ago named Nuance PDF Professional. Happy to get rid of it  :thumbsup:
 
Wondershare might have to do with "drfone" and "Filmora9" (i.e. both products of Wondershare)...although I don't know how they got into my system. I also found in the registry the following:

 

file:///C:/Program Files (x86)/Wondershare/drfone/Addins/Recovery/DriverInstall.EXE

C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\

C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

Computer\HKEY_CURRENT_USER\SOFTWARE\BugSplat\wondershare_filmora_9_0_win{2}.\\?\hdaudio#func_01&ven_10ec&dev_0899&subsys_10280859&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume8\Program Files\Wondershare\Filmora9\Wondershare Filmora9.exe%b{00000000-0000-0000-0000-000000000000}

{6D809377-6AF0-444B-8957-A3773F02200E}\Wondershare\Filmora9\Wondershare Filmora9.exe

{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Wondershare\Dr.Fone for Android\DrFoneAndroid.exe

{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Wondershare\drfone\DrFoneToolKit.exe

Computer\HKEY_CURRENT_USER\SOFTWARE\Wondershare

Computer\HKEY_CURRENT_USER\SOFTWARE\Wondershare\Wondershare Helper Compact

Computer\HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Wondershare

file:///C:/Program Files (x86)/Wondershare/drfone/Addins/Recovery/DriverInstall.EXE

 

and also hidden file named DrFoneRecovery in my D: drive.

 

Pesky little buggers! Also happy to get rid of it  :thumbsup:

 
Thank you


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

Hi, Alarico.
 
You can delete remnants of uninstalled programs in your Program Files list, but do not mess with registry. FRST scan was set to reveal only files created/modified the last month, and the fix below is based on that.
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
FirewallRules: [TCP Query User{E893778A-BB8C-4398-B3E8-E0051EDD1374}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{6627FEFB-795D-4CE9-9F4F-B9B293C27744}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [230176 2020-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)
D:\Programs\Uninstallers\Revo Uninstaller Pro 121120\patch-MrSzzS.rar
C:\WINDOWS\System32\drivers\HipShieldK.sys
C:\ProgramData\FLEXnet
C:\ProgramData\Wondershare
C:\Program Files\VS Revo Group
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Eset Online scan
 
Let's make an additional scan with Eset online scanner, just to ensure that the computer is completely clean.

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

3. Check servises
 
Do you have any issue with updates? There is a sign in the logs that may be a problem. Let's check this.

  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

 

In your next reply please post:

  • The fixlog.txt
  • The Eset.txt
  • The FSS.txt

  • 0

#11
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Howdy !
 

In your next reply please post:

  • The fixlog.txt

 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pepinaso (17-04-2021 19:47:45) Run:2
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso & larac
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
FirewallRules: [TCP Query User{E893778A-BB8C-4398-B3E8-E0051EDD1374}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{6627FEFB-795D-4CE9-9F4F-B9B293C27744}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
HKU\S-1-5-21-153542611-3615973289-1248043461-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [230176 2020-01-16] (Wondershare Technology Co.,Ltd -> Wondershare)
D:\Programs\Uninstallers\Revo Uninstaller Pro 121120\patch-MrSzzS.rar
C:\WINDOWS\System32\drivers\HipShieldK.sys
C:\ProgramData\FLEXnet
C:\ProgramData\Wondershare
C:\Program Files\VS Revo Group
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RUShellExt => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E893778A-BB8C-4398-B3E8-E0051EDD1374}D:\downloads\anydesk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6627FEFB-795D-4CE9-9F4F-B9B293C27744}D:\downloads\anydesk.exe" => removed successfully
"HKU\S-1-5-21-153542611-3615973289-1248043461-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM" => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\HipShieldK => removed successfully
HipShieldK => service removed successfully
HKLM\System\CurrentControlSet\Services\Wondershare InstallAssist => removed successfully
Wondershare InstallAssist => service removed successfully
"D:\Programs\Uninstallers\Revo Uninstaller Pro 121120\patch-MrSzzS.rar" => not found
C:\WINDOWS\System32\drivers\HipShieldK.sys => moved successfully
C:\ProgramData\FLEXnet => moved successfully
C:\ProgramData\Wondershare => moved successfully
"C:\Program Files\VS Revo Group" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12674782 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11300029 B
Edge => 0 B
Chrome => 393292831 B
Firefox => 39053716 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 27655 B
systemprofile32 => 27655 B
LocalService => 34917 B
NetworkService => 46729 B
Pepinaso => 264677648 B
larac => 265536308 B
 
RecycleBin => 0 B
EmptyTemp: => 951 MB temporary data Removed.
 
================================
 

  • The Eset.txt

 

 
 18/04/2021 10:25:23
Files scanned: 569443
Detected files: 0
Cleaned files: 0
Total scan time: 01:02:45
Scan status: Finished
 

 

  • The FSS.txt

 


Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

Thank you


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

Hi, Alarico.
 
Everything looks fine.
 
But... I forgot to include the blocked items in the fix, to remove the Firewall rules regarding them. :oops:

1. FRST fix

 

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{4C497C5E-79B7-4B50-B2C9-6862FEADC3D4}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0FECC90B-8171-46A8-9B1C-86936FA38935}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{D4706ABE-5D95-478A-8279-478FC2FE2926}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{466E0DD1-2F8B-48DF-BB01-ED64D746B5EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Feedback

 

How is the computer running now? Any remaining question/issue/concern?


  • 0

#13
Alarico

Alarico

    GeekU Junior

  • Topic Starter
  • GeekU Junior
  • 345 posts

Hi DR M,
 

1. FRST fix

 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pepinaso (19-04-2021 08:41:45) Run:3
Running from C:\Users\Pepinaso\Desktop
Loaded Profiles: Pepinaso & larac
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FirewallRules: [UDP Query User{4C497C5E-79B7-4B50-B2C9-6862FEADC3D4}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{0FECC90B-8171-46A8-9B1C-86936FA38935}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe] => (Block) C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe (ClockworkMod) [File not signed]
FirewallRules: [TCP Query User{D4706ABE-5D95-478A-8279-478FC2FE2926}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{466E0DD1-2F8B-48DF-BB01-ED64D746B5EC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C497C5E-79B7-4B50-B2C9-6862FEADC3D4}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0FECC90B-8171-46A8-9B1C-86936FA38935}C:\users\pepinaso\appdata\local\vysor\app-2.2.2\vysor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4706ABE-5D95-478A-8279-478FC2FE2926}C:\program files\mozilla firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{466E0DD1-2F8B-48DF-BB01-ED64D746B5EC}C:\program files\mozilla firefox\firefox.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9503507 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10340847 B
Edge => 0 B
Chrome => 389794570 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 111080 B
systemprofile32 => 111080 B
LocalService => 111080 B
NetworkService => 114312 B
Pepinaso => 694215 B
larac => 694215 B
 
RecycleBin => 0 B
EmptyTemp: => 403.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:42:07 ====

 

Everything looks fine.
 
How is the computer running now? Any remaining question/issue/concern?

 
The computer never gave me any noticeable issues, although you did find some :whistling:; I was mostly worried the "hacker" could've left behind any remnants to regain entry to my system. I really appreciate the time and effort you put into this, and I am truly grateful for your help. Now I can finally get back to my life  :spoton:.
 


Ευχαριστώ πολύ!


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,625 posts

The computer never gave me any noticeable issues, although you did find some

 
Hi, Alarico.
 
Actually, the noticeable issues we fixed here mostly had to do with programs activated with a not a legal way. Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. We don't want that, right? :whistling: 
 
If you have no other issues...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Ευχαριστώ πολύ!

 

Παρακαλώ!

 

You are very welcome! :prop:


  • 0






Similar Topics


Also tagged with one or more of these keywords: Hacker, Security breach, Bank account, Remote access, Compromised

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP