Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is my computer clean? [Solved]


  • This topic is locked This topic is locked

#1
queendom

queendom

    Member

  • Member
  • PipPip
  • 74 posts

Just wanting to confirm that my computer is clean and doesn't have any infections. Thank you so much!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-09-2021
Ran by testABC (administrator) on MSI (Micro-Star International Co., Ltd. GF63 Thin 9SCSR) (04-09-2021 14:26:25)
Running from C:\Users\testABC\OneDrive\Desktop
Loaded Profiles: testABC
Platform: Windows 10 Home Version 21H1 19043.1202 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(A-Volute SAS -> A-Volute) C:\Users\testABC\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\130.4.4978\QtWebEngineProcess.exe <2>
(GameHouse Europe B.V. -> RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_b0a31abf946958e9\OneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2fe24960ae166144\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2fe24960ae166144\IntelCpHeciSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_724e05bd98458fe4\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\testABC\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\testABC\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\testABC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.116.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\MSI.CentralServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControlEngine.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_193f04621e226017\Display.NvContainer\NVDisplay.Container.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Pro Softnet Corporation -> ) C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe <2>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12da6ad5ef67a6ed\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(voidtools -> voidtools) C:\Program Files (x86)\Everything\Everything.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12da6ad5ef67a6ed\RtkAudUService64.exe [1262168 2021-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-08-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-08-10] (Intel Corporation -> Intel)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-08-30] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1983608 2021-08-30] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\RunOnce: [NGC] => C:\Users\Public\Downloads\Norton\{NS-22~1\FSDUI_~1.EXE [3749952 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35144320 2021-08-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\Run: [Norton Download Manager{NS-22200539-SHPD-FSD5240005}] => C:\Users\Public\Downloads\Norton\{NS-22200539-SHPD-FSD5240005}\FSDUI_Custom.exe /m /WIN10_UPGRADE "C:\Users\testABC\AppData\Local\Temp\{0A767534-FF73-4AED-A745-42E49408E176}\Upgrade.exe" /m <==== ATTENTION
HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\Run: [BingWallpaperApp] => C:\Users\testABC\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [8537992 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-18] (Google LLC -> Google LLC)
Startup: C:\Users\testABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010B7844-04B3-4734-8874-50B52F706ABB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {035825E7-59A5-4B13-8614-7690D37A6B18} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe [1635088 2020-12-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {05D0EBB6-1CB9-433D-B7E3-A572B8D11399} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {0C952C91-E3C2-45F4-BC14-0E129F4E720F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29211264 2021-08-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1714E879-42D1-40D5-AFA2-AE1F34761068} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1807DC91-A08B-4AC2-9891-AA78AEC1EF4A} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\system32\NahimicSvc64.exe [1088640 2021-05-27] (A-Volute SAS -> Nahimic)
Task: {187F68D6-BD74-45D0-8BCF-6E423D8AD436} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-25] (Mozilla Corporation -> Mozilla Foundation)
Task: {188CFE18-BD07-4757-8C67-1B1B134E4A13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {2FCBC2C1-2F69-47E7-8CB2-2BC3D69A0D02} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139128 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {33E50F4B-E9F6-4D5F-89CB-AA9914B77A92} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3FBC506E-92F9-432E-B182-762ACB9D0004} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42B156F1-61D8-483E-9472-8CEB9BB985C6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {473CD6B6-B429-4F27-BE10-D15CA8C61ADE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-09] (Google LLC -> Google LLC)
Task: {4AD64D87-2567-4AFA-AF3A-7FF120EC45CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {4CE8D18F-D863-4B6D-9B06-4432856E9A07} - \OmApSvcBroker -> No File <==== ATTENTION
Task: {4E90C82D-C1F6-453F-9545-253E7047D289} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {510A33E3-A891-4FCD-BB88-220214288DF6} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {5641F3B0-AF27-4094-939F-940513F1BFF2} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32\.\NahimicSvc64.exe [1088640 2021-05-27] (A-Volute SAS -> Nahimic)
Task: {688B281F-F1A6-48AB-9805-1AF4A9EF56CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139128 2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {759BC502-13B2-4D5C-BD33-9BBF418C225B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {75C85A0A-88C0-47C9-A3D0-6E288AD53C3D} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe [829568 2021-05-27] (A-Volute SAS -> Nahimic)
Task: {7A1CD8E5-AFE2-4A30-B931-62189BCF3E06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-09] (Google LLC -> Google LLC)
Task: {800C8B08-D612-4EDB-8753-05E51C4EDC55} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {81229193-DC3F-450C-8CE4-0E43CC4036F3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8261FBDF-D72B-4EC3-BCFB-95A92CDEDC29} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {86FED394-73DD-4005-B280-7891934ACEDE} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [74528 2020-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {89101C7F-C50C-465B-BEAD-8FC217B877AF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-08-16] (Piriform Software Ltd -> Piriform)
Task: {8D30D27B-B2F8-4157-A050-7AF72CEEF6B9} - \OneDrive Standalone Update Task-S-1-5-21-2760983784-2838793767-2078260569-500 -> No File <==== ATTENTION
Task: {9452F277-43C3-47C7-881E-C22ED9FAFA88} - System32\Tasks\CCleanerSkipUAC - testABC => C:\Program Files\CCleaner\CCleaner.exe [29211264 2021-08-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9ADB23E2-25BB-4D4E-B531-4A84AFB0BA19} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [829568 2021-05-27] (A-Volute SAS -> Nahimic)
Task: {A3DBC66C-AA99-42B9-A8A3-2C4A8BA18104} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3E82F53-D927-4884-A4B8-B87E38666BC3} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A49649F6-E316-433E-B44B-D0688D9A16D5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0245D57-C2B4-467A-9949-D3D8ED9BFC95} - System32\Tasks\OneDC_Updater => C:\Users\testABC\Documents\temp\OneDC_Updater\OneDC_Updater.exe [5312120 2020-08-26] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) <==== ATTENTION
Task: {BF5AA994-3A16-4D2E-996A-5A19F3C407F8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C9D68999-3A01-41E5-8172-DB52163794A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {D15853C8-5775-4FFC-A16C-77A1E13F6A9C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5849741-B7C4-49E3-ADCE-15140209EF76} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21858176 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0550CFE-B2F0-4630-9333-566366C53C72} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {E5DCE56F-6A52-4CA3-A64B-59AB4687A7B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F06A7056-2F5A-4DDD-9401-9E94A0587008} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [74528 2020-09-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {F2D38CF3-4511-4C73-8240-9FDA0E766358} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{756fd6ca-f3bb-4595-bb81-66e25647bd8b}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\testABC\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-04]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\testABC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2021-09-02]
Edge Profile: C:\Users\testABC\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-09-04]

FireFox:
========
FF DefaultProfile: 01ldzqpm.default
FF ProfilePath: C:\Users\testABC\AppData\Roaming\Mozilla\Firefox\Profiles\01ldzqpm.default [2021-01-10]
FF ProfilePath: C:\Users\testABC\AppData\Roaming\Mozilla\Firefox\Profiles\mmwcvnha.default-release [2021-09-04]
FF DownloadDir: C:\Users\testABC\OneDrive\Desktop
FF Notifications: Mozilla\Firefox\Profiles\mmwcvnha.default-release -> hxxps://www.instagram.com; hxxps://calendar.google.com; hxxps://mail.tutanota.com
FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\testABC\AppData\Roaming\Mozilla\Firefox\Profiles\mmwcvnha.default-release\Extensions\[email protected] [2021-07-15]
FF Extension: (Bitwarden - Free Password Manager) - C:\Users\testABC\AppData\Roaming\Mozilla\Firefox\Profiles\mmwcvnha.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2021-09-03]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default [2021-09-04]
CHR DownloadDir: C:\Users\testABC\OneDrive\Desktop
CHR Extension: (Slides) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-09]
CHR Extension: (Docs) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-09]
CHR Extension: (Google Drive) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-09]
CHR Extension: (YouTube) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-09]
CHR Extension: (Sheets) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06]
CHR Extension: (Bitwarden - Free Password Manager) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2021-09-02]
CHR Extension: (Gmail) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]
CHR Profile: C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-04]
CHR Profile: C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-04]
CHR Extension: (Slides) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-15]
CHR Extension: (Sheets) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-15]
CHR Extension: (Bitwarden - Free Password Manager) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nngceckbapebfimnlniiiahkandclblb [2021-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27]
CHR Profile: C:\Users\testABC\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9166736 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-30] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [36792 2021-08-10] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [176568 2021-08-10] (Intel Corporation -> Intel)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1774160 2021-01-25] (voidtools -> voidtools)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [395384 2021-08-30] (Pro Softnet Corporation -> Prosoftnet)
R2 LightKeeperService; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-09-03] (Malwarebytes Inc -> Malwarebytes)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [168056 2019-05-07] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe [75216 2020-09-23] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Sendevsvc; C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe [308344 2020-06-23] (Micro-Star International CO., LTD. -> )
R2 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [147088 2020-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [126200 2020-12-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe [35504 2020-07-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675392 2021-05-27] (A-Volute SAS -> Nahimic)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (GameHouse Europe B.V. -> RealNetworks, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-08-27] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VoiceControlService; C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe [32400 2020-07-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_193f04621e226017\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_193f04621e226017\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_msi2; C:\Program Files\BlueStacks_msi2\BstkDrv_msi2.sys [315768 2019-12-12] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-03] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-01-27] (A-Volute -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-18] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys [25656 2018-11-15] (Micro-Star International CO., LTD. -> )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-04 14:25 - 2021-09-04 14:26 - 000000000 ____D C:\FRST
2021-09-03 19:40 - 2021-09-03 19:40 - 000064141 _____ C:\Users\testABC\Documents\Tuta Mail.pdf
2021-09-03 17:33 - 2021-09-03 17:33 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-03 15:36 - 2021-09-03 15:36 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-03 15:36 - 2021-09-03 15:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-03 15:36 - 2021-09-03 15:36 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-03 15:36 - 2021-09-03 15:36 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-03 15:36 - 2021-09-03 15:36 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-03 15:36 - 2021-09-03 15:36 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-03 15:36 - 2021-09-03 15:36 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-03 15:36 - 2021-09-03 15:36 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-03 15:36 - 2021-09-03 15:36 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-03 15:36 - 2021-09-03 15:36 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-03 15:36 - 2021-09-03 15:36 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-03 15:36 - 2021-09-03 15:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-03 15:36 - 2021-09-03 15:36 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-03 15:36 - 2021-09-03 15:36 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-03 15:36 - 2021-09-03 15:36 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-03 15:36 - 2021-09-03 15:36 - 000011345 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-03 15:29 - 2021-09-03 15:29 - 000000000 ___HD C:\$WinREAgent
2021-09-02 20:50 - 2021-09-02 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2021-09-01 23:52 - 2021-08-28 08:22 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-01 23:52 - 2021-08-28 08:20 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-01 23:51 - 2021-08-28 08:25 - 001474704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-01 23:51 - 2021-08-28 08:25 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 000577168 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-01 23:51 - 2021-08-28 08:22 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-01 23:51 - 2021-08-28 08:21 - 002112128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-01 23:51 - 2021-08-28 08:21 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-01 23:51 - 2021-08-28 08:21 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-01 23:51 - 2021-08-28 08:21 - 000750224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-09-01 23:51 - 2021-08-28 08:21 - 000706192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-01 23:51 - 2021-08-28 08:20 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-01 23:51 - 2021-08-28 08:20 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-01 23:51 - 2021-08-28 08:20 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-01 23:51 - 2021-08-28 08:20 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-01 23:51 - 2021-08-28 08:20 - 000447104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-01 23:51 - 2021-08-28 08:19 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-01 23:51 - 2021-08-28 08:18 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-09-01 23:51 - 2021-08-27 12:54 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb
2021-09-01 22:48 - 2021-09-01 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-08-30 19:57 - 2021-08-30 19:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-08-30 19:57 - 2021-08-30 19:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-08-30 19:57 - 2021-08-30 19:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-08-30 19:57 - 2021-08-30 19:57 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-08-27 08:17 - 2021-08-27 08:17 - 000000000 ____D C:\Users\testABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2021-08-26 10:07 - 2021-08-26 10:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-08-25 12:40 - 2021-09-02 20:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-19 13:04 - 2021-08-19 13:04 - 000002880 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - testABC
2021-08-13 11:02 - 2021-08-13 11:02 - 000000000 ____D C:\Users\testABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-08-13 08:39 - 2021-08-13 08:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-13 08:39 - 2021-08-13 08:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-13 08:27 - 2021-08-26 13:22 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2021-08-13 08:27 - 2021-08-26 13:22 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2021-08-12 08:39 - 2021-08-12 08:39 - 000003670 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2021-08-12 08:39 - 2021-07-23 11:36 - 000041816 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2021-08-12 08:37 - 2021-08-12 08:37 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-04 14:27 - 2021-01-14 00:05 - 000000000 ____D C:\ProgramData\IDrive
2021-09-04 14:25 - 2021-03-12 21:17 - 000000000 ____D C:\Users\testABC\AppData\Local\CrashDumps
2021-09-04 14:24 - 2021-01-10 18:27 - 000000000 ____D C:\Program Files\CCleaner
2021-09-04 14:23 - 2021-01-09 22:20 - 000000000 ____D C:\Users\testABC\AppData\Roaming\Bitwarden
2021-09-04 14:16 - 2020-02-23 16:07 - 000000000 ____D C:\ProgramData\Common
2021-09-04 14:05 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-04 13:31 - 2021-01-09 22:43 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-04 12:53 - 2021-01-13 03:58 - 000000000 ____D C:\Users\testABC\AppData\Local\D3DSCache
2021-09-04 12:25 - 2020-02-23 14:48 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-04 12:10 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-04 12:07 - 2021-01-09 23:15 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-04 12:07 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-04 12:07 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-03 21:38 - 2021-07-29 17:01 - 000000000 ____D C:\Users\testABC\AppData\Roaming\WhatsApp
2021-09-03 19:02 - 2021-01-09 23:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-03 17:57 - 2021-01-10 00:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-03 17:56 - 2021-01-10 00:29 - 000000000 ____D C:\Users\testABC\AppData\LocalLow\Mozilla
2021-09-03 17:37 - 2021-01-09 23:22 - 000797618 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-03 17:34 - 2021-01-11 19:30 - 000000000 ____D C:\Users\testABC\AppData\Local\Dropbox
2021-09-03 17:33 - 2021-05-15 19:03 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2021-09-03 17:33 - 2021-05-15 19:03 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2021-09-03 17:33 - 2021-01-11 15:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-09-03 17:33 - 2021-01-09 23:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-03 17:33 - 2021-01-09 23:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-03 17:33 - 2021-01-09 23:12 - 000000000 ____D C:\Intel
2021-09-03 17:33 - 2021-01-09 22:12 - 000000000 ___RD C:\Users\testABC\OneDrive
2021-09-03 17:33 - 2021-01-09 22:11 - 000000000 __SHD C:\Users\testABC\IntelGraphicsProfiles
2021-09-03 17:32 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-03 17:31 - 2021-01-09 23:12 - 000612064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-03 17:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-03 17:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-03 17:30 - 2021-08-03 19:38 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-03 17:29 - 2021-08-03 19:38 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-03 16:36 - 2021-02-06 00:58 - 000000000 ____D C:\Users\testABC\AppData\Local\Firestorm_x64
2021-09-03 15:41 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-03 12:00 - 2021-02-25 20:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-02 22:11 - 2021-02-06 00:58 - 000000000 ____D C:\Users\testABC\AppData\Roaming\Firestorm_x64
2021-09-02 20:50 - 2021-01-14 00:05 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-09-02 20:45 - 2021-01-10 00:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-02 20:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-02 19:55 - 2021-01-11 22:20 - 000000000 ___RD C:\Users\testABC\Dropbox
2021-09-02 18:33 - 2021-07-29 17:00 - 000000000 ____D C:\Users\testABC\AppData\Local\WhatsApp
2021-09-02 01:03 - 2021-01-23 18:34 - 000000000 ____D C:\Users\testABC\AppData\Local\NVIDIA
2021-09-01 22:48 - 2021-01-11 19:30 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-01 02:23 - 2021-01-10 23:33 - 000000000 ____D C:\Program Files\Microsoft Office
2021-08-31 09:07 - 2021-01-09 22:17 - 000000000 ____D C:\Program Files\Bitwarden
2021-08-31 08:33 - 2021-02-22 18:18 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-28 08:18 - 2021-01-04 20:22 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-26 10:07 - 2021-01-10 00:29 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-24 18:24 - 2021-01-09 23:13 - 000000000 ____D C:\ProgramData\A-Volute
2021-08-22 22:09 - 2021-02-06 00:57 - 000000000 ____D C:\Program Files\Firestorm-Releasex64
2021-08-20 11:29 - 2021-01-09 22:12 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3358392787-433785802-2856908961-1001
2021-08-20 11:29 - 2021-01-09 22:00 - 000002386 _____ C:\Users\testABC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-19 13:04 - 2021-01-10 18:27 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-08-18 20:11 - 2021-01-09 22:45 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-18 13:08 - 2021-01-09 23:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-17 13:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-08-17 01:22 - 2021-02-25 20:55 - 000740168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-08-17 01:22 - 2021-02-25 20:55 - 000486728 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-08-16 12:56 - 2021-01-09 22:11 - 000000000 ____D C:\Users\testABC\AppData\Local\Packages
2021-08-16 12:23 - 2020-02-23 14:52 - 000000000 ____D C:\Program Files (x86)\Intel
2021-08-16 12:21 - 2020-02-23 14:45 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-16 12:21 - 2020-02-23 14:45 - 000000000 ____D C:\Program Files\Intel
2021-08-16 09:20 - 2021-01-09 23:15 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-16 09:20 - 2021-01-09 23:15 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-13 17:18 - 2021-01-11 19:30 - 000000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-13 17:18 - 2021-01-11 19:30 - 000000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-13 12:44 - 2021-01-09 22:32 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2021-08-13 11:03 - 2021-01-22 16:30 - 000000000 ____D C:\Users\testABC\AppData\Roaming\Zoom
2021-08-13 08:33 - 2021-01-11 19:30 - 000003974 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-08-13 08:33 - 2021-01-11 19:30 - 000003742 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-08-13 08:22 - 2021-01-09 22:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-13 08:03 - 2021-01-09 22:23 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-12 08:39 - 2021-01-09 22:23 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2021-08-12 08:39 - 2021-01-09 22:23 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-09-2021
Ran by testABC (04-09-2021 14:28:36)
Running from C:\Users\testABC\OneDrive\Desktop
Windows 10 Home Version 21H1 19043.1202 (X64) (2021-01-10 03:21:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3358392787-433785802-2856908961-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3358392787-433785802-2856908961-503 - Limited - Disabled)
Guest (S-1-5-21-3358392787-433785802-2856908961-501 - Limited - Disabled)
testABC (S-1-5-21-3358392787-433785802-2856908961-1001 - Administrator - Enabled) => C:\Users\testABC
WDAGUtilityAccount (S-1-5-21-3358392787-433785802-2856908961-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Wallpaper (HKLM-x32\...\{9C94D5E4-22D6-457B-9263-9C68DBF669DD}) (Version: 1.0.9.3 - Microsoft Corporation)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.28.2 - Bitwarden Inc.)
Build-a-lot - Town of the Year Deluxe (HKLM-x32\...\d36002a7b9996a6d1547c6dd433b2315) (Version:  - GameHouse)
CCleaner (HKLM\...\CCleaner) (Version: 5.84 - Piriform)
Delicious: Emily's True Love (HKLM-x32\...\BFG-Delicious - Emily's True Love) (Version:  - )
Delicious: Emily's Wonder Wedding (HKLM-x32\...\BFG-Delicious - Emilys Wonder Wedding) (Version:  - )
Documentation Manager (HKLM\...\{54DD759A-9483-403E-9411-460E109FFBAA}) (Version: 22.70.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 130.4.4978 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
ENE RGB HAL (HKLM\...\{89FE0EE6-082A-4F34-825F-690821CE1740}) (Version: 1.00.14 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{543a34bd-9582-4e0f-a351-c999aa780e20}) (Version: 1.00.14 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.0.10 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{52d1d7de-19c3-4f83-97bb-f9435dc84c5b}) (Version: 1.0.0.10 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.7.11 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fd812556-e0bb-4961-ac2b-cf5643484519}) (Version: 1.0.7.11 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.2 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{0c535d48-a3ba-4f7d-a1e2-10a941313631}) (Version: 1.0.1.2 - ENE TECHNOLOGY INC.) Hidden
ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden
ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden
Everything 1.4.1.1005 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.1005 - voidtools)
Firestorm-Releasex64 (HKLM\...\Firestorm-Releasex64) (Version: 6.4.21.64531 - The Phoenix Firestorm Project, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
IDrive version 6.7.3.40 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.40 - Pro Softnet Corp)
Intel Driver && Support Assistant (HKLM-x32\...\{BC82D1AD-802A-4733-BB90-A8E59AB8434A}) (Version: 21.5.33.3 - Intel) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{37942a92-9e3f-4d70-9b5c-5955cbc54505}) (Version: 10.1.18121.8164 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{48d1bf71-f60f-4827-b977-16efdbae0c7a}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.2.1024 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1915.1 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00002070-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.70.2.1 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{b09ce953-882c-4131-a693-2e1d73b1e50d}) (Version: 21.5.33.3 - Intel)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C1A5573E-1508-49E1-BA6A-34E2EB15E9BF}) (Version: 17.5.2.1024 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{f4e29277-b55f-4541-8e0e-ca8bd8b76666}) (Version: 22.70.0.6 - Intel Corporation) Hidden
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.38 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.14326.20238 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.2 - Mozilla)
MSI App Player (HKLM\...\BlueStacks_msi2) (Version: 4.150.10.6302 - BlueStack Systems, Inc.)
MSI NBFoundation Service (HKLM-x32\...\InstallShield_{949A5329-B6AF-444F-BCDC-1F39F516D40C}) (Version: 1.0.2011.1901 - MSI)
MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2020.1225.01 - MSI)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Posh Boutique Deluxe (HKLM-x32\...\f720c0015c3e42a51b9dae57a15bfc97) (Version:  - GameHouse)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8890.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.36.701.2019 - Realtek)
Revo Uninstaller 2.2.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{98223B6C-F59E-4928-B553-43605D52ED19}) (Version:  - Microsoft)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.6 - TeamViewer)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WhatsApp (HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Zoom (HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\ZoomUMX) (Version: 5.7.5 (939) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2021-04-07] (Adobe Systems Incorporated)
Aerial Beaches PREMIUM -> C:\Program Files\WindowsApps\Microsoft.AerialBeachesPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-06] (Microsoft Corporation)
AudioDirector for MSI -> C:\Program Files\WindowsApps\cyberlink.audiodirectorformsi_7.0.9105.0_x64__jtmmp2jxy9gb6 [2021-01-09] (CyberLink)
ColorDirector for MSI -> C:\Program Files\WindowsApps\cyberlink.colordirectorformsi_5.0.8107.0_x64__jtmmp2jxy9gb6 [2021-01-09] (CyberLink)
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.116.0_x64__kzh8wxbdkxb8p [2021-08-22] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.20.4.0_x86__q4d96b2w5wcc2 [2021-09-03] (Evernote)
Glorious Blue -> C:\Program Files\WindowsApps\Microsoft.GloriousBlue_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-23] (Microsoft Corporation)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-08-04] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-01-09] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2021-01-09] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1810.0_x64__8wekyb3d8bbwe [2021-03-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.8.904.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-01-09] (MAGIX)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.8.8.0_x64__w2gh52qy24etm [2021-08-24] (A-Volute)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-02] (NVIDIA Corp.)
PhotoDirector 10 Essential for MSI -> C:\Program Files\WindowsApps\cyberlink.photodirector10essentialformsi_10.0.2326.0_x64__jtmmp2jxy9gb6 [2021-01-09] (CyberLink)
PowerDirector 17 Essential for MSI -> C:\Program Files\WindowsApps\cyberlink.powerdirector17essentialformsi_17.0.2712.0_x64__jtmmp2jxy9gb6 [2021-01-09] (CyberLink)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-07-07] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2021-06-30] (Realtek Semiconductor Corp)
River Delta PREMIUM -> C:\Program Files\WindowsApps\Microsoft.RiverDeltaPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2021-03-06] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0 [2021-08-24] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3358392787-433785802-2856908961-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-3358392787-433785802-2856908961-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\testABC\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-3358392787-433785802-2856908961-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\testABC\Dropbox [2021-01-11 22:20]
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-08-26] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-08-26] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-08-26] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-08-26] () [File not signed]
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-08-26] () [File not signed]
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-08-26] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_193f04621e226017\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\testABC\OneDrive\Desktop\test123 (AAMG) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-08-13 08:27 - 2021-08-26 13:22 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2021-08-13 08:27 - 2021-08-26 13:22 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2021-04-13 12:36 - 2021-04-13 12:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2020-02-23 15:14 - 2020-02-23 15:14 - 002972368 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.116.0_x64__kzh8wxbdkxb8p\DCv2\Device\GM6070\IcMSIDll.dll
2021-01-10 23:36 - 2021-01-10 23:36 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2021-01-10 23:36 - 2021-01-10 23:36 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2019-07-02 16:07 - 2019-07-02 16:07 - 000014632 _____ (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI NBFoundation Service\UEFIVaribleDll.dll
2021-08-13 08:27 - 2021-08-26 13:22 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2021-07-23 11:36 - 2021-07-23 11:36 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-07-23 11:36 - 2021-07-23 11:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:69C2C4F0 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C [251]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3358392787-433785802-2856908961-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3358392787-433785802-2856908961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\testABC\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20210904.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3358392787-433785802-2856908961-1001\...\StartupApproved\Run: => "Norton Download Manager{NS-22200539-SHPD-FSD5240005}"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{856B1851-9FE8-44B2-AB69-B14C4F12E54B}] => (Allow) C:\Program Files\BlueStacks_msi2\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{65833661-C7F1-457F-9BB3-8D3FA79EB405}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D5167B0C-6CDE-456D-9CD4-358ACCBCD3FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{343936FD-8FDE-4EAA-9BC6-2E87BE7ECB15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C551FDD9-42FC-46B9-8D4A-C4FDB30B4278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7C3831CE-CED5-443E-98F3-E6A40DD5332C}] => (Allow) C:\Users\testABC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{922C32D9-F2EF-44F0-A892-3059E034ACC6}] => (Allow) C:\Users\testABC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F08B48A5-2D50-47F6-A5DE-03E2B17A8FD4}] => (Allow) C:\Users\testABC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{39F23331-7077-43D5-867B-11FE4DB17964}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe () [File not signed]
FirewallRules: [UDP Query User{D3BC55A7-9E2D-4E40-9DAB-2A9B155DA8A5}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe () [File not signed]
FirewallRules: [{A36D1772-A1CA-40CF-A1ED-91D3AFC1B4DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F44826C7-ABC6-4F74-9522-B9DC9DB73646}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{43A2170A-158F-4CF4-B1E2-F5C14C72FAFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7C92872C-6512-4ED2-AAAE-7B35ED8AE4F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C6A59CC1-B709-4B81-ACF8-B01FC4E1A5F9}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{E01FDF4B-BF5C-44D1-B8A9-A97455FC4D7E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{4521EDFE-3C10-4650-88BA-BF209606FCB0}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{B5B2B2A3-9603-4389-B245-E64E0E5E84D9}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{584F67AC-EC6A-43DA-8176-0A1FD29CFCA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C9630BA-4F87-4078-94D3-83922CBE4F16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D596D79-35CA-4022-A41F-950A869DB10A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{154E8714-793E-4752-A183-6135C36F2C0F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9610C5D1-E8F5-4AC0-A9D3-1068F46B0285}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B7DCCD27-9076-4496-81C5-A2D0F41205ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{711C0636-C0E2-47CD-A695-7AE11ACA5016}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69477D6E-ABD4-4F64-A2DC-272385A95F79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7D790FA0-D150-4B1F-90E0-EC9EE849E74A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01B9E4AA-C3B5-478D-B286-321B6B5D97E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52E279E2-6634-4495-A24F-AB460F63B0C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5F0909E-2CAD-4B26-AD43-50C817622FFA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C497325D-838A-4A78-9B6A-2B401353A533}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.580.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5ACC250-4AA1-4380-A3AC-1BD1ED818F0A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{C3E8E0D7-2BB0-41FC-B3DF-46ACC8C7FB02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8AE753F7-FEC4-4731-BA12-76DA823CF3DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{765801D3-D602-43DD-A0BF-3CE36A57D816}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{620651CF-EDB3-4415-AE4C-2E3C9C43F766}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{86A89C90-63F6-45D8-AB6D-8FDDFB6B981B}] => (Allow) LPort=32682

==================== Restore Points =========================

23-08-2021 23:58:32 Scheduled Checkpoint
03-09-2021 15:29:59 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/04/2021 12:06:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateBrowserForApp.exe, version: 1.0.0.0, time stamp: 0xfc42b742
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0x448a4f5d
Exception code: 0xe0434352
Fault offset: 0x0012b5b2
Faulting process id: 0x46e4
Faulting application start time: 0x01d7a1a6cf95d504
Faulting application path: C:\Users\testABC\AppData\Local\Temp\IXP000.TMP\UpdateBrowserForApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b5663cf6-8483-472e-bea0-d9e2b73f401a
Faulting package full name:
Faulting package-relative application ID:

Error: (09/04/2021 12:06:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: UpdateBrowserForApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamReader..ctor(System.String, System.Text.Encoding, Boolean, Int32, Boolean)
   at System.IO.File.InternalReadAllText(System.String, System.Text.Encoding, Boolean)
   at System.IO.File.ReadAllText(System.String)
   at UpdateBrowserForApp.CookiesManager.GetProfileNameForMEGC(System.String, System.String)
   at UpdateBrowserForApp.CookiesManager.ReadBWCookieFromMEGC(System.String, System.String, System.String, System.String, System.String)
   at UpdateBrowserForApp.ThreadManager.ManageBWCookieInGC()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (09/03/2021 05:31:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (09/03/2021 05:31:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (09/03/2021 05:31:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (09/03/2021 05:31:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (09/03/2021 05:29:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 401c

Start Time: 01d7a0e10a4707e6

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 322f88e7-ff3e-4df0-86c6-93052ee299aa

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (09/02/2021 08:50:11 PM) (Source: IDriveService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller


System errors:
=============
Error: (09/03/2021 05:38:28 PM) (Source: DCOM) (EventID: 10000) (User: MSI)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/03/2021 12:17:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll
Error Code: 21

Error: (09/02/2021 08:50:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IDriveService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/02/2021 08:45:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2021 08:45:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2021 08:45:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2021 08:45:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/02/2021 08:45:06 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-09-03 14:59:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-02 20:40:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-31 17:12:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-30 14:06:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-30 08:14:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-02-22 17:01:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.5.40\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-22 15:53:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.20.5.40\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E16R4IMS.504 04/21/2020
Motherboard: Micro-Star International Co., Ltd. MS-16R4
Processor: Intel® Core™ i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 75%
Total physical RAM: 8034.93 MB
Available physical RAM: 1993.47 MB
Total Virtual: 17250.93 MB
Available Virtual: 6601.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:454.5 GB) (Free:354.39 GB) NTFS

\\?\Volume{748d8595-d77b-4dec-850f-660815d88ede}\ () (Fixed) (Total:0.88 GB) (Free:0.44 GB) NTFS
\\?\Volume{2bed4cb9-6e42-496c-a30c-6efe5cd20dc2}\ (BIOS_RVY) (Fixed) (Total:21.15 GB) (Free:0.69 GB) NTFS
\\?\Volume{bb1e4b81-9b04-44ae-91a1-527a468019e7}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================


Edited by queendom, 04 September 2021 - 12:41 PM.

  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

Any particular reason why you think your computer may not be clean ?

 

Looking over a set of FRST logs takes time and effort (quite a lot of it actually), and helpers are generally unwilling to do that unless there is a good reason for doing so. Just giving someone peace of mind is not generally a good enough reason.

 

So, if you have any unusual symptoms, or behaviour, from your computer, that is making you feel you may be infected, then please let me know what they are.


  • 0

#3
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Some websites are inaccessible, but I don't have that problem on another computer using the same connection. I haven't noticed a common theme either. Seems random.


  • 0

#4
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

OK, I've looked your logs over briefly, and there's a couple of things I've noticed that probably need attention, but I'll go over it more closely and see if there's anything else. Get back to you as soon as I've finished.


  • 0

#5
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

No obvious signs of an active infection on your machine, however there are a few items that could do with attending to.

First .... Did you install Team Viewer yourself ?  If you did, then no problem, if you do not know why it is on your machine, then you should uninstall it.

Next ....

Please uninstall the following 2 Chrome Extensions ....

CHR Extension: (Chrome Web Store Payments) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\testABC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]

https://www.timeatla...ome-extensions/

Next ....
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it  ....
VirusTotal:C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {4CE8D18F-D863-4B6D-9B06-4432856E9A07} - \OmApSvcBroker -> No File <==== ATTENTION
Task: {8D30D27B-B2F8-4157-A050-7AF72CEEF6B9} - \OneDrive Standalone Update Task-S-1-5-21-2760983784-2838793767-2078260569-500 -> No File <==== ATTENTION
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:69C2C4F0 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C [251]
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
EmptyTemp:
Cmd: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ....

Please run a scan with ADWCleaner

Download AdwCleaner and save it to your desktop.



  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.


 

 


  • 0

#6
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thank you so much again for checking! I'm stuck at the FRST step. Was I supposed to save the randomly named file as "fixlist.txt" in the same folder? I have the randomly named file but no file named "fixlist.txt"


  • 0

#7
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

OK, let's do the fixlist a different way.
 

  • Hit your Windows Key + R to open up a Run window
  • Now in the Open: panel type Notepad and then click OK
  • A blank Notepad file should open
  • Copy/Paste the following into it .....

VirusTotal:C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {4CE8D18F-D863-4B6D-9B06-4432856E9A07} - \OmApSvcBroker -> No File <==== ATTENTION
Task: {8D30D27B-B2F8-4157-A050-7AF72CEEF6B9} - \OneDrive Standalone Update Task-S-1-5-21-2760983784-2838793767-2078260569-500 -> No File <==== ATTENTION
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:69C2C4F0 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C [251]
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
EmptyTemp:
Cmd: ipconfig /flushdns
  • Save as fixlist.txt in the same location as FRST (if it's anywhere else the fix won't work)
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

 


  • 0

#8
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#9
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

Topic re-opened at OP request.

 

Please run the script I wrote for you, following the instructions in post #7, plus any instructions for additional scans in post #5 .... then post me the logs requested.


  • 0

#10
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Again, thank you so much for reopening this thread for me! Here are the two logs you requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2021
Ran by testABC (12-09-2021 01:29:20) Run:2
Running from C:\Users\testABC\OneDrive\Desktop
Loaded Profiles: testABC
Boot Mode: Normal
==============================================

fixlist content:
*****************
VirusTotal:C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {4CE8D18F-D863-4B6D-9B06-4432856E9A07} - \OmApSvcBroker -> No File <==== ATTENTION
Task: {8D30D27B-B2F8-4157-A050-7AF72CEEF6B9} - \OneDrive Standalone Update Task-S-1-5-21-2760983784-2838793767-2078260569-500 -> No File <==== ATTENTION
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:69C2C4F0 [252]
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C [251]
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
EmptyTemp:
Cmd: ipconfig /flushdns
*****************

VirusTotal: C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys => https://www.virustot...5a19-1608957376
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{105D676A-D551-4274-81E7-97AC52E4FD87}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Speech\HeadsetButtonPress" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1949073A-8FDA-4EA4-8E59-407CDB02440F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\sihpostreboot" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CE8D18F-D863-4B6D-9B06-4432856E9A07}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OmApSvcBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D30D27B-B2F8-4157-A050-7AF72CEEF6B9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2760983784-2838793767-2078260569-500" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\PostResetBoot" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => not found
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":69C2C4F0" ADS not found.
"C:\ProgramData\TEMP" => ":D0EC116C" ADS not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6427219 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1427401 B
Edge => 0 B
Chrome => 663552 B
Firefox => 38572098 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
testABC => 98049354 B

RecycleBin => 0 B
EmptyTemp: => 147.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:29:28 ====

 

 

 

 

 

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-12-2021
# Duration: 00:00:05
# OS:       Windows 10 Home
# Scanned:  31969
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.TryMedia                 HKLM\Software\Wow6432Node\Trymedia Systems

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 


  • 0

Advertisements


#11
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

Looks like your attempt to run FRST using my instructions in Post #5 was successful, even if it appeared not to be, because when you ran it again using the instructions in Post #7, it didn't find the items scripted for removal.

Anyway, doesn't really matter, they're gone and that's all that matters.

ADWCleaner has found a Registry entry that needs removing. It doesn't look dangerous, but we'll remove it anyway, since Orphan Registry Entries are something that can potentially be exploited.

So ...
 

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine

Adware.TryMedia                 HKLM\Software\Wow6432Node\Trymedia Systems

    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

Next ....

To be thorough I think we should run an online scan to see if that finds something we might have missed. The scan takes a long time (usually an hour or so) but is very thorough, so please be patient.

Download ESET Online Scanner and save it to your desktop.


  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


 

 


  • 0

#12
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Oh that's good news. Here are the last two scans.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-12-2021
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Trymedia Systems

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1444 octets] - [12/09/2021 01:35:59]
AdwCleaner[S01].txt - [1505 octets] - [12/09/2021 14:35:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 

 

 

 

 

 

 

 

 

9/12/2021 15:30:53 PM
Files scanned: 541759
Detected files: 0
Cleaned files: 0
Total scan time: 00:47:36
Scan status: Finished

 


  • 0

#13
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

As far as I can see, your computer is free of any infection, if you have any outstanding problems then please let me know what thay are, if not then it's time to safely remove the programs we've been using.

First ...

To remove ADWCleaner ...

  • Double click AdwCleaner.exe to run it.
  • Click Settings
  • Scroll down and click Remove.
  • AdwCleaner will close and uninstall itself, it will also remove any files it quarantined.


Next ...

To uninstall FRST and remove all its files, please do the following ...

  • Rename FRST64.exe to Uninstall.exe
  • Double click on Uninstall.exe to launch it.
  • Your computer will reboot, and on reboot will remove FRST and all its files.



Any problems doing any of the above please let me know, if not then we're finished.


 


  • 0

#14
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thank you so much again!!


  • 0

#15
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 430 posts

You're welcome. :)

 

This topic is now closed


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP