Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help please, think I'm infected [Solved]


  • This topic is locked This topic is locked

#1
mpmm

mpmm

    Member

  • Member
  • PipPip
  • 28 posts

Have downloaded and run FRST. Am attaching FRST.txt and Addition.txt. Thanks in advance for any help you can provide

 

--------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021 (ATTENTION: ====> FRST version is 95 days old and could be outdated)
Ran by mike (administrator) on MPMM1 (Dell Inc. Inspiron 3847) (22-08-2021 06:04:22)
Running from C:\Users\mikem\Desktop
Loaded Profiles: mike
Platform: Windows 10 Pro Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\50.0.11.0\crashpad_handler.exe <5>
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2108.1001.8.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.54.22004.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.54.22004.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1161_none_7e3076a27c733477\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe <4>
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2766648 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [827200 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel® USB eXtensible Host Controller Drivers -> Intel Corporation)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81379600 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4905832 2020-11-20] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [443424 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [CiscoMeetingDaemon] => C:\Users\mikem\AppData\Local\WebEx\ciscowebexstart.exe [2356544 2020-10-23] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\HP2030PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP2030PP.DLL [65024 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [219648 2018-05-06] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\HP2030LM: C:\Windows\system32\HP2030LM.DLL [246784 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor India Private Limited.)
HKLM\...\Print\Monitors\PaperCut TCP/IP Port: C:\Windows\system32\pcprintportmon.dll [152000 2019-06-04] (PaperCut Software International Pty. Ltd. -> PaperCut Software International Pty Ltd)
HKLM\...\Print\Monitors\rica4Ulm: C:\Windows\system32\rica4Ulm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\WSPDFelementMonitor.dll [271360 2017-10-19] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] ->
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {043B413C-F2B0-4284-AFCC-39D6D0FB01E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {04C7871B-E64E-490C-AC89-AD96520F2E34} - System32\Tasks\WD Discovery Service Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [78608 2021-08-21] (Western Digital Technologies, Inc. -> )
Task: {0BCC49A7-5ABD-4711-A728-B8B2FBC5912C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {10D9F0C7-420C-4087-B3D2-BCE1163B64E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {12AADE2E-AC46-4DAB-959E-379966FFCA70} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16FC9E2F-C638-4535-9255-865DB818CDCB} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1C06F5A8-EC7B-4E6F-916D-58B7178E74A5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {226D9043-91B6-46CA-98D9-5610851CCFE8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {2722E829-1297-45B3-A4E8-1CACB7C33A2D} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {2A5762AB-FD2A-4D15-809A-6746E87AD479} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3200273941-2670340362-4195434088-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {2D071615-055A-41DF-AEDC-CFF1122863CE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: {2FFAE513-2B47-4AFC-8D3C-D055BD739DEF} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Health Definition Update => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:UpdateDefinitionPlugInTaskAction /task:"Health Definition Update"
Task: {37A824E0-9E2E-4C83-807F-4164F63865BD} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [726488 2019-09-10] (Dell Inc. -> Dell Inc.)
Task: {3915EF34-18D7-439D-B472-E51A560C0B9B} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {424AE188-1605-4EC9-B4C6-DF1AEAC6C693} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {433E5798-4D14-4E7C-8147-51DB65ADF375} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4E5E053F-244D-47DC-A624-244F388F50C5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {500DE81E-2736-41AE-A32F-BE53815B3D90} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\RDP Group Configuration => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\RemoteDesktopClientConfigLibrary.dll" /class:Microsoft.WindowsServerSolutions.RemoteDesktop.ClientConfigLibrary.RemoteDesktopClientConfig /method:AddDomainUserGroupToRDPGroup /task:"RDP Group Configuration"
Task: {5132C16D-3D87-446C-B4F3-E8F658E09C80} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledBackup /task:"Client Computer Backup"
Task: {52375E6B-4E99-4A72-8E6E-2B72F7BEDD40} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {57EF97F7-F445-41BB-8666-DA0F6B6D50FD} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {59F36483-263F-402F-962D-613A2DF98DF1} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B2A00C-D092-44BF-BE04-FB6A0A8EBEC0} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6CD80A5E-4F7A-4AF5-88FD-6F3F3BDA6563} - System32\Tasks\Uninstaller_SkipUac_mike => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [6435088 2020-08-19] (IObit Information Technology -> IObit)
Task: {6FBA1DCC-3E5C-485D-8F10-2B27195CA345} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76E6B2CD-3262-4DA9-A1D7-C88EE549CBF0} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup on Idle => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledOnIdleBackup /task:"Client Computer Backup on Idle"
Task: {7A85113A-31AA-466B-B0E9-E832A99DAB29} - System32\Tasks\WD Device Agent Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [723728 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {7E411FB2-67FE-4E9A-B943-F7B258C638DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7EEA6817-AFB0-46F3-8840-157E41F8D104} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {854D0F8D-4F77-42AE-856A-C869A055E94D} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4755256 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log"  --path "C:\ProgramData\AVG\Icarus\Logs" --guid 6d7c29d8-99f0-4430-8ea2-d3eee7710770
Task: {9590B863-05F8-40B5-A44E-A81B6F333A51} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {979F0FF0-C0BC-4132-854F-0AD98A8AB2EF} - System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => C:\Windows\system32\pcalua.exe -a C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe -d C:\Users\mikem\Downloads
Task: {A28E3BB5-7269-4AF4-BCC7-CE3CBD3303BD} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit)
Task: {A3F4D157-4E56-45BB-B827-0A012EC5A14F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A495F5CF-5CDC-4215-BF2B-7532096FAA76} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A5A2598A-0669-4BA5-A9AE-9D4E0C703648} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [834856 2020-04-11] (Intel® Trust Services -> Intel® Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {A883502B-F499-4BC6-9C6B-F29A99F45A57} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {AB629FEC-9170-4737-90A2-3289821F3BE2} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B3A49E27-A226-4F11-8193-47DFEA367935} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {BBD2014D-7A97-48F2-983C-7FF9ECA98604} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [6150968 2021-08-10] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BF63275E-F5CC-4A56-80B0-942D3F1B4BE2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C598457B-FF12-49AE-B178-A2DB0784E5B8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C7D42D7F-58F3-4FD1-8EC6-234E110E9E35} - System32\Tasks\Software Updater SkipUAC(mike) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4530712 2021-06-03] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {C8237496-BA8E-46BB-B9AD-A34F86540F27} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Add-in Management => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\ClientSetupCommon.dll" /class:Microsoft.WindowsServerSolutions.ClientSetup.ClientTasks /method:AddInPerformInstallationsTask /task:"Add-in Management"
Task: {C82ADC00-6CC5-4C60-8C46-24659F12CCE8} - System32\Tasks\Driver Booster SkipUAC (mike) => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe [8147400 2021-01-06] (IObit Information Technology -> IObit)
Task: {C9584698-0407-4D61-9C8B-6FCB42BC4593} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CBB5F33B-9761-4325-8625-F8C47F042802} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:EvaluateAlertsByTriggerTaskAction /task:"Alert Evaluations"
Task: {DBE63446-44D1-4324-97EF-FD3350282123} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EA186BCB-53D0-4E93-92CC-E3EF6C1F9D58} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1794584 2021-04-14] (IObit CO., LTD -> IObit) <==== ATTENTION
Task: {ED461531-1579-4A47-84D0-3D75ACE8D636} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4530712 2021-06-03] (IObit CO., LTD -> IObit)
Task: {EE3105F4-908E-4596-9564-B5A000179AEE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {EFCE08A7-9EFE-429B-A092-0D343AD6EE9F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4BF2215-A67D-4BBE-9373-6A4B97DD0B2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {FDDE57DB-4173-4286-A179-2EB3A8D2B757} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-413578968-4127535815-2662069183-1116] => 45.175.238.8:999
Tcpip\..\Interfaces\{43fe1a28-ff97-4cee-995c-2bf4c751a028}: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{6dd5eafc-63c3-4785-8771-379fdb967eff}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a41bd588-6b0d-4b0d-a181-c06aed954d20}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{D667184D-E32C-4149-AC91-2C5FF5FAE3C8}: [DhcpNameServer] 192.168.43.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\mikem\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-21]

FireFox:
========
FF DefaultProfile: hi4lo88b.default-1543873865624
FF ProfilePath: C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 [2021-08-22]
FF user.js: detected! => C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js [2020-12-31]
FF DownloadDir: C:\Users\mikem\Desktop
FF Notifications: Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 -> hxxps://app.practicepanther.com; hxxps://3unlocker.com; hxxps://mail.google.com
FF Extension: (Add-ons Search Detection) - C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\features\{24fdb4d1-93a9-4f8f-ba95-fbb12d17fe60}\[email protected] [2021-08-17]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default [2021-08-21]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-23]
CHR Extension: (Docs) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Facebook) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb [2020-07-20]
CHR Extension: (Sheets) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-30]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2020-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-30]
CHR Extension: (Gmail) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-21]
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-21]
CHR HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10353056 2020-11-20] (Acronis International GmbH -> )
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1264400 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-13] (Adobe Systems) [File not signed]
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6383744 2020-12-23] (Acronis International GmbH -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [15032120 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209448 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3373600 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218144 2019-05-21] (Dell Inc -> Dell Inc.)
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409968 2021-05-15] (NVIDIA Corporation -> NVIDIA)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158992 2020-07-31] (IObit Information Technology -> IObit)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [48600 2019-09-10] (Dell Inc. -> Dell Inc.)
R3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5832096 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [668808 2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-03-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-12-10] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.243\WsAppService.exe [495392 2019-06-13] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 avg; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc [X]
S3 avgm; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]
S3 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Eraser\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-08-20] (CPUID -> CPUID)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [687768 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-07-30] (Google LLC -> Google, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-25] (Martin Malik - REALiX -> REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
S3 libusbK; C:\WINDOWS\System32\DRIVERS\libusbK.sys [47200 2018-12-02] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175752 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [330176 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Windows Central Build Account - X -> Microsoft Corporation)
S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 06:04 - 2021-08-22 06:06 - 000043302 _____ C:\Users\mikem\Desktop\FRST.txt
2021-08-22 06:03 - 2021-08-22 06:05 - 000000000 ____D C:\FRST
2021-08-22 06:00 - 2021-08-22 06:00 - 002299904 _____ (Farbar) C:\Users\mikem\Desktop\FRST64.exe
2021-08-22 05:50 - 2021-08-22 05:50 - 002300416 _____ (Farbar) C:\Users\mikem\Downloads\FRST64(2).exe
2021-08-22 05:42 - 2021-08-22 05:42 - 002300416 _____ (Farbar) C:\Users\mikem\Downloads\FRST64(1).exe
2021-08-22 05:38 - 2021-08-22 05:38 - 002300928 _____ (Farbar) C:\Users\mikem\Downloads\FRST64.exe
2021-08-22 03:54 - 2021-08-22 03:54 - 061496008 _____ C:\Users\mikem\Downloads\xvideos.com_dcfbbe233222f91eec075edc6fd05c56-1.mp4
2021-08-22 03:20 - 2021-08-22 03:36 - 292357446 _____ C:\Users\mikem\Downloads\720(3).mp4
2021-08-22 02:19 - 2021-08-22 02:33 - 213749924 _____ C:\Users\mikem\Downloads\720.mp4
2021-08-21 23:40 - 2021-08-21 23:40 - 000001257 _____ C:\Users\Public\Desktop\WD Security.lnk
2021-08-21 23:40 - 2021-08-21 23:40 - 000001257 _____ C:\ProgramData\Desktop\WD Security.lnk
2021-08-21 23:05 - 2021-08-21 23:05 - 000003208 _____ C:\WINDOWS\system32\Tasks\WD Discovery Service Task mike
2021-08-21 23:05 - 2021-08-21 23:05 - 000003144 _____ C:\WINDOWS\system32\Tasks\WD Device Agent Task mike
2021-08-21 22:41 - 2021-08-21 22:41 - 000167034 _____ C:\Users\mikem\Downloads\fileassassin-setup-1.06.exe
2021-08-21 18:26 - 2021-08-21 18:26 - 022611179 _____ C:\Users\mikem\Downloads\xvideos.com_86f4cbb9f72fe567818e04cf06d68c0b.mp4
2021-08-21 03:01 - 2021-08-21 03:05 - 100314912 _____ C:\Users\mikem\Downloads\720(1).mp4
2021-08-20 12:23 - 2021-08-20 12:23 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2021-08-20 10:22 - 2021-08-20 10:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-18 12:45 - 2021-08-20 10:23 - 2042389024 _____ C:\WINDOWS\MEMORY.DMP
2021-08-18 12:45 - 2021-08-18 12:56 - 004645372 _____ C:\WINDOWS\Minidump\081821-42906-01.dmp
2021-08-17 23:17 - 2021-08-17 23:17 - 000000000 ____D C:\Users\mikem\Documents\GG
2021-08-17 22:31 - 2021-08-17 22:38 - 1416473092 _____ C:\Users\mikem\Downloads\403224HD.mp4
2021-08-17 20:22 - 2021-08-17 20:23 - 003455835 _____ C:\Users\mikem\Downloads\sox-state-of-market-report-2020.pdf
2021-08-17 16:13 - 2021-08-17 16:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-08-12 14:59 - 2021-08-12 14:59 - 001151992 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-08-12 14:57 - 2021-08-12 14:57 - 008852760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 007918872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 007279232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 004986648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 002924304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 002111264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 001594656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001519384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001474336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 001212192 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001170224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000951912 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000951912 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000917280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000848672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 000748832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000704792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 000675088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000641328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000575792 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000563992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-08-12 14:57 - 2021-08-12 14:57 - 000446744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-08-12 14:57 - 2021-08-12 14:57 - 000082968 _____ C:\WINDOWS\system32\nvinfo.pb
2021-08-12 14:56 - 2021-08-12 14:57 - 006215312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-11 22:32 - 2021-08-11 22:32 - 000010246 _____ C:\Users\mikem\Documents\List of Items from Dads.xlsx
2021-08-11 06:37 - 2021-08-11 06:37 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2021-08-11 02:25 - 2021-08-11 02:25 - 076512537 _____ C:\Users\mikem\Downloads\xvideos.com_0c68c95f4d9e4eb74b649195872234fc.mp4
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 00:41 - 2021-08-11 00:41 - 000000000 ___HD C:\$WinREAgent
2021-08-09 10:45 - 2021-07-30 18:52 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys
2021-08-09 05:11 - 2021-08-09 05:13 - 466315432 _____ C:\Users\mikem\Downloads\SpankBang.com_ann+harlow+bangs+hot+young+bud_720p.mp4
2021-08-09 05:10 - 2021-08-09 05:11 - 193405067 _____ C:\Users\mikem\Downloads\EPORNER.COM - [AlFtkK2QySL] Ann Harlow threesome (240).mp4
2021-08-08 23:38 - 2021-08-08 23:39 - 173967575 _____ C:\Users\mikem\Downloads\SpankBang.com_jennifer+leroy_480p.mp4
2021-08-07 09:34 - 2021-08-07 09:40 - 754970472 _____ (NVIDIA Corporation) C:\Users\mikem\Downloads\471.11-notebook-win10-64bit-international-nsd-dch-whql.exe
2021-08-07 09:34 - 2021-08-07 09:40 - 754970472 _____ (NVIDIA Corporation) C:\Users\mikem\Downloads\471.11-notebook-win10-64bit-international-nsd-dch-whql(1).exe
2021-08-07 09:34 - 2021-08-07 09:34 - 000000000 ____D C:\Program Files\Avast Software
2021-08-07 09:31 - 2021-08-07 09:31 - 107831296 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000679936 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000102400 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-08-07 08:50 - 2021-08-07 09:12 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\vlc
2021-08-07 08:41 - 2021-08-07 08:41 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-07 08:41 - 2021-08-07 08:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-07 08:33 - 2021-08-07 08:47 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 08:01 - 2021-08-07 08:01 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PeerDistRepub
2021-08-07 07:45 - 2021-08-07 07:46 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Comms
2021-08-07 07:39 - 2021-08-07 07:39 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\OneDrive
2021-08-07 07:31 - 2021-08-07 13:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3200273941-2670340362-4195434088-1014
2021-08-07 07:31 - 2021-08-07 07:49 - 000000000 ___RD C:\Users\mpmm_a21rhkv\OneDrive
2021-08-07 07:31 - 2021-08-07 07:31 - 000002427 _____ C:\Users\mpmm_a21rhkv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-07 07:30 - 2021-08-07 07:30 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\Apple Computer
2021-08-07 07:29 - 2021-08-07 07:29 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Publishers
2021-08-07 07:28 - 2021-08-07 08:34 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Packages
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ___RD C:\Users\mpmm_a21rhkv\3D Objects
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\VirtualStore
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Google
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\D3DSCache
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\ConnectedDevicesPlatform
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\AVG
2021-08-07 07:27 - 2021-08-21 23:16 - 000000000 ____D C:\Users\mpmm_a21rhkv
2021-08-07 07:27 - 2021-08-07 07:27 - 000000020 ___SH C:\Users\mpmm_a21rhkv\ntuser.ini
2021-08-07 07:27 - 2017-08-16 02:02 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Microsoft Help
2021-08-07 00:43 - 2021-08-07 00:43 - 000000000 ____D C:\Users\mikem\AppData\Local\mymonero-updater
2021-08-07 00:42 - 2021-08-07 00:43 - 132216616 _____ (MyMonero) C:\Users\mikem\Downloads\MyMonero-Setup-1.1.24.exe
2021-08-06 22:35 - 2021-08-06 22:41 - 083701351 _____ C:\Users\mikem\Desktop\megan sage.mp4
2021-08-06 07:28 - 2021-08-06 07:28 - 002298102 _____ C:\Users\mikem\Downloads\VID 00003-20100522-1051.3GP
2021-08-05 12:10 - 2021-08-05 12:10 - 000301763 _____ C:\Users\mikem\Documents\amy emails 04.pdf
2021-08-05 12:09 - 2021-08-05 12:09 - 000295712 _____ C:\Users\mikem\Documents\amy emails 03.pdf
2021-08-05 12:03 - 2021-08-05 12:03 - 000384666 _____ C:\Users\mikem\Documents\amy emails 02.pdf
2021-08-05 12:01 - 2021-08-05 12:01 - 000443060 _____ C:\Users\mikem\Documents\amy emails 01.pdf
2021-08-04 10:08 - 2021-08-04 10:18 - 000164950 _____ C:\TDSSKiller.3.1.0.28_04.08.2021_11.08.34_log.txt
2021-08-04 10:07 - 2021-08-04 10:07 - 005054744 _____ (AO Kaspersky Lab) C:\Users\mikem\Desktop\tdsskiller.exe
2021-07-26 18:56 - 2021-07-26 18:58 - 083511961 _____ C:\Users\mikem\Desktop\megan rain - woodman swallow.mp4
2021-07-24 09:55 - 2021-07-24 10:03 - 106493242 _____ C:\Users\mikem\Desktop\ann harlow sweet cherry.mp4
2021-07-24 02:44 - 2021-07-24 03:01 - 315123703 _____ C:\Users\mikem\Desktop\danni  rivers allure.mp4
2021-07-23 07:34 - 2021-07-23 07:34 - 000000000 ____D C:\jewel

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-22 06:06 - 2019-06-09 02:56 - 000000000 ____D C:\Users\mikem\AppData\Roaming\vlc
2021-08-22 06:02 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-22 05:43 - 2017-08-12 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-22 05:02 - 2019-02-05 03:57 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-22 05:01 - 2017-08-12 18:20 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\Mozilla
2021-08-22 02:57 - 2020-05-04 19:44 - 000000495 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-08-22 00:16 - 2020-12-18 12:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-21 23:56 - 2018-05-10 11:44 - 000000000 ____D C:\Users\mikem\AppData\Local\CrashDumps
2021-08-21 23:40 - 2019-11-26 03:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2021-08-21 23:40 - 2017-08-13 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\WD Discovery
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\.wdc
2021-08-21 23:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-21 23:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-21 23:18 - 2019-01-01 21:45 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-08-21 23:16 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mpmm
2021-08-21 23:16 - 2020-12-18 12:33 - 000000000 ____D C:\Users\admin
2021-08-21 23:16 - 2020-04-28 07:26 - 000000000 ____D C:\ProgramData\AVG
2021-08-21 23:13 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mikem
2021-08-21 23:13 - 2019-06-16 16:52 - 000000000 ____D C:\Cache
2021-08-21 23:06 - 2020-12-23 17:22 - 000000000 ____D C:\Program Files\WD Desktop App
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\Roaming\IObit
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IObit
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\IObit
2021-08-21 22:05 - 2019-06-27 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-08-21 22:05 - 2019-02-13 03:25 - 000000000 ____D C:\ProgramData\Wondershare
2021-08-21 22:05 - 2019-02-13 03:24 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-08-21 22:04 - 2020-11-30 01:38 - 000000000 ____D C:\adb
2021-08-21 22:03 - 2020-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\4MeKey
2021-08-21 22:03 - 2020-11-29 07:37 - 000000000 ____D C:\Users\mikem\AppData\Roaming\LG Electronics
2021-08-21 22:03 - 2020-11-29 07:36 - 000000000 ____D C:\Users\mikem\AppData\Local\LG Electronics
2021-08-21 22:03 - 2019-07-30 14:01 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2021-08-21 22:02 - 2019-12-10 17:17 - 000000000 ____D C:\Users\mikem\AppData\Local\Packages
2021-08-21 22:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-21 22:02 - 2018-01-21 10:35 - 000000000 ____D C:\Program Files\Android
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Exodus
2021-08-21 22:01 - 2021-07-13 23:18 - 000000000 ____D C:\Users\mikem\AppData\Local\exodus
2021-08-21 22:01 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-21 21:58 - 2021-07-13 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-08-21 21:58 - 2021-01-16 06:20 - 000000000 ____D C:\Users\mikem\AppData\Roaming\GlarySoft
2021-08-21 21:58 - 2021-01-16 06:20 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-08-21 21:58 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-21 21:55 - 2018-03-21 12:01 - 000007605 _____ C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2021-08-21 12:25 - 2019-01-22 13:06 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-21 10:25 - 2020-12-18 12:32 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-20 12:22 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\ProductData
2021-08-20 10:27 - 2020-12-18 12:45 - 000941870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-20 10:25 - 2020-12-31 13:26 - 000000000 ____D C:\WINDOWS\Minidump
2021-08-20 10:23 - 2020-12-18 12:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-20 10:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-20 10:22 - 2020-12-18 12:26 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-08-18 12:45 - 2021-07-22 09:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-18 12:45 - 2017-08-12 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-18 12:16 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Origin
2021-08-17 23:45 - 2017-08-12 18:27 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-17 23:45 - 2017-08-12 18:27 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-17 23:45 - 2017-08-12 18:27 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-08-17 16:13 - 2017-08-12 18:20 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-17 15:55 - 2019-12-10 20:24 - 000000000 ____D C:\Users\mikem\AppData\Local\D3DSCache
2021-08-15 20:19 - 2020-12-18 22:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-15 20:19 - 2020-12-18 22:56 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6d563b3b6d726
2021-08-14 15:06 - 2019-01-01 21:19 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-08-14 15:06 - 2018-06-27 23:29 - 000000000 ____D C:\ProgramData\Origin
2021-08-14 15:05 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Local\Origin
2021-08-12 15:01 - 2019-01-27 17:13 - 000000000 ____D C:\Users\mikem\AppData\Local\NVIDIA
2021-08-12 00:34 - 2020-12-18 12:26 - 000916280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-12 00:33 - 2018-06-30 20:13 - 000000000 ____D C:\Users\mikem\AppData\Local\AVAST Software
2021-08-12 00:31 - 2020-12-18 14:59 - 000000000 ____D C:\Program Files\Hyper-V
2021-08-12 00:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-12 00:31 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-11 00:32 - 2017-08-12 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 00:25 - 2017-08-12 19:12 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-10 12:45 - 2021-02-01 13:27 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-08-10 04:49 - 2020-07-26 20:53 - 000036120 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-08-07 13:19 - 2018-06-30 20:10 - 000000000 ____D C:\ProgramData\AVAST Software
2021-08-07 13:15 - 2021-06-29 19:01 - 000002560 _____ C:\WINDOWS\system32\Tasks\Software Updater Scheduler
2021-08-07 13:15 - 2021-06-23 16:45 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2021-06-23 16:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-07 13:15 - 2020-12-18 12:55 - 000002396 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_mike
2021-08-07 13:14 - 2021-01-16 06:29 - 000002568 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2021-08-07 13:14 - 2021-01-16 06:29 - 000002554 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2021-08-07 13:14 - 2021-01-16 06:29 - 000002392 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (mike)
2021-08-07 13:14 - 2020-12-22 22:13 - 000003174 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-08-07 13:14 - 2020-12-18 12:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-07 13:14 - 2020-12-18 12:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-07 09:36 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-07 09:13 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-07 09:13 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-07 07:49 - 2020-01-07 11:50 - 000000000 ___HD C:\OneDriveTemp
2021-08-07 07:45 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-07 07:28 - 2019-12-10 17:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-07 07:15 - 2021-07-13 19:41 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Electrum
2021-08-07 04:06 - 2020-05-14 03:46 - 000000000 ____D C:\Users\mikem\log
2021-08-06 06:33 - 2021-07-13 19:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\com.liberty.jaxx
2021-08-04 12:05 - 2020-09-30 23:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-04 10:25 - 2020-02-03 01:39 - 000000000 ____D C:\Program Files (x86)\Origin
2021-08-04 09:24 - 2021-02-01 04:41 - 000000000 ____D C:\ProgramData\GlarySoft
2021-08-04 08:28 - 2019-12-10 17:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-28 22:24 - 2021-07-20 11:44 - 000250296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-07-28 22:24 - 2021-07-20 11:44 - 000195000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-07-28 22:24 - 2021-07-13 21:14 - 001752512 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-07-28 22:24 - 2021-07-13 21:14 - 000159672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-07-28 22:24 - 2021-07-13 21:14 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-07-28 22:24 - 2021-07-13 21:14 - 000038344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-07-27 12:06 - 2018-10-09 18:16 - 000000000 ____D C:\M19 Number Array Helper
2021-07-23 08:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ========

2018-03-21 09:15 - 2018-02-13 02:57 - 000131072 _____ () C:\Users\mikem\zcl-wallet.dat
2019-02-08 09:03 - 2015-12-18 23:41 - 000573952 _____ () C:\Program Files\DS4Updater.exe
2019-02-08 09:03 - 2016-10-08 22:17 - 003168256 _____ () C:\Program Files\DS4Windows.exe
2020-05-04 23:38 - 2020-05-05 00:10 - 000000128 _____ () C:\Users\mikem\AppData\Local\PUTTY.RND
2020-04-23 22:47 - 2020-04-23 22:47 - 000000792 _____ () C:\Users\mikem\AppData\Local\recently-used.xbel
2018-03-21 12:01 - 2021-08-21 21:55 - 000007605 _____ () C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2019-04-03 13:57 - 2019-06-24 00:26 - 164937728 _____ () C:\Users\mikem\AppData\Local\SageThumbs.db3
2020-11-28 22:58 - 2020-11-28 22:58 - 000000076 _____ () C:\Users\mikem\AppData\Local\uts.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Attached Files


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello and welcome to GTG Forums.
 
Since the version of the FRST tool you ran is old, please do another scan with the latest version and attach both logs again.
 
Can you tell us why do you think you are infected?

 

 

Run FRST

Download Farbar Recovery Scan Tool and save it to your desktop. 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Do you still need assistance?


  • 0

#4
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Yes, I have attached the two files

Attached Files


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

OK.
 
Until I review them, please adhere to the guidelines below:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi.
 
There are many things to say regarding your logs.
 
1. Stop downloading for disreputable sites
 
Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. 
 
The best for you is to also delete the specific downloaded files.
 
 
2. Uninstall programs
 
 AVG TuneUp, Driver Booster 8, Smart Defrag 6 
 
We do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. As for the defrag programs, Windows 10 automatically defrag your hard drives for you, as needed. There is no need to use a third-party program for that. Defrag software is almost entirely a thing of the past. The only exception may be for external HDDs that may need the occasional defrag every once in a great while. Even then, the Windows defrag is just fine.
 
Anything not legally activated

 
Having pirated/hacked/cracked programs is the easiest way to infect your computer. Make a check and uninstall anything that belongs in this kind of programs (e.g. Photoshop, Wondershare ...).
 
To uninstall the above programs:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
AVG TuneUp
Driver Booster 8 
Smart Defrag 6 
Any other program not legally activated
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

3. Uninstall a Chrome extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find AVG SafePrice, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

4. Question about Proxy
 
Do you recognize this? 
 
ProxyServer: [S-1-5-21-413578968-4127535815-2662069183-1116] => 45.175.238.8:999
 
 
5. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
AlternateDataStreams: C:\Users\Public\DRM:احتضان [98]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\S-1-5-21-413578968-4127535815-2662069183-1116 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll => No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\startupreg: Chromium => 
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2766648 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> 
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> 
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2722E829-1297-45B3-A4E8-1CACB7C33A2D} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {2D071615-055A-41DF-AEDC-CFF1122863CE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: {3915EF34-18D7-439D-B472-E51A560C0B9B} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
Task: {854D0F8D-4F77-42AE-856A-C869A055E94D} - System32\Tasks\AVG\AVG TuneUp BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [4755256 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log"  --path "C:\ProgramData\AVG\Icarus\Logs" --guid 6d7c29d8-99f0-4430-8ea2-d3eee7710770
Task: {A28E3BB5-7269-4AF4-BCC7-CE3CBD3303BD} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe [2268432 2020-12-23] (IObit Information Technology -> IObit)
Task: {A495F5CF-5CDC-4215-BF2B-7532096FAA76} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {AB629FEC-9170-4737-90A2-3289821F3BE2} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe [152848 2020-12-23] (IObit Information Technology -> IObit)
Task: {BBD2014D-7A97-48F2-983C-7FF9ECA98604} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [6150968 2021-08-10] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {C82ADC00-6CC5-4C60-8C46-24659F12CCE8} - System32\Tasks\Driver Booster SkipUAC (mike) => C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe [8147400 2021-01-06] (IObit Information Technology -> IObit)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [15032120 2021-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avg; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc [X]
S3 avgm; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]
S3 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Eraser\ElevationService.exe [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [X]
S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
C:\Program Files\Avast Software
C:\Users\mpmm_a21rhkv\AppData\Local\AVG
C:\Users\mikem\Desktop\tdsskiller.exe
C:\Users\mikem\AppData\Roaming\GlarySoft
C:\Program Files (x86)\Glarysoft
C:\Users\mikem\AppData\Local\AVAST Software
C:\WINDOWS\system32\icarus_rvrt.exe
C:\ProgramData\AVAST Software
C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
C:\WINDOWS\system32\Tasks\Driver Booster Update
C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (mike)
C:\ProgramData\GlarySoft
C:\Program Files\AVG
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Glary Utilities 5
C:\ProgramData\AVG
C:\Program Files (x86)\IObit\Driver Booster
C:\Program Files\Common Files\AVG
EmptyTemp:
End::
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
    • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your Desktop.
    • Please post the log in your next reply.

 

In your next reply please post:

  • Which programs did you uninstall
  • A reply about proxy
  • The fixlog.txt

  • 0

#7
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
  • Which programs did you uninstall - AVG Tune Up, Drive Booster, and Defrag
  • A reply about proxy - I have no idea why there is a proxy configured
  • The fixlog.txt - attached, thank you

Attached Files


  • 0

#8
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

 I also uninstalled WonderShare, forgot to mention that. I use Photoshop and have a valid license for it


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello and thank you.
 
Let's continue.


1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please paste the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#10
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thank you so very much for your help.

--------------------------

AdwCleaner[S03].txt

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-25-2021
# Duration: 00:00:29
# OS:       Windows 10 Pro
# Scanned:  32000
# Detected: 23


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\mikem\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
PUP.Optional.Legacy             C:\Users\Public\Desktop\ScreenShot.lnk
PUP.Optional.Legacy             C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKCU\Software\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\services\Updater

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B94A2FE7-BC99-49AC-B5E5-ED1096456E7C}
Preinstalled.DellSupportAssistAgent   File   C:\Users\Public\Desktop\SupportAssist.lnk
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37A824E0-9E2E-4C83-807F-4164F63865BD}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A824E0-9E2E-4C83-807F-4164F63865BD}
Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


AdwCleaner[S00].txt - [3125 octets] - [16/11/2018 20:49:40]
AdwCleaner[C00].txt - [2799 octets] - [16/11/2018 20:50:09]
AdwCleaner[S01].txt - [1379 octets] - [16/11/2018 20:53:06]
AdwCleaner[S02].txt - [1440 octets] - [16/11/2018 20:53:32]
AdwCleaner[C02].txt - [1626 octets] - [16/11/2018 20:53:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Running Malwarebytes now ...

 


  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Just letting you know: Here it is 22:30 now, so I will review your logs again by tomorrow my time. Meanwhile, post the Malwarebytes report too. 

 

See you tomorrow. :)


  • 0

#12
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Malwarebytes report

-------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/25/21
Scan Time: 2:10 PM
Log File: 2b5bc8c6-05d8-11ec-b33e-142d27b3ee78.json

-Software Information-
Version: 4.4.5.130
Components Version: 1.0.1430
Update Package Version: 1.0.44362
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: MPMM1\mike

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 438002
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 15 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Malware.Heuristic.1003, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xvid Video Codec 1.3.2, No Action By User, 1000001, 0, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\Xvid\Uninstall Xvid Video Codec.lnk, No Action By User, 1000001, 0, , , , , DCE53FDBD382DB4D0B0D8F5F7677B74F, 030A0E476663EA2C5E7D3A0718A5D4D32EC00625E2076962D332EE6AD80795C2
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\XVID\UNINSTALL.EXE, No Action By User, 1000001, 0, 1.0.44362, 0000000000000000000003EB, dds, 01393384, 31B19B74309007E83AF8B7AFB81593E2, AB607E7F814F945401C00F869A356224A5BF518C68F92A110EE491C9E4DCBFBD
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, No Action By User, 3936, 396386, 1.0.44362, , ame, , 833D1314B54C70130EE1D11F4195FA9E, BE7AC1F69D204562F79EA955CEE238F3766FB89FD637D39427F4F8B437581D5C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello.
 
Several things were detected. Now, we are going to clean them.

 
1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders and Registry parts of the log, are PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use (Dell Digital Delivery, Dell Support Assist Agent, Dell Update for Windows). Personally, I don't kee anything I do not use/need. But it's your computer, so your decision.
 
To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • The eset.txt

  • 0

#14
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

AdwCleaner Log:

------------------------

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-26-2021
# Duration: 00:00:12
# OS:       Windows 10 Pro
# Cleaned:  23
# Awaiting reboot:1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\mikem\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted       C:\Users\Public\Desktop\ScreenShot.lnk
Deleted       C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\invalidprefs.js
Deleted       C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\IObit\Advanced SystemCare
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\Updater
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.DellDigitalDelivery   Folder   C:\Program Files (x86)\DELL DIGITAL DELIVERY
Deleted       Preinstalled.DellDigitalDelivery   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B94A2FE7-BC99-49AC-B5E5-ED1096456E7C}
Deleted       Preinstalled.DellSupportAssistAgent   File   C:\Users\Public\Desktop\SupportAssist.lnk
Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37A824E0-9E2E-4C83-807F-4164F63865BD}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A824E0-9E2E-4C83-807F-4164F63865BD}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Deleted       Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\Program Files\DELL\SUPPORTASSISTAGENT

*************************

AdwCleaner[S00].txt - [3125 octets] - [16/11/2018 20:49:40]
AdwCleaner[C00].txt - [2799 octets] - [16/11/2018 20:50:09]
AdwCleaner[S01].txt - [1379 octets] - [16/11/2018 20:53:06]
AdwCleaner[S02].txt - [1440 octets] - [16/11/2018 20:53:32]
AdwCleaner[C02].txt - [1626 octets] - [16/11/2018 20:53:40]
AdwCleaner[S03].txt - [4000 octets] - [25/08/2021 13:58:56]
AdwCleaner[S04].txt - [4061 octets] - [26/08/2021 06:16:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

 


  • 0

#15
mpmm

mpmm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/26/21
Scan Time: 6:27 AM
Log File: a48d570e-0660-11ec-be6a-142d27b3ee78.json

-Software Information-
Version: 4.4.5.130
Components Version: 1.0.1430
Update Package Version: 1.0.44390
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: MPMM1\mike

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 437982
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 15 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Malware.Heuristic.1003, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xvid Video Codec 1.3.2, Quarantined, 1000001, 0, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\Xvid\Uninstall Xvid Video Codec.lnk, Quarantined, 1000001, 0, , , , , DCE53FDBD382DB4D0B0D8F5F7677B74F, 030A0E476663EA2C5E7D3A0718A5D4D32EC00625E2076962D332EE6AD80795C2
Malware.Heuristic.1003, C:\PROGRAM FILES (X86)\XVID\UNINSTALL.EXE, Quarantined, 1000001, 0, 1.0.44390, 0000000000000000000003EB, dds, 01394464, 31B19B74309007E83AF8B7AFB81593E2, AB607E7F814F945401C00F869A356224A5BF518C68F92A110EE491C9E4DCBFBD

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP