Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes keeps finding malware [Solved]

Started by M2mouse , Oct 02 2023 06:55 PM

  • This topic is locked This topic is locked

#1
M2mouse
Posted 02 October 2023 - 06:55 PM

M2mouse

    Member

  • Member
  • PipPipPip
  • 175 posts

Running win 10 64bit. I thought that Malwarebytes had taken care of the malware. Ran eset and it found nothing and Rougekiller also found nothing. Got on the web and looked around, then did a scan with MB and it found more(eight items total now). 

 

 

======Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by WESSLEE (02-10-2023 19:55:19)
Running from C:\Users\WESSLEE\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2022-10-11 12:04:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3491938310-4242456956-3216696182-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3491938310-4242456956-3216696182-503 - Limited - Disabled)
Guest (S-1-5-21-3491938310-4242456956-3216696182-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3491938310-4242456956-3216696182-504 - Limited - Disabled)
WESSLEE (S-1-5-21-3491938310-4242456956-3216696182-1001 - Administrator - Enabled) => C:\Users\WESSLEE
============== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Epic Privacy Browser (HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\...\Epic Privacy Browser) (Version: 117.0.5938.92 - Epic)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\PhotoPlus) (Version: 3.7.3.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{2A369D40-CE23-421A-8173-3C303A0A8355}) (Version: 4.6.6 - Seiko Epson Corporation)
EPSON WF-2930 Series Printer Uninstall (HKLM\...\EPSON WF-2930 Series) (Version:  - Seiko Epson Corporation)
Epson WF-2930 User’s Guide (HKLM-x32\...\UsersGuideEpson WF-2930 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.3.21102.1 - Acer)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 101.0 (x64 en-US)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
RogueKiller version 15.12.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.12.1.0 - Adlice Software)

Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2023-05-31] (Acer Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.40028.0_x64__0a9344xs7nr4m [2022-04-02] (Advanced Micro Devices Inc.) [Startup Task]
Aura Privacy -> C:\Program Files\WindowsApps\Aura-YourDigitalHalo.FigLeaf_6.2.4.0_x64__ecvh8cc66bmhj [2022-04-08] (Aura - Your Digital Halo)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-03-12] (Acer Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-15] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.photodirectorforacerdesktop_8.0.6428.0_x64__ypz87dpxkv292 [2022-02-27] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.powerdirectorforacerdesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-02-27] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-03-12] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-05-15] (Realtek Semiconductor Corp)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-15] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-05-26 19:54 - 2022-05-26 19:54 - 004748456 ____T (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\goopdate.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000242688 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EPNWPSHDevFinder.DLL
2023-08-08 19:59 - 2023-08-08 19:59 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000098304 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000286208 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000358400 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000607232 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2023-09-22 13:59 - 2023-07-20 04:02 - 000515072 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000696320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001285632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000347136 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000090624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000484864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000080896 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000322560 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000084992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 000146432 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001077248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001178112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000474624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000113152 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000315392 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000131584 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000025600 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2023-09-22 13:59 - 2023-07-19 14:02 - 000337408 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2023-09-20 14:12 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) [File not signed] C:\WINDOWS\System32\E_YLMBWDE.DLL
2023-09-22 13:59 - 2023-07-20 04:02 - 001570816 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENCM.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001050112 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENNW.dll
2023-09-22 13:59 - 2023-07-20 04:02 - 001038848 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\ENUTIL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-14] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{B9355AD3-A449-4ED2-9166-F25A2A2BA0D4}C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [TCP Query User{50D42B13-29B8-4246-AF1D-7798ADD90F7D}C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\wesslee\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{E67D57C8-3131-4EFD-88DA-3A3E85690E69}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{307F29F9-39C9-4049-BCED-D17A65FDCE7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EE003545-EF57-44EC-8168-83982DE531D0}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3067A080-A592-4D1B-A10B-DE91C6CD748F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{269BDA9C-A1C1-4B49-895C-FF4D77682E7F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{756B231E-3B00-4673-9987-2A3AC1315854}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{5D2BF2CE-F0C6-4DC0-973E-7D8EB9772BF6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{95D45013-3901-4E7F-9A7A-BFFC0CEE7946}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{AE9C7CB8-B7ED-4D7D-B7F0-0DEAF7AE7FCA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{8B7FF95C-EA25-4434-B767-AD1967DE5825}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

19-09-2023 16:09:58 Windows Update
20-09-2023 16:52:19 Removed EpsonNet Print
22-09-2023 13:59:44 Installed FAX Utility
26-09-2023 06:51:57 Windows Update
02-10-2023 19:27:38 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (10/02/2023 07:25:17 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 00:25:17 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e1821daa-04d2-4ded-9a8e-fdfe9d3c7b25

Method: GET(1016ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/02/2023 07:25:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 00:25:15 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 38dd7c69-07fe-4576-b3b7-71dd5a50813f

Method: GET(2704ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/02/2023 08:22:12 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 02 Oct 2023 13:22:12 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 285c930d-be37-4452-8e54-e69c41e3e5fc

Method: GET(281ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/02/2023 08:22:12 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 02 Oct 2023 13:22:11 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 406e21ff-a67e-44e7-8f01-baab27de1d1c

Method: GET(500ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/01/2023 12:21:29 PM) (Source: Application Error) (EventID: 1000) (User: dreadnot)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: WININET.dll, version: 11.0.22621.608, time stamp: 0x56e0463f
Exception code: 0xc0000005
Fault offset: 0x002cca44
Faulting process id: 0x0x2bc4
Faulting application start time: 0x0x1d9f48bb4106637
Faulting application path: C:\Users\WESSLEE\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll
Report Id: 9ec735c9-2981-4b5b-8ac6-c5fa04c9459c
Faulting package full name:
Faulting package-relative application ID:

Error: (10/01/2023 11:38:24 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 01 Oct 2023 16:38:25 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: bf3db1b9-6e1e-435d-9e02-556eb560c940

Method: GET(422ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/01/2023 11:38:24 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 01 Oct 2023 16:38:24 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6390935b-e992-4bf1-b66c-a76853afbe72

Method: GET(1406ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/30/2023 06:20:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DREADNOT$ via https://AMD-KeyId-52...plates/Aik/scepfailed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 30 Sep 2023 23:20:23 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 2894131b-fb4a-4295-a8e4-731f8084fa68

Method: GET(235ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

System errors:
=============
Error: (10/02/2023 07:26:58 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (10/02/2023 07:25:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:22:08 AM on ‎10/‎2/‎2023 was unexpected.

Error: (10/02/2023 07:24:58 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (10/02/2023 07:23:26 AM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (10/01/2023 01:42:05 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (10/01/2023 11:38:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:20:18 PM on ‎9/‎30/‎2023 was unexpected.

Error: (10/01/2023 11:38:05 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (09/30/2023 06:23:37 PM) (Source: DCOM) (EventID: 10010) (User: dreadnot)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2023-10-01 12:01:46
Description:
Controlled Folder Access blocked C:\Users\WESSLEE\AppData\Local\Temp\is-ETSH1.tmp\setup-15.12.1.0.tmp from making changes to memory.
Detection time: 2023-10-01T17:01:46.867Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Users\WESSLEE\AppData\Local\Temp\is-ETSH1.tmp\setup-15.12.1.0.tmp
Security intelligence Version: 1.397.1886.0
Engine Version: 1.1.23080.2005
Product Version: 4.18.23080.2006

Date: 2023-10-01 12:01:46
Description:
Controlled Folder Access blocked C:\Program Files\RogueKiller\RogueKillerSvc.exe from making changes to memory.
Detection time: 2023-10-01T17:01:46.867Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Security intelligence Version: 1.397.1886.0
Engine Version: 1.1.23080.2005
Product Version: 4.18.23080.2006

Date: 2023-09-25 21:13:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-22 14:41:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-20 14:09:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-09-29 08:19:40
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 

Date: 2023-09-29 08:19:00
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 

Date: 2023-09-16 14:21:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.397.1061.0;1.397.1061.0
Engine Version: 1.1.23080.2005

Date: 2023-08-10 20:10:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.395.92.0;1.395.92.0
Engine Version: 1.1.23070.1005

Date: 2023-07-14 12:42:40
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.393.321.0;1.393.321.0
Engine Version: 1.1.23060.1005

CodeIntegrity:
===============
Date: 2023-09-29 19:54:57
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Users\WESSLEE\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.

Date: 2023-09-29 19:53:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: INSYDE Corp. V1.08 09/06/2021
Motherboard: LN Calla_LC
Processor: AMD Ryzen 5 5500U with Radeon Graphics
Percentage of memory in use: 52%
Total physical RAM: 7530.32 MB
Available physical RAM: 3601.88 MB
Total Virtual: 8730.32 MB
Available Virtual: 4585.45 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:420.67 GB) (Model: WDC PC SN530 SDBPNPZ-512G-1114) NTFS

\\?\Volume{6211ee83-84da-4b07-a75c-6e044083440e}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.41 GB) NTFS
\\?\Volume{8de08f46-ef09-4a28-8f5f-35508953bab2}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================


Edited by M2mouse, 02 October 2023 - 07:00 PM.

  • 0

Advertisements

#2
RKinner
Posted 03 October 2023 - 04:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

We need the FRST.txt file too.  Also does MBAM tell you the name of the malware or where it lives?  This sounds a lot like a false positive.


  • 0

#3
M2mouse
Posted 03 October 2023 - 06:33 AM

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

MBAM does list where it is. I now see what you are talking about. It does seem to be something about Epic and chrome. Epic is no longer used and could be removed.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by WESSLEE (administrator) on DREADNOT (Acer Aspire A515-45) (02-10-2023 19:53:15)
Running from C:\Users\WESSLEE\Downloads\FRST64.exe
Loaded Profiles: WESSLEE
Platform: Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.16827.20130\OfficeClickToRun.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe <6>
(DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atieclxx.exe
(explorer.exe ->) (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E1YATIBFE.EXE
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Acer Incorporated -> Microsoft) C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22307.1401.9.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe [1272664 2021-07-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-26] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\...\Run: [MicrosoftEdgeAutoLaunch_5756D27DB17B6A5D0C9A67B6468920DE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2022-05-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-3491938310-4242456956-3216696182-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBFE.EXE [484712 2021-11-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON WF-2930 Series 64MonitorBE: C:\WINDOWS\system32\E1YLMBBFE.DLL [237568 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON XP-4100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBWDE.DLL [187392 2018-06-15] (Seiko Epson Corporation) [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {CE29A736-BF09-4340-8CB5-5798F5A81C03} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {0668C732-0B40-40FA-98ED-E1CAE2B95B9B} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {E396C1E5-7E78-48A0-9EE0-38059BD00E0C} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {4000903B-AD18-446B-AE05-12A486099560} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {F0F0D027-3FCD-45A8-9291-F0DE19DEC9A6} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\WESSLEE\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  LOGON (No File)
Task: {DC6A36AB-2D96-4785-9EAF-F4921ADBE912} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\WESSLEE\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe  SCHED (No File)
Task: {6A37A87E-ADFA-49F3-A5E3-7DA90602B5EA} - System32\Tasks\EPSON WF-2930 Series Update {A1A1278F-CCA5-439F-B02C-28F6E99DE0DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBFE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {534DB1FC-ACE1-460A-8790-F4F58D1B678A} - System32\Tasks\Extended Service Plan_EPSON WF-2930 Series_1 => C:\ProgramData\Epson\Service Plan\epsvcp.exe [5543304 2021-04-02] (Epson America, Inc. -> Epson America)
Task: {A627D63F-C73E-4EAA-BE8B-1294CB79D0FC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E10D1DE7-E6EA-458E-8C43-1523C3F28735} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D04279B-A61E-49DB-900F-4B23219A057F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {522171DA-4AB5-4475-ADFF-40FFEB4762AE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EDFD521-1474-4AAF-8B6C-0444869E0F45} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3245722D-8981-4766-9C5B-9B346B555A03} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {AB72216E-0263-4588-817B-1959B60A29F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BA041E54-187D-4545-9797-0A65001EB14D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7D280BE-58B3-4186-81EE-8BAC18BFDDAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F033D2D5-0DA0-4041-A6A5-09371635673B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16B81E8D-A4FA-4201-BA0E-AB58B03D3354} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [765888 2023-08-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {22BD859A-D2DF-4757-A0FE-BEBF38F5A607} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {7BAC666E-A538-4FFA-9E91-F83A6DFD6670} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [18224 2021-03-12] (Acer Incorporated -> )
Task: {D593C77C-F0C5-4096-8D77-86F82729C337} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4207218247-1278340166-910672948-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {53F7300C-E6BE-4EF2-8CB6-090BEB457BE4} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {A13E13DA-2A01-4EDF-AEDE-6AA49EDC833B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {D53A6C8B-5832-4783-9706-76578A3C380F} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-30] (Acer Incorporated -> Acer Incorporated)
Task: {756937DD-13DF-46A2-A67F-227F18055976} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [153640 2021-03-28] (Acer Incorporated -> Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-2930 Series Update {A1A1278F-CCA5-439F-B02C-28F6E99DE0DE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBFE.EXE:/EXE:{A1A1278F-CCA5-439F-B02C-28F6E99DE0DE} /F:UpdateWORKGROUP\DREADNOT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{77a90b91-b23f-4801-936e-0937fbb3f876}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\WESSLEE\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-02]
Edge Extension: (Google Docs Offline) - C:\Users\WESSLEE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\WESSLEE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-08-24]
Edge Extension: (Edge relevant text changes) - C:\Users\WESSLEE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]

FireFox:
========
FF DefaultProfile: 0o0qb4e3.default
FF ProfilePath: C:\Users\WESSLEE\AppData\Roaming\Mozilla\Firefox\Profiles\0o0qb4e3.default [2022-04-09]
FF ProfilePath: C:\Users\WESSLEE\AppData\Roaming\Mozilla\Firefox\Profiles\0d5c5zir.default-release [2023-08-16]
FF Extension: (English (US) Language Pack) - C:\Users\WESSLEE\AppData\Roaming\Mozilla\Firefox\Profiles\0d5c5zir.default-release\Extensions\[email protected] [2023-08-11]
FF Extension: (English (US) Language Pack) - C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2021-04-19]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2023-08-11] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3491938310-4242456956-3216696182-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2022-05-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-3491938310-4242456956-3216696182-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2022-05-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2022-06-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-21] (Malwarebytes Inc. -> Malwarebytes)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16014768 2023-09-18] (ADLICE -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2022-06-02] (Acer Incorporated -> Acer Incorporated)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-10-11] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-11] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [276424 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1407968 2022-03-19] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [53696 2023-10-02] (ADLICE (Julien Ascoet) -> )
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-14] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-02 19:53 - 2023-10-02 19:54 - 000021541 _____ C:\Users\WESSLEE\Downloads\FRST.txt
2023-10-02 19:53 - 2023-10-02 19:53 - 000000000 ____D C:\Users\WESSLEE\Downloads\FRST-OlderVersion
2023-10-02 19:52 - 2023-10-02 19:53 - 000000000 ____D C:\FRST
2023-10-02 19:45 - 2023-10-02 19:53 - 002382848 _____ (Farbar) C:\Users\WESSLEE\Downloads\FRST64.exe
2023-10-01 12:02 - 2023-10-02 19:25 - 000053696 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2023-10-01 12:01 - 2023-10-02 19:30 - 000000000 ____D C:\ProgramData\RogueKiller
2023-10-01 12:01 - 2023-10-01 12:01 - 000000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-10-01 12:01 - 2023-10-01 12:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-10-01 12:01 - 2023-10-01 12:01 - 000000000 ____D C:\Program Files\RogueKiller
2023-10-01 11:57 - 2023-10-01 12:00 - 047667808 _____ (Adlice Software ) C:\Users\WESSLEE\Downloads\setup-15.12.1.0.exe
2023-09-29 20:29 - 2023-09-29 20:29 - 000003852 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-29 20:29 - 2023-09-29 20:29 - 000003410 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-09-29 19:34 - 2023-10-01 12:21 - 000001388 _____ C:\Users\WESSLEE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-09-29 19:34 - 2023-09-29 19:34 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\ESET
2023-09-22 14:20 - 2023-09-22 14:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\Extended Service Plan_EPSON WF-2930 Series_1
2023-09-22 14:18 - 2023-09-22 14:18 - 000002213 _____ C:\Users\Public\Desktop\Epson Printer Connection Checker.lnk
2023-09-22 14:16 - 2023-09-22 14:16 - 000002081 _____ C:\Users\Public\Desktop\Epson Photo+.lnk
2023-09-22 14:16 - 2023-09-22 14:16 - 000000166 _____ C:\Users\Public\Desktop\Epson WF-2930 User’s Guide.url
2023-09-22 14:02 - 2023-09-29 08:17 - 000000937 _____ C:\WINDOWS\Tasks\EPSON WF-2930 Series Update {A1A1278F-CCA5-439F-B02C-28F6E99DE0DE}.job
2023-09-22 14:02 - 2023-09-22 14:02 - 000004136 _____ C:\WINDOWS\system32\Tasks\EPSON WF-2930 Series Update {A1A1278F-CCA5-439F-B02C-28F6E99DE0DE}
2023-09-22 14:00 - 2023-09-22 14:00 - 000000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2023-09-22 13:59 - 2023-09-22 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2023-09-22 13:59 - 2023-09-22 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2023-09-22 13:59 - 2023-09-22 14:18 - 000000000 ____D C:\Program Files (x86)\epson
2023-09-22 13:47 - 2023-09-22 13:49 - 012399376 _____ (Epson America, Inc. ) C:\Users\WESSLEE\Downloads\WF2930_Lite_NA.exe
2023-09-20 14:18 - 2023-09-22 14:18 - 000000000 ____D C:\Users\WESSLEE\AppData\Roaming\EPSON
2023-09-20 14:14 - 2023-09-20 14:14 - 000000000 ____D C:\Users\WESSLEE\AppData\Roaming\Leadertech
2023-09-20 14:13 - 2023-09-22 14:18 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-20 14:13 - 2023-09-22 14:18 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2023-09-20 14:13 - 2023-09-20 14:13 - 000000000 ____D C:\Program Files\Common Files\EPSON
2023-09-20 14:13 - 2022-06-29 14:00 - 000206304 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2023-09-20 14:13 - 2019-07-04 15:28 - 000147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2023-09-20 14:12 - 2023-09-22 14:20 - 000000000 ____D C:\ProgramData\EPSON
2023-09-20 14:12 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YLMBWDE.DLL
2023-09-20 14:12 - 2018-06-15 03:04 - 000083968 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YD4BWDE.DLL

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-02 19:52 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-02 19:34 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-02 19:34 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-02 19:30 - 2022-10-11 07:03 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-02 19:30 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2023-10-02 19:26 - 2023-05-13 12:56 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\Malwarebytes
2023-10-02 19:26 - 2022-05-26 19:54 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\Epic Privacy Browser
2023-10-02 19:25 - 2022-10-11 07:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-02 19:25 - 2022-10-11 06:59 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-10-02 19:25 - 2022-10-11 06:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-02 19:25 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-10-02 19:25 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-02 19:25 - 2022-04-08 19:22 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2023-10-02 19:25 - 2022-02-27 13:37 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-01 12:21 - 2022-03-12 09:50 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\CrashDumps
2023-10-01 11:49 - 2022-02-27 13:37 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 11:49 - 2022-02-27 13:37 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-30 18:19 - 2022-02-27 12:23 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\D3DSCache
2023-09-29 20:54 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2023-09-29 08:20 - 2022-05-07 00:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-09-28 07:20 - 2022-02-27 12:23 - 000000000 ____D C:\ProgramData\Packages
2023-09-20 14:18 - 2022-10-11 07:00 - 000000000 ____D C:\Users\WESSLEE
2023-09-20 14:14 - 2022-10-11 09:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-09-20 13:06 - 2022-04-10 12:30 - 000000000 ____D C:\Users\WESSLEE\AppData\Local\ElevatedDiagnostics
2023-09-15 08:27 - 2022-03-12 09:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-09-15 08:16 - 2022-03-12 09:20 - 177941912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-09-14 19:40 - 2022-10-11 06:59 - 000471248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\UUS
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-14 19:40 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-14 19:36 - 2021-11-12 21:43 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-14 14:12 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-14 14:06 - 2022-10-11 07:03 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-06-09 05:04 - 2022-06-09 05:04 - 000000017 _____ () C:\Users\WESSLEE\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Edited by M2mouse, 03 October 2023 - 06:38 AM.

  • 0

#4
RKinner
Posted 03 October 2023 - 06:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't see anything suspicious in your logs.

 

If you are not using Epic then uninstall it and see if that makes MBAM happy.


  • 0

#5
M2mouse
Posted 03 October 2023 - 06:45 PM

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

That is good news. Thought there could be a chance that it would be hiding in the Epic files.

Epic will be uninstalled.

So far so good. Will do more testing.


Edited by M2mouse, 03 October 2023 - 06:51 PM.

  • 0

#6
M2mouse
Posted 04 October 2023 - 07:20 PM

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 175 posts

Thank you for the help. Everything seems to be fine now. Topic can be closed.


  • 0

#7
RKinner
Posted 04 October 2023 - 10:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Time to clean up:
If we used FRST to clean your PC:
 
right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

  • 0

#8
RKinner
Posted 04 October 2023 - 10:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP