Jump to content

RSM

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. RSM
    Thankyou for your help. I am going to be away from my pc for a couple of months, so will have to come back to it.
  2. RSM
    SecurityCheck.txt
  3. RSM
    Log attached msert.log
  4. RSM
    Thankyou, will do it tomorrow
  5. RSM
    mbst-grab-results.zipmbst-grab-results.zip
  6. RSM
    This was the one I ran earlier before scans etc
  7. RSM
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021 Ran by Trevor (administrator) on TREVOR-PC (Dell Inc. Inspiron 620) (12-08-2021 13:32:50) Running from C:\Users\Trevor\Downloads Loaded Profiles: Trevor Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe (Adlice -> ) C:\Program Files\UCheck\UCheck64.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Devolutions inc. -> ) C:\Program Files\Devolutions\Wayk Agent\NowService.exe (Devolutions inc. -> ) C:\Program Files\Devolutions\Wayk Agent\WaykCrashReporter.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\128.4.2870\QtWebEngineProcess.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2> (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8089888 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.) HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-105084621-2470936660-356980580-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-105084621-2470936660-356980580-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\LogMeIn Print Processor: C:\Windows\System32\spool\prtprocs\x64\LMIproc.dll [60744 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Windows x64\Print Processors\sht13cPC: C:\Windows\System32\spool\prtprocs\x64\sht13cpc.dll [82856 2019-07-21] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider) HKLM\...\Windows x64\Print Processors\uh004PC: C:\Windows\System32\spool\prtprocs\x64\uh004pc.dll [74048 2019-04-01] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider) HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MB2100 series: CNCALCZ.DLL HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX720 series: C:\WINDOWS\system32\CNCALBK.DLL [303104 2012-09-21] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: CNCALBL.DLL HKLM\...\Print\Monitors\Canon BJ Language Monitor MB2100 series: CNMLMCZ.DLL HKLM\...\Print\Monitors\Canon BJ Language Monitor MB2100 series XPS: C:\WINDOWS\system32\CNMXLMCZ.DLL [438784 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX720 series: C:\WINDOWS\system32\CNMLMBK.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX720 series XPS: C:\WINDOWS\system32\CNMXLMBK.DLL [393728 2012-09-20] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-07-31] (CANON INC.) [File not signed] HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\WINDOWS\system32\custmon64i.dll [87552 2011-10-04] () [File not signed] HKLM\...\Print\Monitors\HP 5412 Status Monitor: C:\WINDOWS\system32\hpinksts5412LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\LogMeIn Printer Port Monitor: C:\WINDOWS\system32\LMIport.dll [35656 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Print\Monitors\sht13c Langmon: C:\WINDOWS\system32\sht13clm.dll [61840 2019-07-21] (联想图像(天津)科技有限公司 -> ) HKLM\...\Print\Monitors\uh004 Langmon: C:\WINDOWS\system32\uh004lm.dll [53056 2019-04-01] (联想图像(天津)科技有限公司 -> ) HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP) HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\WINDOWS\system32\LMIinit.dll [2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01DEB208-5CB9-49CA-B9D4-2A66A30C21FE} - System32\Tasks\GoogleUpdateTaskMachineUA1d1aafe43a2359 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0B6DFC31-60EE-4030-8964-7D8DEEE7607D} - System32\Tasks\Phoenix360\ActiveReporter-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC) Task: {0C1FA638-A93C-4198-85F4-CBA14716478C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {15514877-F30A-457D-B345-EC40D49AA8BD} - System32\Tasks\{10B4A429-340B-4224-B42F-CB7C13348265} => C:\Windows\system32\pcalua.exe -a D:\SERVICE\PCInstall.exe -d D:\SERVICE Task: {2186E218-45FB-48C8-8F6E-82E1B7E9CD1B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {26CDD12E-9538-4A8D-A342-2394F841D48D} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC) Task: {2C9F8640-E85D-46B5-8DF9-397AC20EFDB4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) Task: {2E367C82-2D35-48A1-9DA2-C2C785C984D9} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [1086336 2018-05-24] (Alittera Limited Inc -> 4Team Corporation) Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {34A5B3AE-928E-4F29-ACD5-7BAAC3F5B24F} - System32\Tasks\UCheck => C:\Program Files\UCheck\UCheck64.exe [26558008 2020-09-16] (Adlice -> ) Task: {376C045B-D53B-40AC-BEB0-5FF70D02A8A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3DDEDC3A-B8DB-4E09-BDF1-4C2AE7F7F850} - System32\Tasks\{E9A8F2EA-E2E2-41FE-A089-80BCAE05F6BB} => C:\Windows\system32\pcalua.exe -a C:\Users\Trevor\Downloads\QuickBooksUK2010.exe -d C:\Users\Trevor\Desktop Task: {45C1D84D-A8DE-4FA0-85C5-3CEDE39D9DE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4CDEC47D-968A-435E-AD14-794102F55C2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5AB32EB1-084D-4F3A-9E0D-D544D7A388C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5D7F99F3-A6A8-4B5D-9E6D-420343E0BC3D} - System32\Tasks\avastBCLRestartS-1-5-21-105084621-2470936660-356980580-1001 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 0 Task: {60157AE6-2A5E-4BFA-875F-2F92B79F2A47} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {664E79EA-72A5-4BC1-ACB5-BCAB03D9A5B6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {66B89340-B0FE-4AD1-A869-7719465C5772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {723915CB-40A3-487F-8754-0971CB6A418A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe Task: {76775995-4B02-42D7-97D5-FE67D34C0C48} - System32\Tasks\{3DCC002B-D302-46B3-9C40-B95539249579} => C:\Windows\system32\pcalua.exe -a "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00\CDM_Setup.exe" -d "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00" Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {7A122A7D-A028-4B00-87F1-761C287F5B79} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {80AFCD6B-66BB-439F-8848-D21ED44850CA} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\AutoUpdate.exe [2369808 2020-03-06] (IObit Information Technology -> IObit) Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8F7AA920-DCFC-470D-8E25-879AE28D4E99} - System32\Tasks\{1B447821-D9F5-415E-9BA3-336A32609963} => C:\Windows\system32\pcalua.exe -a "C:\Users\Trevor\Documents\duplicate_remover\Setup for Outlook 64-bit.exe" -d C:\Users\Trevor\Documents\duplicate_remover Task: {9853F459-CABD-4672-A8C3-BFBD884D0EC5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform) Task: {9947CDC5-B24D-4C66-B8F4-4ED9238BD8CA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-21] (Adobe Inc. -> Adobe) Task: {9A44F714-E455-4899-A9E0-1C820AFCC4C3} - System32\Tasks\{8EC820F7-4CA0-4CE1-9B10-2A9FD4C41861} => C:\Windows\system32\pcalua.exe -a "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00\FTDIUNIN.exe" -d "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00" Task: {9E9CC566-77ED-47C1-8416-365D9F26D56C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {A0C66E86-BC34-4CE2-BCC1-DBBC79758A61} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A5350653-16AE-4FCF-B05E-4F14D592FD25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AE295510-F901-4D28-91A0-8E4DF44EFAD3} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} Task: {B1EB7F07-AF98-4777-97BC-17351A87A121} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\Scheduler.exe [149776 2020-02-27] (IObit Information Technology -> IObit) Task: {B70C89CA-D251-41FD-8477-14E302EF9509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {C5250AEA-992B-46AB-9CA9-C152D7A07E73} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {C56C339F-D4B0-470F-984B-78E47E45BC38} - System32\Tasks\{454A3CE8-B486-47D3-BF5E-B92ECAC9100A} => C:\Windows\system32\pcalua.exe -a D:\ENV\ActiveXRegSetup.exe -d D:\ENV Task: {C61525E5-AB47-4241-8EFA-21D34C436BD1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CA8384D1-C3EE-4D1D-A6ED-811F9E4D4C66} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {CD9B19B9-E4B2-4A04-8685-6236275D32FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D62F328B-D0F8-4A6E-A5F1-860AC11E33B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {D92EA0D0-9E2B-4C88-A488-29862A985580} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC) Task: {E54F305F-55B2-4EA7-8B8D-EAA6AD683EA5} - System32\Tasks\Christmas Task (One-Time) => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\xmas.exe Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {E9657B7D-A38A-4FE1-BEEE-E2A5850BAE87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E9E02B38-FBF3-4BBA-9FD4-B39D2D2CCF99} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aafe35676c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EEBD6104-DD09-4A5B-992A-489891F03EAC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-04] (Microsoft Corporation -> Microsoft Corporation) Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} Task: {F9F71D54-5180-4DB0-8129-3293224B2AC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-21] (Adobe Inc. -> Adobe) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{4203D66C-69BE-429D-AE78-2193EA9AA5EF}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{F9419E88-BAD8-4C2E-A8A2-461912EFF709}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{F9419E88-BAD8-4C2E-A8A2-461912EFF709}: [DhcpNameServer] 192.168.1.254 Edge: ======= DownloadDir: C:\Users\Trevor\Downloads Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-12] Edge HomePage: Default -> hxxps://uk.search.yahoo.com/?type=715483&fr=yo-yhp-ch Edge Extension: (Avast Passwords) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-06-22] Edge Extension: (Avast Online Security) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-03-12] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-12] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 17ikk9n1.default FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\17ikk9n1.default [2021-07-24] FF Extension: (IBM Security Rapport) - C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-01-22] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-21] (Adobe Inc. -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-21] (Adobe Inc. -> ) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-09-07] (Motive, Inc.) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default [2021-08-12] CHR Notifications: Default -> hxxps://app.rain-alarm.com; hxxps://calendar.google.com; hxxps://www.facebook.com; hxxps://www.greatwarforum.org; hxxps://www.mirror.co.uk; hxxps://www.reddit.com; hxxps://www.whats-on-netflix.com; hxxps://www.youtube.com CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=715483&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/" CHR Extension: (Adobe Acrobat) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-05] CHR Extension: (Avast Passwords) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-02-14] CHR Extension: (Avast Online Security) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01] CHR Extension: (Chrome Media Router) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29] CHR Profile: C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-04] CHR HKU\S-1-5-21-105084621-2470936660-356980580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1157592 2019-09-26] (Acronis International GmbH -> ) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-21] (Adobe Inc. -> Adobe) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.) S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-02-21] (Freemake) [File not signed] R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> ) S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-12] (Malwarebytes Inc -> Malwarebytes) S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed] S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-29] (Alcatel-Lucent) [File not signed] R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-26] (Symantec Corporation -> Dell, Inc.) S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2011-03-08] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed] S4 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM -> IBM Corp.) R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13610040 2020-09-15] (Adlice -> ) R2 SgtSch2Svc; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [1200312 2018-03-05] (Acronis International GmbH -> ) S3 SysnetProtect; C:\Program Files\SysnetProtect\windows_service\device_security_service.exe [5987336 2019-02-21] (Sysxnet Limited -> Sysnet Global Solutions) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13238568 2021-07-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 WaykNowService; C:\Program Files\Devolutions\Wayk Agent\NowService.exe [9444656 2021-07-15] (Devolutions inc. -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) S4 LMIRescue_ca296989-8fdc-826d-7ef3-8b1ae0d0b596; "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe" -service -sid ca296989-8fdc-826d-7ef3-8b1ae0d0b596 -wd "C:\Users\Trevor\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\\" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-10] (Malwarebytes Inc -> Malwarebytes) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-04-26] (SurfRight B.V. -> ) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-04] (Martin Malik - REALiX -> REALiX(tm)) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-12] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-12] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-23] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-08-12] (Malwarebytes Inc -> Malwarebytes) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM -> IBM Corp.) S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-02-20] (IBM -> IBM Corp.) S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM -> IBM Corp.) S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM -> IBM Corp.) S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM -> IBM Corp.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM -> IBM Corp.) R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-02-19] (iolo technologies, LLC -> EldoS Corporation) S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [19016 2019-05-31] (HP Inc. -> ) R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-08-11] (Adlice -> ) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-12 13:04 - 2021-08-12 13:07 - 000073904 _____ C:\Users\Trevor\Downloads\Addition.txt 2021-08-12 12:57 - 2021-08-12 13:33 - 000039771 _____ C:\Users\Trevor\Downloads\FRST.txt 2021-08-12 12:56 - 2021-08-12 13:33 - 000000000 ____D C:\FRST 2021-08-12 12:55 - 2021-08-12 12:56 - 002300416 _____ (Farbar) C:\Users\Trevor\Downloads\FRST64.exe 2021-08-12 11:06 - 2021-08-12 11:06 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-08-12 11:06 - 2021-08-12 11:06 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-08-12 11:06 - 2021-08-12 11:06 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-08-12 11:06 - 2021-08-12 11:06 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-08-11 10:05 - 2021-08-11 10:05 - 000221743 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE31072021.xlsb 2021-08-11 10:05 - 2021-08-11 10:05 - 000221722 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE311082021.xlsb 2021-08-11 02:23 - 2021-08-11 02:23 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2021-08-11 01:34 - 2021-08-11 01:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-08-11 01:34 - 2021-08-11 01:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-08-11 01:34 - 2021-08-11 01:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-08-11 01:34 - 2021-08-11 01:34 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-08-11 01:33 - 2021-08-11 01:33 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-08-11 01:33 - 2021-08-11 01:33 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-08-11 01:33 - 2021-08-11 01:33 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-08-11 01:23 - 2021-08-11 01:23 - 000000000 ___HD C:\$WinREAgent 2021-08-09 21:00 - 2021-08-09 21:00 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2021-08-09 21:00 - 2021-08-09 21:00 - 000002253 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk 2021-08-07 21:06 - 2021-08-07 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-08-05 21:33 - 2021-08-05 21:33 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-08-05 18:40 - 2021-08-05 18:40 - 000079872 _____ C:\Users\Trevor\Downloads\motorcycle incident Ridesure .xls 2021-08-05 09:08 - 2021-08-05 09:08 - 000002425 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-01 00:21 - 2021-08-01 00:21 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-07-30 11:49 - 2021-07-30 11:49 - 000220792 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE28072021.xlsb 2021-07-28 14:41 - 2021-07-28 14:41 - 000220324 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE24062021.xlsb 2021-07-28 14:26 - 2021-07-28 14:26 - 000028367 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\RidesureDL1965185826-850.xlsx 2021-07-28 10:44 - 2021-07-28 10:44 - 000027517 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template.xltx.xlsx 2021-07-28 10:35 - 2021-07-28 10:35 - 000028413 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165776-800.xlsx 2021-07-28 09:11 - 2021-07-28 09:11 - 000028394 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165776-800.xltx 2021-07-27 20:48 - 2021-07-27 20:48 - 000024054 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template1.xltx - Copy.xlsx 2021-07-27 20:47 - 2021-07-27 20:48 - 000024054 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template1.xltx.xlsx 2021-07-27 12:18 - 2021-07-27 12:18 - 000028439 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165751-775.xlsx 2021-07-23 16:11 - 2021-07-23 16:11 - 000219905 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE14062021.xlsb 2021-07-23 11:16 - 2021-07-23 11:16 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-07-20 10:29 - 2021-07-20 10:29 - 000219350 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE16062021.xlsb 2021-07-20 10:29 - 2021-07-20 10:29 - 000219337 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE20062021.xlsb 2021-07-16 19:16 - 2021-07-16 19:16 - 000000072 _____ C:\WINDOWS\system32\wayk-now.bat 2021-07-16 19:16 - 2021-07-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wayk Agent 2021-07-16 10:04 - 2021-07-16 10:13 - 206941304 _____ C:\Users\Trevor\Downloads\wetransfer-fd8186.zip 2021-07-14 18:33 - 2021-07-14 18:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-07-14 18:33 - 2021-07-14 18:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-07-14 18:33 - 2021-07-14 18:33 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-07-14 18:33 - 2021-07-14 18:33 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-07-14 07:45 - 2021-07-14 07:45 - 000218699 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE10062021.xlsb ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-10-31 19:57 - 2012-08-20 19:04 - 000689664 _____ (AdminSystem Software Limited) C:\WINDOWS\system32\ANPOP.dll 2021-08-12 13:14 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-12 13:07 - 2020-11-12 12:21 - 000000000 ____D C:\Users\Ridesure 2021-08-12 13:07 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-12 12:57 - 2011-12-06 19:25 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-12 12:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-12 11:57 - 2020-11-12 12:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-12 11:16 - 2018-09-21 19:06 - 000000000 ____D C:\Program Files\CCleaner 2021-08-12 11:06 - 2021-06-10 10:46 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-08-12 11:06 - 2020-11-17 15:41 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-08-12 03:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-11 16:37 - 2019-12-16 12:53 - 000000000 ____D C:\Users\Trevor\AppData\Local\Packages 2021-08-11 02:30 - 2020-11-12 12:35 - 000939138 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-08-11 02:24 - 2021-05-05 12:06 - 000000000 ___RD C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training 2021-08-11 02:24 - 2016-04-29 17:33 - 000000000 ___RD C:\Users\Trevor\OneDrive 2021-08-11 02:23 - 2020-11-12 12:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-11 02:23 - 2020-11-12 12:15 - 000544696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-08-11 02:23 - 2020-11-12 12:15 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-11 02:23 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-08-11 02:23 - 2018-02-23 13:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-08-11 02:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2021-08-11 01:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-08-11 00:29 - 2020-11-12 12:21 - 000000000 ____D C:\Users\Trevor 2021-08-10 23:57 - 2013-07-26 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-08-10 23:48 - 2011-12-01 13:14 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-08-09 21:00 - 2011-12-06 19:25 - 000000000 ____D C:\Program Files\Google 2021-08-07 21:06 - 2020-10-21 17:47 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-08-07 05:35 - 2020-06-21 20:38 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-07 05:35 - 2020-06-21 20:38 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-08-05 09:07 - 2011-09-21 10:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-08-05 01:59 - 2018-02-23 13:32 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-05 01:59 - 2018-02-23 13:32 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-08-04 20:52 - 2020-11-12 12:56 - 000003448 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d1aafe43a2359 2021-08-04 20:52 - 2020-11-12 12:56 - 000003324 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d1aafe35676c3 2021-08-04 08:18 - 2019-12-14 20:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-08-02 13:30 - 2020-11-30 12:56 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b8e77c620f25 2021-08-02 13:30 - 2020-11-12 12:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-07-27 12:25 - 2021-05-10 14:44 - 000027497 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template.xltx 2021-07-23 16:18 - 2018-03-23 12:50 - 000000000 ____D C:\Users\Trevor\AppData\Local\CrashDumps 2021-07-16 12:58 - 2011-12-16 15:59 - 000000000 ___RD C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Scanned Documents 2021-07-14 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-07-14 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System ==================== Files in the root of some directories ======== 2018-12-29 13:49 - 2018-12-29 13:49 - 000000288 _____ () C:\Users\Trevor\AppData\Roaming\.backup.dm 2012-08-29 08:36 - 2013-02-11 14:37 - 000000754 _____ () C:\Users\Trevor\AppData\Roaming\AtomicAlarmClock.ini 2012-12-11 18:47 - 2012-12-11 18:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Trevor\AppData\Roaming\CheckOSandLaunch.exe 2012-12-12 15:14 - 2012-12-12 15:14 - 000001855 _____ () C:\Users\Trevor\AppData\Roaming\CheckOSandLaunch.exe.config 2011-12-08 14:17 - 2014-02-21 20:02 - 000022236 _____ () C:\Users\Trevor\AppData\Roaming\Comma Separated Values (Windows).ADR 2014-05-20 11:17 - 2016-04-26 20:40 - 000000600 _____ () C:\Users\Trevor\AppData\Roaming\winscp.rnd 2020-11-25 15:50 - 2020-11-26 16:48 - 000007168 _____ () C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2020-12-16 17:22 - 2020-12-16 17:22 - 000000884 _____ () C:\Users\Trevor\AppData\Local\recently-used.xbel 2011-12-23 17:56 - 2021-05-12 14:48 - 000007635 _____ () C:\Users\Trevor\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
  8. RSM
    Hi Firefox, I have not rebooted it yet but I have changed passwords in Office 365 and Outlook etc. I am just downloading the tool now. I also have a FRST Log
  9. RSM
    Hi everyone, I am new to the forum, but could use some help. My partner clicked on a button as it says above. She didnt enter any details and I have scanned the PC with several anti virus/anti Malware programs and come up with nothing. However, I have tried multiple times to open a genuine link sent to me, that I need to open and I keep getting a block message below and I am concerned it has something to do with this email, that was clicked on. Any ideas ? Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/12/21 Protection Event Time: 2:37 PM Log File: 6fc9d216-fb72-11eb-91ba-d067e527daa7.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.44060 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: findresults.site IP Address: 103.224.182.251 Port: 80 Type: Outbound File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.