DanaG

Members

View Profile See their activity

Posts
13
Joined
April 12, 2022
Last visited
April 15, 2022

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by DanaG

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

The trojan virus seems to be gone now. I just did a Windows security scan and nothing popped up. SecurityCheck.txt
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

I got it. I wasn't pushing the fix button before it scanned. Fixlog.txt
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

I sent two files. These showed up right after the scan. i will also copy from Notebook. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022 Ran by Dana (administrator) on DANA-PC (LENOVO 20BX001EUS) (15-04-2022 08:40:20) Running from C:\Users\Dana\Downloads Loaded Profiles: Dana Platform: Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) Language: English (United States) Default browser: Brave Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Bose Corporation) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe (C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTServer.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\SkypePlugin.exe (C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe (C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2> (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2> (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe (DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe (DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe (explorer.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe (explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\56.0.11.0\crashpad_handler.exe <2> (explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe <7> (explorer.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe (explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (services.exe ->) (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe (services.exe ->) (Intel(R) Modem Authenticator -> Intel Mobile Communications) C:\Program Files (x86)\Intel Mobile Communications\ModemAuthenticator\IntelModemAuthenticator.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe (services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\BTDevMgr.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth Profile\AvrcpService.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe (services.exe ->) (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (services.exe ->) (Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe (services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (valWbioSyncSvc.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5166872 2016-07-13] (Realtek Semiconductor Corp -> Realtek semiconductor) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis International GmbH -> Acronis) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTServer.exe [230104 2015-07-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [54176 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis International GmbH -> Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis International GmbH -> Acronis) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [SoundTouchHelper] => C:\Program Files (x86)\SoundTouch\SoundTouchHelper\SoundTouchHelper.exe [952832 2018-02-09] () [File not signed] HKLM-x32\...\Run: [SoundTouch Music Server] => C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.lnk [2118 2018-03-28] () [File not signed] HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [378280 2022-03-02] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music Helper] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [Amazon Music] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [851880 2022-03-02] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2671608 2022-04-14] (Brave Software, Inc. -> Brave Software, Inc.) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.11.0\GoogleDriveFS.exe [53664656 2022-03-30] (Google LLC -> Google, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\100.1.37.116\Installer\chrmstp.exe [2022-04-15] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-10-01] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {026843FD-CC0D-4770-8BB8-787CBD190916} - System32\Tasks\{F3FCC309-FA6F-4296-B76B-DAE05C9EC81F} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) Task: {0631C81F-5345-404C-88C0-7CE4EA62C44A} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> ) Task: {0BDA5F60-AB51-47F5-A444-165E05AB98CA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {0CB2C931-A71B-4E04-9834-7E3C0B02606D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {0E97E6C5-0897-4DCF-85C1-971FC51F6B1F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File) Task: {120BC043-C84E-43F3-8766-C5ACC180787D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File) Task: {17E9E77D-F28F-42FE-BD6C-143A92126B25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1E9E6218-01CD-4EEC-8A93-2F95F7A6D5C0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1e4f7002-5308-4b57-9d37-5a4842034e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {1FB7DAE7-56D5-4A36-8BF4-B36F412B12FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> ) Task: {28852DD2-8F71-4DA4-A1B1-BAF46911EA4D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File) Task: {29A09521-8ADE-412F-BA28-6305C84005C4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6f79bdd5-82ef-4cf9-b12e-9f27695b7ad1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {2D330DD3-AF2B-45C8-B413-132D9E2711BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.) Task: {2DEE644D-28F4-449F-AB21-B07C71C6A2C3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File) Task: {3070EBE4-F104-437C-AFDE-1612860AFF8C} - System32\Tasks\{2D2166C5-B880-48C8-859C-F2901FDB9AA4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {3A66B181-DD7B-41BF-8074-7167E1D82486} - System32\Tasks\CCleanerSkipUAC - Dana => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {44CDD5E8-FF8E-4E15-8E71-64E2F1F8E2EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File) Task: {464B062B-7A6B-423E-B366-5885B7445A69} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {47CF58C4-9648-4E1B-B43B-E4EF2781DC2F} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {552533A4-804C-41BA-9D76-23B9CC4AE725} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File) Task: {5A110A4C-826D-48EC-9830-439633731974} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5BA029F9-D01C-4577-A2A2-882C0D1CAF58} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {64F946DF-B88F-44D1-AA65-8C578918E499} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File) Task: {65F3FADF-F417-423A-8AFB-3551FDD3A5C4} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {6659B3F5-6776-486F-899D-24603EC8B3B8} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [114112 2021-12-03] (Lenovo -> Lenovo) Task: {680CD3C2-E3A3-43B2-84B5-657CD6D79DFB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2020-07-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {6F41B727-F50D-4CC0-B1D0-1EB82177AC7F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File) Task: {7BCACE3E-72C8-40DE-AC1C-A8F8FE14F554} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {7E290F0A-7947-41C4-BA8F-5BEDAC807FBB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File) Task: {8AC6D58D-9E53-4C7F-9289-E86B9D9AF239} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File) Task: {8B2E4E24-AF26-4FDC-829D-4981E0A383EC} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.) Task: {908E895A-1667-42B2-9367-FCAE82707A78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.) Task: {986FA7C0-E3E7-4E8D-9D45-54D8DC63C983} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File) Task: {996635AA-393E-4AA1-B7C0-0AE28170068B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121605552 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) Task: {9BB4F45A-1EC5-4146-A405-DB881C1151DD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\089115ef-4596-4455-a093-aa1545ec6e68 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {9DC0F373-30B7-4CEB-B1CA-5F5CCE31952C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-01] (Google Inc -> Google Inc.) Task: {A3F6B67C-EF77-42B7-BDF1-784BFA4C7155} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File) Task: {ACE01B2A-A8E7-4665-B92A-0B39E18DA50A} - System32\Tasks\{34CD5E77-77C4-4031-9C1F-FAB820BE5289} => C:\Windows\system32\pcalua.exe -a D:\Autorun.exe -d D:\ Task: {AFDA29A7-06C4-4ECE-8F42-072668F83BE6} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B1F6636D-6692-46D7-9752-661D5D3A5DD5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo) Task: {B767DA16-521D-4855-A46F-26D70E554AE8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform) Task: {B84A9E2A-BF71-471C-9F3A-C81B49654B4A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File) Task: {BBC106EF-131A-4C5F-B999-B0B1DAC2827E} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> ) Task: {C13289CD-622C-4A5A-AA0C-C8725E714CB4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File) Task: {C25EFF14-B098-4FBE-82CB-B715C49CF7A7} - System32\Tasks\{A1468312-B4AB-4A5A-98F0-2A1CDFB94381} => C:\Windows\system32\pcalua.exe -a C:\Users\Dana\AppData\Local\Apps\2.0\VDARROLH.W77\2Q1QEAZP.EV2\lsb...tion_91a10ba61c75c82d_0001.0006_014be6b8b4b27d94\Uninstaller.exe -c "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=91a10ba61c75c82d, processorArchitecture=msil" Task: {C737189A-E61C-4D64-9701-E018A56862FC} - System32\Tasks\{E914218A-0908-4685-8C28-5C76322D1326} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) Task: {C7F15081-3C68-49A1-B458-3B104BF77069} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File) Task: {C91C1C8A-5607-444E-810B-F7CC723F3AF0} - System32\Tasks\{D3B84D8E-AD48-4D63-A7C0-7D28E12BFF5C} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) Task: {CD3B4EB0-6613-447B-8A59-450EE7643463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CF4C2883-F412-4837-9831-B47F442271A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D9355F7E-A13F-4479-A824-B5F754E3D9A1} - System32\Tasks\{64CF980B-ED1B-4D96-973A-45625518518B} => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music.exe [23175656 2017-09-09] (Amazon Services LLC -> Amazon Services LLC) Task: {DC4520C7-F3A0-4BEE-8C46-40090876B85E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {DC935CC3-167F-4CDA-93E6-95A5E0EC62EE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File) Task: {DD989857-6210-409B-BDD7-95942FAB7565} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {E17D5839-8AC9-409F-BB69-37D8C0725764} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File) Task: {E1C795F2-0FA3-4FBA-B1D3-97D46B785159} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {E274D82F-D66F-499E-8827-9C4CC2AC7065} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File) Task: {E3D71B02-EC1D-4E43-9647-EA75259D3F0F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File) Task: {E8878E17-AC7B-451E-9CA1-0BA5FA64A06F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File) Task: {EC652FAE-7E22-4151-B773-77BB9E47071D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {EEDFBAE2-8457-450F-B98D-091B76E90648} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File) Task: {F07759B0-5AB8-451C-A3CA-2B8839A799AD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {F096C5FC-6106-416A-8CB6-B09D85BB1772} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> ) Task: {F0EAA5F6-EA62-44AF-AAFB-5CA205F78796} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File) Task: {F5CE988F-83DF-412E-99AD-9654DCA48CC3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File) Task: {F8AA458B-3954-4AB3-B9C2-3F0A06847B1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {FF90632D-C85D-493E-91CB-CE0CABD9CBC8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7b2e3ce9-dffb-41b4-90c3-524ba50c0473}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c0e1da8e-8ad8-4f92-8051-125180f47b75}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c6fdb647-34bc-4f73-b5b0-ad62f3d7d381}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c8350f96-a9f8-4117-86f6-491595b8f12f}: [DhcpNameServer] 76.9.251.1 Tcpip\..\Interfaces\{de81ae96-eaf0-4d5b-9e94-eb658f237786}: [NameServer] 10.83.0.1 Tcpip\..\Interfaces\{e7691b62-bc41-4cf8-b36b-17aea3e4426f}: [DhcpNameServer] 76.9.251.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-12] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-07] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: h74g8q1m.default-1491247110478-1536710986397 FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397 [2022-04-15] FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-06-07] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2022-02-19] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-19] FF Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\rapportext@trusteer.com.xpi [2020-05-15] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx] FF Extension: (Dissenter Extension) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20dd52e5-90c0-4a51-8b31-e70419c5b126}.xpi [2019-04-02] FF Extension: (Startpage.com — Private Search Engine) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2021-01-09] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\h74g8q1m.default-1491247110478-1536710986397\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-19] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default [2022-04-12] CHR Extension: (Slides) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-11] CHR Extension: (Docs) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-14] CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-09] CHR Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-04-10] CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-14] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-04-10] CHR Extension: (Sheets) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-11] CHR Extension: (Google Docs Offline) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-10] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-05-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-09] CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-09] CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] CHR HKU\S-1-5-21-4034831176-164765369-2251470085-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Brave: ======= BRA Profile: C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-04-15] BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (IBM Security Rapport) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-02-16] BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24] BRA Extension: (Malwarebytes Browser Guard) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-11] BRA Extension: (Application Launcher For Drive (by Google)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-10-10] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-04-14] BRA Extension: (Brave NTP background images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10] BRA Extension: (Wallet Data Files Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-04-12] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-04-14] BRA Extension: (Brave NTP sponsored images) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-04-15] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Dana\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-04-12] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1143720 2013-02-15] (Acronis International GmbH -> Acronis) R2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3783672 2016-01-01] (Acronis International GmbH -> Acronis) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-10-10] (Brave Software, Inc. -> BraveSoftware Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> ) R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [829080 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2022-03-02] (EXPRSVPN LLC -> ExpressVPN) R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe [100080 2017-04-28] (Intel(R) MBIM Toolkit -> ) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited) S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.) S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-03-30] (Malwarebytes Inc -> Malwarebytes) S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3002752 2020-02-25] (IBM -> IBM Corp.) U2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-03-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [30504 2019-12-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254352 2022-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SwiService; C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe [1543144 2017-04-28] (Sierra Wireless, Inc -> Sierra Wireless, Inc.) R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7084672 2013-03-26] (Acronis International GmbH -> Acronis) R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology Corp. -> Wacom Technology, Corp.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited) R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25752 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117912 2015-06-11] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2022-03-02] (ExprsVPN LLC -> ExpressVPN) R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-11-08] (Express VPN International Ltd. -> ExpressVPN) R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [108832 2016-01-01] (Acronis International GmbH -> Acronis International GmbH) R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195024 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-11] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [158856 2022-04-12] (Malwarebytes Inc -> Malwarebytes) R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.) S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [431376 2020-02-25] (IBM -> IBM Corp.) S1 RapportCerberus_1955065; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1955065.sys [1469776 2020-06-07] (IBM -> IBM Corp.) S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544592 2020-02-25] (IBM -> IBM Corp.) S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [397248 2020-02-25] (IBM -> IBM Corp.) S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [447232 2020-02-25] (IBM -> IBM Corp.) S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562560 2020-02-25] (IBM -> IBM Corp.) R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [309752 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [120280 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated) S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2020-04-01] (ExprsVPN LLC -> The OpenVPN Project) R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2016-01-01] (Acronis International GmbH -> Acronis International GmbH) S3 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [183224 2016-01-01] (Acronis International GmbH -> Acronis) R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [130848 2020-04-27] (Acronis International GmbH -> Acronis International GmbH) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-15 08:04 - 2022-04-15 08:04 - 002366464 _____ (Farbar) C:\Users\Dana\Downloads\FRST64 (1).exe 2022-04-14 19:06 - 2022-04-14 19:06 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist (1).txt 2022-04-14 19:04 - 2022-04-14 19:04 - 000009255 _____ C:\Users\Dana\Downloads\Fixlist.txt 2022-04-14 14:15 - 2022-04-14 14:15 - 008551608 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner.exe 2022-04-14 14:13 - 2022-04-14 14:13 - 008540344 _____ (Malwarebytes) C:\Users\Dana\Downloads\adwcleaner_8.3.1.exe 2022-04-13 21:50 - 2022-04-13 21:50 - 000319176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_klark.sys 2022-04-13 21:44 - 2022-04-13 21:44 - 000299544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\94d46d2e.sys 2022-04-13 21:44 - 2022-04-13 21:44 - 000227664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_94d46d2ea_mark.sys 2022-04-13 21:42 - 2022-04-13 21:49 - 000000000 ____D C:\KVRT2020_Data 2022-04-13 21:25 - 2022-04-13 21:34 - 116320880 _____ (AO Kaspersky Lab) C:\Users\Dana\Downloads\KVRT.exe 2022-04-13 11:15 - 2022-04-13 11:15 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner (1).exe 2022-04-13 11:13 - 2022-04-14 14:10 - 000001414 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2022-04-13 11:13 - 2022-04-14 14:10 - 000001308 _____ C:\Users\Dana\Desktop\ESET Online Scanner.lnk 2022-04-13 11:13 - 2022-04-13 11:13 - 000000000 ____D C:\Users\Dana\AppData\Local\ESET 2022-04-13 11:10 - 2022-04-13 11:11 - 015274968 _____ (ESET) C:\Users\Dana\Downloads\esetonlinescanner.exe 2022-04-12 22:10 - 2022-04-12 22:10 - 000195024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2022-04-12 22:10 - 2022-04-12 22:10 - 000158856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2022-04-12 22:10 - 2022-04-12 22:10 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2022-04-12 18:32 - 2022-04-12 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2022-04-12 18:32 - 2022-04-12 18:32 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2022-04-12 18:32 - 2022-04-12 18:32 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-04-12 18:31 - 2022-04-12 18:31 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-04-12 18:23 - 2022-04-12 18:23 - 000000000 ___HD C:\$WinREAgent 2022-04-12 12:10 - 2022-04-15 08:12 - 000049200 _____ C:\Users\Dana\Downloads\Addition.txt 2022-04-12 12:06 - 2022-04-15 08:41 - 000051283 _____ C:\Users\Dana\Downloads\FRST.txt 2022-04-12 12:06 - 2022-04-15 08:40 - 000000000 ____D C:\FRST 2022-04-12 12:05 - 2022-04-12 12:05 - 002365952 _____ (Farbar) C:\Users\Dana\Downloads\FRST64.exe 2022-04-06 12:49 - 2022-04-12 19:40 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2022-04-05 09:13 - 2022-03-24 07:54 - 000384584 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3758.sys 2022-04-01 17:31 - 2022-04-01 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo 2022-04-01 09:25 - 2022-04-01 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2022-03-31 09:26 - 2022-03-31 09:26 - 000000000 ____D C:\WINDOWS\Panther 2022-03-30 15:26 - 2022-03-30 15:26 - 000156490 _____ C:\Users\Dana\Downloads\Lean Enrollment_encrypted_.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-15 08:40 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-04-15 08:39 - 2016-11-22 09:12 - 000000000 ____D C:\Users\Dana\AppData\LocalLow\Mozilla 2022-04-15 08:33 - 2016-01-01 05:33 - 000000000 ____D C:\Program Files (x86)\Google 2022-04-15 08:15 - 2019-02-04 14:42 - 000000000 ____D C:\ProgramData\Mozilla 2022-04-15 08:14 - 2021-10-10 11:18 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2022-04-15 08:14 - 2021-10-10 11:18 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk 2022-04-15 08:06 - 2021-10-10 08:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-04-15 08:06 - 2021-09-25 22:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2022-04-15 08:06 - 2020-11-03 01:02 - 000004148 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2C0E6ADA-5CA0-4B9E-87F2-D4AD77B1F348} 2022-04-15 08:06 - 2015-12-31 16:50 - 000000000 ____D C:\Program Files\CCleaner 2022-04-15 08:06 - 2015-12-31 16:44 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-04-15 08:06 - 2015-12-31 16:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-04-15 08:03 - 2021-10-22 11:15 - 000000000 ___RD C:\Users\Dana\My Drive (stechetto@gmail.com) 2022-04-15 08:03 - 2020-09-27 07:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-04-15 08:03 - 2018-10-26 18:09 - 000000000 ___RD C:\Users\Dana\Google Drive 2022-04-15 08:03 - 2016-01-01 04:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\WTablet 2022-04-14 20:01 - 2021-11-08 15:58 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-04-14 20:01 - 2021-11-08 15:58 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk 2022-04-14 20:01 - 2020-11-03 01:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-04-14 14:38 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-04-14 14:33 - 2016-01-01 05:33 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-04-14 14:33 - 2016-01-01 05:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-04-14 14:10 - 2016-01-01 01:47 - 000000000 ____D C:\Users\Dana\AppData\Local\CrashDumps 2022-04-13 13:54 - 2020-09-27 07:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-04-13 13:54 - 2020-09-27 07:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-04-13 11:05 - 2022-02-04 09:22 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Samsung Magician 2022-04-13 00:18 - 2015-12-31 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-04-13 00:14 - 2015-12-31 16:43 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-04-12 22:17 - 2020-11-03 01:04 - 000978502 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-04-12 22:17 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF 2022-04-12 22:14 - 2019-05-02 00:52 - 000000000 ___RD C:\Users\Dana\OneDrive 2022-04-12 22:12 - 2015-12-31 16:10 - 000000000 __SHD C:\Users\Dana\IntelGraphicsProfiles 2022-04-12 22:11 - 2020-11-10 23:14 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2022-04-12 22:11 - 2016-01-01 15:38 - 000000000 ____D C:\WTablet 2022-04-12 22:10 - 2020-11-10 23:15 - 000000000 ____D C:\ProgramData\Synaptics 2022-04-12 22:10 - 2020-09-27 07:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-04-12 22:10 - 2020-09-27 07:33 - 000452176 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-04-12 22:10 - 2020-09-27 07:33 - 000008192 ___SH C:\DumpStack.log.tmp 2022-04-12 22:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-04-12 22:10 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-04-12 22:10 - 2015-12-31 16:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-04-12 22:10 - 2015-12-31 16:13 - 000000000 ____D C:\ProgramData\NVIDIA 2022-04-12 22:09 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-04-12 22:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-04-12 18:35 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-04-12 12:21 - 2019-11-04 21:21 - 000000000 ____D C:\Users\Dana\AppData\Local\D3DSCache 2022-04-12 11:45 - 2016-01-01 05:21 - 000001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2022-04-12 11:45 - 2016-01-01 05:21 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2022-04-12 11:43 - 2021-03-05 20:38 - 000001060 _____ C:\Users\Dana\Desktop\Core FTP LE.lnk 2022-04-12 11:43 - 2016-01-01 17:28 - 000000000 ____D C:\Program Files (x86)\CoreFTP 2022-04-12 11:36 - 2021-08-31 10:38 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk 2022-04-12 11:36 - 2021-08-31 10:38 - 000000000 ____D C:\Program Files\Recuva 2022-04-11 11:02 - 2021-09-03 20:27 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk 2022-04-11 11:02 - 2021-09-03 20:27 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk 2022-04-11 11:02 - 2021-09-03 20:27 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk 2022-04-11 10:37 - 2021-12-10 19:44 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4034831176-164765369-2251470085-1000 2022-04-11 10:37 - 2020-11-03 01:02 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2022-04-11 10:37 - 2020-11-03 01:02 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4034831176-164765369-2251470085-1000 2022-04-11 10:37 - 2020-11-03 00:55 - 000002413 _____ C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-04-10 09:48 - 2020-09-27 07:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-04-10 09:48 - 2020-09-27 07:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-04-08 08:05 - 2020-09-27 07:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-04-05 23:50 - 2020-08-21 19:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-04-05 08:27 - 2015-12-31 16:25 - 000000000 ____D C:\ProgramData\Lenovo 2022-04-05 08:25 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\TempInst 2022-04-04 11:53 - 2017-01-25 14:47 - 000000000 ____D C:\Users\Dana\AppData\Local\ElevatedDiagnostics 2022-04-01 17:31 - 2020-11-10 22:59 - 000001935 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2022-04-01 17:31 - 2020-11-03 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT 2022-04-01 17:31 - 2015-12-31 16:24 - 000000000 ____D C:\Program Files (x86)\Lenovo 2022-04-01 09:25 - 2020-11-03 01:02 - 000003334 _____ C:\WINDOWS\system32\Tasks\SamsungMagician 2022-03-31 09:25 - 2015-12-31 16:48 - 000000000 ____D C:\Program Files\WinRAR 2022-03-23 21:13 - 2020-08-21 19:11 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2022-03-23 21:12 - 2020-08-21 19:11 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2022-03-17 08:27 - 2015-12-31 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ==================== Files in the root of some directories ======== 2020-11-10 23:55 - 2022-04-15 08:03 - 001905434 _____ () C:\Users\Dana\AppData\Local\BTServer.log 2021-08-01 09:56 - 2021-08-01 09:56 - 000000730 _____ () C:\Users\Dana\AppData\Local\recently-used.xbel 2018-09-21 10:04 - 2018-09-21 10:04 - 000007605 _____ () C:\Users\Dana\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Here's the second one: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022 Ran by Dana (15-04-2022 08:42:06) Running from C:\Users\Dana\Downloads Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) (2020-11-03 08:02:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-4034831176-164765369-2251470085-500 - Administrator - Disabled) Dana (S-1-5-21-4034831176-164765369-2251470085-1000 - Administrator - Enabled) => C:\Users\Dana DefaultAccount (S-1-5-21-4034831176-164765369-2251470085-503 - Limited - Disabled) Guest (S-1-5-21-4034831176-164765369-2251470085-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4034831176-164765369-2251470085-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-4034831176-164765369-2251470085-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Amazon Music (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\Amazon Amazon Music) (Version: 6.0.0.1152 - Amazon Services LLC) ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Autodesk SketchBook Pro 2011 sp2 (HKLM-x32\...\{F0B27584-72DD-4CED-A329-57C7F91586C0}) (Version: 5.20.0000 - Autodesk) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.116 - Brave Software Inc) Brother MFL-Pro Suite (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform) Content (HKLM-x32\...\{B369483E-0728-405C-8F8C-3427B263B01F}) (Version: 1.00.0000 - Your Company Name) Hidden Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - ) Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version: - ) Corel Painter 11 - ICA (HKLM-x32\...\{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: 11.0 - Corel Corporation) Hidden Corel Painter 11 - IPM (HKLM-x32\...\{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}) (Version: 011 - Corel Corporation) Hidden Corel Painter 11 (HKLM-x32\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version: - Corel Corporation) Corel Painter 11 (HKLM-x32\...\{28F8F8F0-C278-454A-9507-46B344AAD188}) (Version: 11.0 - Corel Corporation) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Documentation Manager (HKLM\...\{87CA98A2-FF74-4CBE-81D8-0E9145F4A97C}) (Version: 22.30.0.11 - Intel Corporation) Hidden EditPad Lite 7.4.0 (HKLM\...\EditPad Lite) (Version: 7.4.0 - Just Great Software) Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies) ExpressVPN (HKLM-x32\...\{90e86a49-1129-4c1e-87a0-634efa18d2c6}) (Version: 10.20.0.6 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8770D7837}) (Version: 10.20.0.6 - ExpressVPN) Hidden ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - ) FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse) Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 56.0.11.0 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IconHandler 32 bit (HKLM-x32\...\{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}) (Version: 2.0 - Corel Corporation) Hidden IconHandler 64 bit (HKLM\...\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}) (Version: 2.0 - Corel Corporation) Hidden Inkscape 0.92.4 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.92.4.0 - Inkscape project) Intel(R) Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5144 - Intel Corporation) Hidden Intel® Software Installer (HKLM-x32\...\{b6118eaf-49e9-457a-85dd-0a4a96aa9e93}) (Version: 22.30.0.11 - Intel Corporation) Hidden Langauge (HKLM-x32\...\{840BF2FE-033D-437C-89D1-AAA206BA13B6}) (Version: 1.00.0000 - Your Company Name) Hidden Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.23 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo) LINE (HKLM-x32\...\LINE) (Version: 4.3.2.730 - LINE Corporation) Luminar 4 (HKLM\...\Luminar 4) (Version: 4.2.0.5577 - Skylum) Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\OneDriveSetup.exe) (Version: 22.065.0327.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) ModemAuthenticator (HKLM-x32\...\{30F2BC34-BB35-4722-9CE9-B04849D3C934}) (Version: 1.0.25 - Intel Mobile Communications) Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.6.2 - Mozilla) Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.0 (x64 en-US)) (Version: 91.8.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG) Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RAPID Mode (HKLM\...\{7B2F4116-7C42-4EB6-9B11-220F0FAA3567}) (Version: 1.0.1.105 - Samsung Electronics Co., Ltd.) Hidden Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1955.62 - Trusteer) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8988.1 - Realtek Semiconductor Corp.) Hidden REALTEK Bluetooth Profile (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AC}) (Version: 1.0.6.071015 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21290 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.1.0.770 - Samsung Electronics) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.36.10970.4674 - Sierra Wireless, Inc.) Software Upgrade Assistant (HKLM-x32\...\{B33BA940-B460-4F02-BFF3-1DDCE7083726}_is1) (Version: 2.3.8 - Motorola Mobility LLC) SoundTouch (HKLM-x32\...\{BEF6C302-C29F-4FCA-9FE1-E9A994A40108}) (Version: 18.1.4.2009 - BOSE) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{9C7B6DA0-852C-46DB-8D8C-F8B25C7F1354}) (Version: 4.5.507.0 - Synaptics) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.22.3 - TeamViewer) TreeSize Free V4.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4 - JAM Software) True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1955.62 - Trusteer) VCarve Desktop 9.5 (HKLM\...\VCarve DesktopV95) (Version: 9.5 - Vectric) Vectric Shell Extensions 1.2 (HKLM-x32\...\VectricThumbnailShellExt) (Version: - Vectric) Virtual Disk Driver (HKLM-x32\...\{6B6137AE-281D-419E-9F40-FFD1B42A740D}) (Version: 1.1.2141 - Acronis) VTransfer (HKLM\...\VTransfer) (Version: 2.0 - Vectric) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.30-6 - Wacom Technology Corp.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23192 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.) Packages: ========= Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.17.65.0_x86__kgqvnymyfvs32 [2022-03-31] (king.com) Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.78.2.0_x64__kgqvnymyfvs32 [2022-04-14] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2240.1.0_x64__kgqvnymyfvs32 [2022-04-06] (king.com) Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_6.7.9.0_x64__h6adky7gbf63m [2022-03-31] (Gameloft SE) FarmVille 2: Country Escape -> C:\Program Files\WindowsApps\D52A8D61.FarmVille2CountryEscape_19.7.7670.0_x64__jwbwg6xx0377a [2022-04-07] (Zynga Inc.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-25] (LENOVO INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-02] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad] OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-27] (Microsoft Corporation) Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30391.0_x64__8wekyb3d8bbwe [2022-02-17] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth Profile\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.11.0\drivefsext.dll [2022-03-30] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-01-15] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-25] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-04-06] (Piriform Software Ltd -> Piriform Software Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] () [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2016-10-12 06:15 - 2016-10-12 06:15 - 000848896 _____ () [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node 2016-06-10 13:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-06-10 13:15 - 2018-01-18 16:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2018-02-09 17:55 - 2018-02-09 17:55 - 000068608 _____ () [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\zlib1.dll 2018-07-18 14:27 - 2018-07-18 14:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2016-01-01 18:57 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2016-01-01 18:57 - 2007-10-26 12:22 - 000602112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll 2016-01-01 18:57 - 2008-08-05 12:33 - 000172032 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll 2016-01-01 18:57 - 2007-07-10 12:25 - 005345280 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll 2016-01-01 18:57 - 2007-08-06 15:36 - 000110592 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccusa.dll 2016-01-01 18:57 - 2007-01-29 10:59 - 000094208 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrDbgOut.dll 2016-01-01 18:57 - 2008-01-25 21:36 - 000086016 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2016-01-01 18:57 - 2007-01-11 14:07 - 000061440 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrImgPDF.dll 2016-01-01 18:57 - 2003-06-30 01:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll 2016-01-01 18:57 - 2005-07-05 01:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL 2016-01-01 18:57 - 2003-06-30 01:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll 2016-10-12 06:15 - 2016-10-12 06:15 - 025911296 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icudt55.dll 2016-10-12 06:15 - 2016-10-12 06:15 - 001683456 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuin55.dll 2016-10-12 06:15 - 2016-10-12 06:15 - 001158144 _____ (The ICU Project) [File not signed] \\?\C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\icuuc55.dll 2016-10-03 13:04 - 2016-10-03 13:04 - 025048064 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icudt56.dll 2016-10-03 13:02 - 2016-10-03 13:02 - 001802240 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuin56.dll 2016-10-03 12:59 - 2016-10-03 12:59 - 001179648 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\icuuc56.dll 2016-10-12 12:15 - 2016-10-12 12:15 - 000038400 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qdds.dll 2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qgif.dll 2016-10-12 12:15 - 2016-10-12 12:15 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qicns.dll 2016-10-12 12:14 - 2016-10-12 12:14 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\imageformats\qico.dll 2016-10-12 12:13 - 2016-10-12 12:13 - 000988160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\platforms\qwindows.dll 2018-02-09 17:55 - 2018-02-09 17:55 - 004144128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Core.dll 2016-10-12 11:46 - 2016-10-12 11:46 - 004868096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Gui.dll 2016-10-12 11:19 - 2016-10-12 11:19 - 000849408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Network.dll 2016-10-12 11:19 - 2016-10-12 11:19 - 000155136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Sql.dll 2016-10-12 12:01 - 2016-10-12 12:01 - 004486656 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Widgets.dll 2016-10-12 11:20 - 2016-10-12 11:20 - 000152576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\Qt5Xml.dll 2016-10-12 12:07 - 2016-10-12 12:07 - 000686592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\SoundTouch\SoundTouchHelper\sqldrivers\qsqlite.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Condusiv Technologies\ExpressCache\ HKU\S-1-5-21-4034831176-164765369-2251470085-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SketchBook Snapshot.lnk => C:\Windows\pss\SketchBook Snapshot.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: LenovoUtility => "C:\Program Files\Lenovo\LenovoUtility\utility.exe" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk" HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-4034831176-164765369-2251470085-1000\...\StartupApproved\Run: => "Amazon Music Helper" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3775B783-2FFA-4093-B4E6-3F0F432EFE41}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{C2C77C22-5C20-4138-900F-8F4F7F57DEFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0056A7F6-6691-4D44-AEC0-04A2532C8BE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D42CFC1D-FED9-4918-84EA-295B13D74EDA}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) FirewallRules: [{56B2B019-C582-4996-98F7-EFE1A801970C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) FirewallRules: [{8DE0AA2D-09B9-4877-8370-8DA5D9A1DCFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FF8E8146-AB7C-46A7-B8A6-F400040188B6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis) FirewallRules: [{5BFF5746-FE42-46BE-BF97-947658352AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> Acronis) FirewallRules: [{85A2858C-FA83-4FA1-AA1C-25E9B8EB37B0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed] FirewallRules: [{C85818F8-D292-4F87-8BB0-5F84A428A898}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.) [File not signed] FirewallRules: [{74DC16C1-83ED-47DB-9A9E-37AA7371ADDE}] => (Allow) LPort=54925 FirewallRules: [{F28F845D-CD58-4B6C-BF03-3CA312B8F352}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation) FirewallRules: [{F06E4D28-A691-4C07-9410-2039FF4423D9}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe (LINE Corporation -> LINE Corporation) FirewallRules: [TCP Query User{71CCB605-7EB3-41BB-BF5A-0D8DC33B25A8}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [UDP Query User{EECCCD2A-53DB-43F4-8462-5AD678EA365C}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [TCP Query User{AD9AA2C7-F365-4F40-91AB-9D07FF6A2BAF}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [UDP Query User{C514B6CF-D388-4F38-952B-925484D0A15D}C:\users\dana\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\dana\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC) FirewallRules: [{1139B84A-D0C3-4325-AEA0-FC3417C0FBC1}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouch.exe (Bose Corporation) [File not signed] FirewallRules: [{9696F84C-E5E5-4F96-A3DD-0BD9AB57AAFC}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe (Bose Corporation) [File not signed] FirewallRules: [{DA68F1CE-0529-4ECF-9E5F-B4522ED6D986}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{300D5226-4C39-4451-B7A2-4FFB67E018B3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform) FirewallRules: [{ED29899D-D3DB-4602-A77F-9E58265F4DA6}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{B5F6D076-A9A7-4E49-A901-DD395CD8685E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{95B1F257-B4FA-4FE0-94DF-B849DC91276E}] => (Allow) C:\Users\Dana\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{913D7681-6483-488A-BE9C-3EE9A7F1EA67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{357A6BFB-8250-41CE-B3E0-8D58D196312E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{3821372D-A256-4C32-A1F8-F93C553F85F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{58320F58-81EA-46AB-A90E-FF7A241BF7D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{16123F2F-8DEE-4ADD-84C2-A556BE07E2A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BDFDA149-6F82-4A5A-9601-96C707C663A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2D384D65-4DD2-4F1A-83E6-558D56B35419}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{17FB87A1-C361-4007-96F4-62497322ED11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{0DA8DF78-AC56-4734-B5F9-CE8D4C0C6BC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{93499286-B802-49B0-831C-A979ED16D62F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D18C854F-61A0-4711-B914-FA983026B48F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5A40A1F9-D8FE-4D86-A70F-A424F4D46AD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0F6BB1A5-0ECE-45F9-82CA-352F8D26A735}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{9AF58514-4447-4523-92E4-A8A5203CF9E5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{1EB9FBAA-E901-4315-B683-7DAF1F886FF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{43709203-D780-42D7-A1AA-938461AC0577}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (04/14/2022 02:10:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0x33d8 Faulting application start time: 0x01d85043fff8eca0 Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: 9fa8a3fc-f319-4d45-8c71-247045dead85 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 12:25:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf Exception code: 0xc0000409 Fault offset: 0x000000000007286e Faulting process id: 0x810 Faulting application start time: 0x01d84f6c38a65722 Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: 13bb7018-eb95-4a94-8b5c-0a0f61f2fe92 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:22:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf Exception code: 0xc0000409 Fault offset: 0x000000000007286e Faulting process id: 0x4240 Faulting application start time: 0x01d84f636e6f1a7a Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe Faulting module path: C:\WINDOWS\System32\ucrtbase.dll Report Id: bb194e6f-9fad-4c05-94cb-98076367d93b Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:15:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0x43c Faulting application start time: 0x01d84f627bcbe3e3 Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: 4b778ed9-7f66-4389-98ef-3a8b731d1174 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:15:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0x3100 Faulting application start time: 0x01d84f62714bfde5 Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: c900ce54-7fda-4351-a72d-7205e7b02f9b Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:14:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0x26a4 Faulting application start time: 0x01d84f624f2a03cd Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: 06d62b3e-979a-4916-9570-6b54c3bc386c Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:14:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0x39d8 Faulting application start time: 0x01d84f624273f2fe Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: 1257a88e-a976-439e-8438-60e65c14ed35 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2022 11:13:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2 Faulting module name: WININET.dll, version: 11.0.19041.1566, time stamp: 0x58892bb7 Exception code: 0xc0000005 Fault offset: 0x00313278 Faulting process id: 0xdf0 Faulting application start time: 0x01d84f6238b398cd Faulting application path: C:\Users\Dana\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Faulting module path: C:\WINDOWS\SYSTEM32\WININET.dll Report Id: eaf6992c-cca0-42d1-bee6-6b7ffb971628 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/15/2022 08:03:29 AM) (Source: googledrivefs3688) (EventID: 2) (User: ) Description: The driver version of the disk does not match. Error: (04/15/2022 08:03:26 AM) (Source: googledrivefs3688) (EventID: 2) (User: ) Description: The driver version of the disk does not match. Error: (04/14/2022 03:00:24 PM) (Source: volsnap) (EventID: 35) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error: (04/14/2022 02:13:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (04/13/2022 08:26:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (04/13/2022 02:48:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (04/12/2022 10:14:53 PM) (Source: googledrivefs3688) (EventID: 2) (User: ) Description: The driver version of the disk does not match. Error: (04/12/2022 10:14:48 PM) (Source: googledrivefs3688) (EventID: 2) (User: ) Description: The driver version of the disk does not match. Windows Defender: ================ Date: 2022-04-14 14:33:28 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-14 14:33:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-04-13 21:21:13 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0 Name: Trojan:HTML/Phish.RA!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0 Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Date: 2022-04-13 21:20:40 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0 Name: Trojan:HTML/Phish.RA!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0 Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Date: 2022-04-13 21:20:29 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0 Name: Trojan:HTML/Phish.RA!MTB Severity: Severe Category: Trojan Path: file:_C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Thunderbird\thunderbird.exe Security intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0 Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 CodeIntegrity: =============== Date: 2022-04-14 10:16:44 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: LENOVO JBET73WW (1.37 ) 08/14/2019 Motherboard: LENOVO 20BX001EUS Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Percentage of memory in use: 55% Total physical RAM: 11984.07 MB Available physical RAM: 5387.51 MB Total Virtual: 24272.07 MB Available Virtual: 16198.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.82 GB) (Free:10.81 GB) NTFS Drive d: (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS ==>[system with boot components (obtained from drive)] Drive g: (stechetto@gmail.com - Google ...) (Fixed) (Total:15 GB) (Free:1.93 GB) FAT32 Drive h: (danag@hevanet.com - Google Drive) (Fixed) (Total:15 GB) (Free:10.27 GB) FAT32 \\?\Volume{d3d06843-b093-11e5-9863-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{a1c15582-0000-0000-0000-90fa39000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A1C15582) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=231.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=530 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: E9F389AB) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= Addition.txt FRST.txt
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Nothing. I did a search for it as well and turned up with nothing. I'll try to run the FRST64 again.
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

I hope this is it. FRST.txt
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Here is the Fixlist Addition.txt
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Hi Maurice, I downloaded and right clicked Fixlist.text and then went to downloads and and there was no FRST64. Just the text on notepad from Fixlist.text.
- April 15, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Completed the Adware scan and no malicious adware showed up. I can't figure out how to attach the log.
- April 14, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Hi Maurice, I completed the Kaspersky Virus Removal Tool scan and it showed no viruses or corruptions.
- April 14, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Hi Maurice, The Malwarebytes scan showed no virus or threats.
- April 13, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Hi Maurice, I downloaded ESET Onlinescanner and tried to run it. it kept saying ESET online scanner has stopped working. It says a problem caused the program to stop working correctly . Windows will close the program and notify you if a solution is available.
- April 13, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG replied to DanaG's topic in Resolved Malware Removal Logs

Hi Maurice, I finished the scan as you instructed and it said there were no viruses. I can't find the Windows\debug\msert.log anywhere. I will check to see if the virus warning keeps coming up. Dana
- April 13, 2022
- 25 replies
Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

DanaG posted a topic in Resolved Malware Removal Logs

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB and won't let me quarantine or remove it. it doesn't show up on my daily Malwarebytes scan. Affected items: file: C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\INBOX file: C:\Users\Dana\AppData\Roaming\Thunderbird\Profiles\vw9wjk7j.default-release\ImapMail\mail.mailconfig.net\Spam FRST.txt Addition.txt
- April 12, 2022
- 25 replies

Sign In

DanaG

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by DanaG

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Windows Security keeps posting this virus. Trojan:HTML/Phish.RA!MTB

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information