Jump to content

Chrome Secure Preferences - sync already off


wdpcpa
 Share

Go to solution Solved by kevinf80,

Recommended Posts

Hello wdpcpa and welcome to Malwarebytes,

Continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Thank you.  Here is the Malwarebyes Scan Log.  I will continue with the rest of the steps and report back.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/6/20
Scan Time: 8:14 AM
Log File: 4c715014-37cd-11eb-a2c7-e04f4326ffe8.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33967
License: Premium

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: WDP-LENOVO\wdpcpa

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 326116
Threats Detected: 5
Threats Quarantined: 4
Time Elapsed: 1 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.SecuryBrowse, HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fojomppheellamdaddnbgommepnlkooh, Quarantined, 429, 657125, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, 429, 657125, , , , , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 429, 657125, , , , , E02E252869A5211307B5D261D854D698, A030C483C07C8395785C780CC67D22EACAAC4E0F124D6A2159730ECF88EE6F64
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33967, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33967, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

AdwCleaner by Malwarebytes found no running process but Lenovo processes so there was nothing to quarantine, no restart.  Here is the log:
 

 -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-06-2020
# Duration: 00:00:18
# OS:       Windows 10 Pro
# Scanned:  31837
# Detected: 10


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\wdpcp\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 
Preinstalled.LenovoServiceBridge   Folder   C:\Users\wdpcp\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE 
Preinstalled.LenovoServiceBridge   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1 
Preinstalled.LenovoUpdate   Folder   C:\Program Files (x86)\LENOVO\SYSTEM UPDATE 
Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08} 
Preinstalled.LenovoUpdate   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 



The FRST.txt is below and the Addition is attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by wdpcpa (administrator) on WDP-LENOVO (LENOVO 10NR000HUS) (06-12-2020 08:35:26)
Running from C:\Users\wdpcp\Desktop
Loaded Profiles: wdpcpa
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.0.595.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Alexa.DesktopExtension.exe
(AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.0.595.0_x64__22t9g3sebte08\Alexa.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.66.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CYBERLINKCOM CORPORATION) C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.11322.0_x86__m916jedk64snt\Power2Go8\CLMLSvc_P2G8.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\111.4.472\QtWebEngineProcess.exe <3>
(EMC Corporation -> EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(EMC Corporation -> EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <39>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSCFG.exe
(Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSE.exe
(Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSOutput.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\wdpcp\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Linksys LLC -> ) [File not signed] C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe
(LITE-ON TECHNOLOGY CORP. -> LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4018976 2015-12-23] (LITE-ON TECHNOLOGY CORP. -> LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677472 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618080 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [210688 2015-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-10-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Smart Touch i1100] => C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSCFG.exe [715264 2014-10-10] (Kodak Alaris Inc.) [File not signed]
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [com.squirrel.Teams.Teams] => C:\ProgramData\wdpcp\Microsoft\Teams\Update.exe [2452112 2020-08-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG5400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBB.DLL [30208 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5400 series: C:\WINDOWS\system32\CNMLMBB.DLL [389120 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\WINDOWS\system32\SRCredentialProvider.dll [2020-11-12] (Splashtop Inc. -> Splashtop Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-10-18]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2018-10-09]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Amazon Services LLC -> Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-03-14]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-06-16]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2020-06-16]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2020\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028FC1A9-F7C0-4E01-A63B-DA16788111FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {097F7DFE-2FCF-42E6-80E2-66A104075CF5} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {09FD63B9-79B2-40C6-A4F6-22D63495B3E5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0FDBFE0F-CE46-41AA-9F98-0A87D168DE59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16A946E3-3762-4F12-A2BE-D0050299A7E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {1BD31AC7-B67A-45A3-BEC2-07B85B9CD2A0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a87f6986-712f-4fa1-899d-571b95f63687 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1C9E5685-868D-4F3C-B470-F615AF92CBDF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupdate.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {1DBD428A-1B4D-4965-B035-A7B6AAB40976} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {200C7F22-F9F0-42A4-A189-A875C610699A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-10] (Adobe Inc. -> Adobe)
Task: {25522DDB-012F-4195-88D9-AEFDF387E6E4} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {31B3C7D8-CA99-4BA9-87DF-1DE7BD4DBC89} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08607084-7e24-4fe6-95f6-e53ee258c870 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {465A97F6-41DB-45C9-8BE6-F9BF61EC9E0D} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {46D22CD7-FE49-40B8-854C-8C7B46BDEB08} - System32\Tasks\GoogleUpdateTaskMachineCore1d57955464c6d52 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.)
Task: {4B1DF809-3E3B-4C1B-96E5-F49FC74B46B4} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382792 2020-05-07] (Intuit, Inc. -> Intuit Inc.)
Task: {4CD77A75-A47D-425E-9EA3-0F24E706BFAF} - System32\Tasks\WpsUpdateTask_wdpcpa => C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpsupdate.exe [158464 2020-11-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {5D49CA39-C648-4936-9097-F2FC7D25A5CF} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {6E883E4E-70A6-4B8B-BA30-D2ECD69D60D8} - System32\Tasks\DropboxUpdateTaskMachineUA1d5d6376fa2008 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {73E09FDA-6D5C-4B62-8AA4-04E31ECB5B2A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {747A1E8A-6C06-4286-A988-689EDF76C83F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {83CDBCBA-CFF1-43A7-BCD2-9B73C1060D29} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {866D6658-2135-451B-962C-56540C183C66} - System32\Tasks\G2MUploadTask-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupload.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {92AD2F8C-7673-46DF-A58B-273F6FC2857A} - System32\Tasks\DropboxUpdateTaskMachineCore1d5d6376ef5f20 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\wdpcp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A7EEE46C-BAA2-4B3F-BCA3-1EE064172610} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {A849D1B7-4031-4DBF-BE4D-66045BFCF272} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {ACF6A85C-7E4D-49C3-8264-831A2B99638B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f6af872-6d16-4e6c-b065-ca10059df0ee => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {B0685EAD-4432-40CF-9D57-69209B9BCE6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B2F1BDCB-9481-461C-BF1D-4650FFA62887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.)
Task: {B76E2760-2748-4367-9B31-3F5137944BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B7866752-31F3-44E0-BD46-07E7C0D36150} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {BACBFC72-B84D-45C0-9BF5-F98CAB1C0621} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2020-10-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {BB3BEF18-B859-40F6-AAC1-D63DEC19BF47} - System32\Tasks\WpsExternal_wdpcpa_20201118135123 => C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe [1482496 2020-11-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {CB154135-3E91-487D-877D-05D13E970533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.)
Task: {D10F65FC-D682-424D-948B-EAAC79F0FB0F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {D2FA4C2A-5A8E-4845-A4DD-4990A7D6A14C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {D465A3A8-457D-4BBF-8029-64487087B35D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
Task: {E21B8771-0973-42E2-AB93-87AD42BFC2FD} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {E9E2462E-3706-4992-BEC7-4F33CA94BB08} - System32\Tasks\GoogleUpdateTaskMachineUA1d57955465131be => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.)
Task: {EA83DA4A-DE8A-4838-AB12-8976288B4AD5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EA9C0F1F-8FBE-4140-AAF2-7BC06C9AA4AB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {F7C3E868-3FDB-4555-B2AB-16C3E43F3104} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {FF304298-D7F3-45ED-A16E-BC4A02405E23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d5d6376ef5f20.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d5d6376fa2008.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2227461285-1414691040-4132665187-1001.job => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2227461285-1414691040-4132665187-1001.job => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1336316a-9c4e-461a-9658-142617325137}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2ef9ab4e-0635-449c-a5a4-fabd6dfd6d18}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{558c420d-1187-4b57-ab29-9bb7883884c4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e8823026-1e77-4038-b138-d1db32219ecd}: [DhcpNameServer] 9.10.10.100 9.9.10.100

Edge: 
======
Edge Notifications: HKU\S-1-5-21-2227461285-1414691040-4132665187-1001 -> hxxps://www.facebook.com; hxxps://www.newbienudes.com; hxxps://www.tubeninja.net; hxxps://www.xvideos.com; hxxps://livenewschat.eu; hxxps://www.livenewswatch.com; hxxps://voice.google.com; hxxps://www.fappenist.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\wdpcp\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-06]
Edge Notifications: Default -> hxxps://livenewschat.eu; hxxps://voice.google.com; hxxps://www.facebook.com; hxxps://www.fappenist.com; hxxps://www.livenewswatch.com; hxxps://www.newbienudes.com; hxxps://www.reddit.com; hxxps://www.tubeninja.net; hxxps://www.xvideos.com; hxxps://www.youtube.com
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 0nx304ij.default
FF ProfilePath: C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\0nx304ij.default [2019-08-15]
FF ProfilePath: C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\kpxu0635.default-release [2020-12-06]
FF Extension: (Web Threat Shield) - C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\kpxu0635.default-release\Extensions\webrootsecure@webroot.com.xpi [2020-11-23]
FF HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2227461285-1414691040-4132665187-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\wdpcp\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR Notifications: Default -> hxxps://1337x.to; hxxps://agldq.emindeed.top; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://documentconverter.app; hxxps://fileconvertor.org; hxxps://meet.google.com; hxxps://qpdownload.com; hxxps://www.batteriesplus.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.gamedesire.com; hxxps://www.instantcheckmate.com; hxxps://www.livenewswatch.com; hxxps://www.majorgeeks.com; hxxps://www.newsbreak.com; hxxps://www.reddit.com; hxxps://www.replaypoker.com; hxxps://www.truthfinder.com; hxxps://www.wps.com; hxxps://xn--80aeedslq0au3k.xn--p1ai; hxxps://zrhdi.capacygre.top
CHR DefaultSearchURL: Default -> hxxps://www.trickstercards.com/image/icons/cards-clear-96x96.png
CHR DefaultSearchKeyword: Default -> securyBrowse
CHR DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms}
CHR Extension: (Slides) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-15]
CHR Extension: (MuteTab) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2019-08-06]
CHR Extension: (Docs) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-15]
CHR Extension: (Google Drive) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-15]
CHR Extension: (Trickster Cards) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkkmakaepfpkpdgcpphpmahbabffope [2020-05-09]
CHR Extension: (Tampermonkey) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-10-09]
CHR Extension: (Adobe Acrobat) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-08]
CHR Extension: (Sheets) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-15]
CHR Extension: (Google Docs Offline) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-11-22]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-12]
CHR Extension: (Google Hangouts) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-10-18] (philandro Software GmbH -> philandro Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation -> EMC Corporation)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe [18360 2020-07-09] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-18] (Malwarebytes Inc -> Malwarebytes)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1985536 2020-10-28] (London Trust Media Incorporated -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4448632 2020-10-28] (London Trust Media Incorporated -> )
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-11-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-11-15] (Intuit Inc.) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2015-05-15] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] (Linksys LLC -> ) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-18] (Malwarebytes Corporation -> Malwarebytes)
R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [23208 2017-11-13] (WDKTestCert Win10P64US,131547553407012624 -> Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-26] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl28cf267e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D892CB49-3DA6-41C7-96D2-25CE15DBFF00}\MpKslDrv.sys [47336 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-10-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 08:35 - 2020-12-06 08:36 - 000037873 ____C C:\Users\wdpcp\Desktop\FRST.txt
2020-12-06 08:34 - 2020-12-06 08:35 - 000000000 ____D C:\FRST
2020-12-06 08:33 - 2020-12-06 08:33 - 002288640 _____ (Farbar) C:\Users\wdpcp\Desktop\FRST64.exe
2020-12-06 08:24 - 2020-12-06 08:24 - 000000000 ____D C:\AdwCleaner
2020-12-05 11:24 - 2020-12-05 11:24 - 000001123 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2020-12-05 11:24 - 2020-12-05 11:24 - 000001123 _____ C:\ProgramData\Desktop\MediaMonkey.lnk
2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\ProgramData\MediaMonkey
2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\Program Files (x86)\MediaMonkey
2020-12-05 10:11 - 2020-12-05 10:11 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-12-05 10:11 - 2020-12-05 10:11 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-12-05 10:11 - 2020-12-05 10:11 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-12-04 07:47 - 2020-12-04 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-02 11:34 - 2020-12-02 11:35 - 000180436 _____ C:\Users\wdpcp\OneDrive\Documents\Bill's Medicare and Ins cards .pdf
2020-12-02 11:26 - 2020-12-02 11:27 - 000139407 _____ C:\Users\wdpcp\OneDrive\Documents\Bill's DL.pdf
2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-01 16:10 - 2020-12-01 16:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-11-29 13:22 - 2020-11-29 13:22 - 000000000 ___DC C:\Users\wdpcp\Desktop\XMAS 2020
2020-11-28 21:45 - 2020-11-28 21:47 - 000000000 ___DC C:\Users\wdpcp\Desktop\Black House
2020-11-27 21:40 - 2020-11-27 21:40 - 000012881 _____ C:\Users\wdpcp\Downloads\A.Matter.of.Justice.1993.Part.2.WEBRip.x264-ASSOCiATE-[rarbg.to].torrent
2020-11-23 21:25 - 2020-11-23 21:25 - 000000000 ____D C:\Users\wdpcp\Downloads\DiscogsAutoTag
2020-11-19 19:00 - 2020-12-05 19:14 - 000000000 ____D C:\Users\wdpcp\AppData\Roaming\MediaMonkey
2020-11-19 19:00 - 2020-11-19 19:00 - 000000000 ____D C:\Users\wdpcp\AppData\Local\MediaMonkey
2020-11-19 18:58 - 2020-11-19 22:33 - 000000000 ____D C:\Users\wdpcp\Downloads\MediaMonkey 4.1
2020-11-18 13:51 - 2020-11-18 13:51 - 000004070 _____ C:\WINDOWS\system32\Tasks\WpsExternal_wdpcpa_20201118135123
2020-11-18 07:13 - 2020-11-26 20:06 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-18 07:13 - 2020-11-18 07:12 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-11-16 19:57 - 2020-11-17 09:49 - 000001205 ____C C:\Users\wdpcp\Desktop\New Text Document (3).txt
2020-11-16 19:57 - 2020-11-16 19:57 - 000000495 ____C C:\Users\wdpcp\Desktop\AOC Nextdoor.txt
2020-11-11 22:07 - 2020-11-11 22:07 - 090319872 _____ (openaudible.org) C:\Users\wdpcp\Downloads\OpenAudible_2.3.5_win.exe
2020-11-11 13:35 - 2020-11-11 13:35 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-11 13:35 - 2020-11-11 13:35 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-11 13:35 - 2020-11-11 13:35 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-11 13:35 - 2020-11-11 13:35 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-09 19:07 - 2020-12-02 12:30 - 000013328 _____ C:\Users\wdpcp\OneDrive\Documents\Bills Drug List 12-01-20.xlsx
2020-11-09 18:29 - 2020-11-09 18:29 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 08:30 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-06 08:30 - 2018-09-16 23:55 - 000000000 __RDC C:\Users\wdpcp\Desktop\Delete These
2020-12-06 08:05 - 2020-06-16 00:23 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A1BE38DA-19D9-4C90-B46F-4482B8CEC6EF}
2020-12-06 08:02 - 2020-02-10 15:14 - 000000000 ___RD C:\Users\wdpcp\Google Drive
2020-12-06 08:02 - 2018-11-11 13:45 - 000000000 ____D C:\Program Files\CCleaner
2020-12-05 22:29 - 2020-06-16 00:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-05 21:18 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-05 21:18 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-05 15:46 - 2018-09-16 00:31 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\uTorrent
2020-12-05 11:29 - 2018-09-17 14:42 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\CrashDumps
2020-12-05 10:16 - 2020-06-16 00:26 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-05 10:16 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-05 10:11 - 2020-06-16 00:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-05 10:11 - 2018-11-12 17:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-05 10:10 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-12-05 10:02 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-04 17:50 - 2020-03-07 07:06 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-04 17:50 - 2020-03-07 07:06 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-04 17:50 - 2020-03-07 07:06 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-04 10:17 - 2018-04-17 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-04 07:48 - 2018-09-16 01:44 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-03 15:29 - 2020-09-02 08:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-03 15:29 - 2019-08-15 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-03 14:12 - 2020-06-16 00:23 - 000003448 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d57955465131be
2020-12-03 14:12 - 2020-06-16 00:23 - 000003324 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d57955464c6d52
2020-12-02 18:13 - 2018-09-15 20:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 12:04 - 2019-06-28 10:01 - 000000000 ___DC C:\Users\wdpcp\Desktop\Stroke Clinic
2020-12-01 22:54 - 2018-09-16 01:14 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\vlc
2020-12-01 20:33 - 2018-09-16 01:50 - 000000000 ___RD C:\Users\wdpcp\Dropbox (Personal)
2020-11-29 23:35 - 2019-08-15 13:54 - 000000000 ___DC C:\Users\wdpcp\AppData\LocalLow\Mozilla
2020-11-29 23:24 - 2019-08-15 13:54 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-29 23:22 - 2019-08-15 13:54 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-29 13:02 - 2019-12-15 22:08 - 000001368 ____C C:\Users\wdpcp\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2020-11-29 13:02 - 2019-12-15 22:08 - 000000221 ____C C:\Users\wdpcp\Desktop\Visit MediaHuman Website.url
2020-11-27 23:51 - 2020-06-16 00:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-27 23:51 - 2020-06-16 00:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 11:32 - 2018-09-15 22:55 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\FreeFileSync
2020-11-27 09:32 - 2020-09-20 21:07 - 000001014 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2020-11-27 09:32 - 2020-09-20 21:07 - 000001014 _____ C:\ProgramData\Desktop\FreeFileSync.lnk
2020-11-27 09:32 - 2020-09-20 21:07 - 000000990 _____ C:\Users\Public\Desktop\RealTimeSync.lnk
2020-11-27 09:32 - 2020-09-20 21:07 - 000000990 _____ C:\ProgramData\Desktop\RealTimeSync.lnk
2020-11-27 09:32 - 2018-09-15 22:55 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2020-11-27 09:32 - 2018-09-15 22:55 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2020-11-27 09:32 - 2018-09-15 22:55 - 000000000 ____D C:\Program Files\FreeFileSync
2020-11-27 09:31 - 2020-09-20 21:05 - 000000000 ____D C:\Users\wdpcp\Downloads\FreeFileSync
2020-11-26 20:06 - 2020-10-16 16:55 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-26 10:55 - 2020-06-16 00:23 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-11-25 21:44 - 2019-02-14 16:59 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\Media_Companion
2020-11-24 00:13 - 2020-06-16 00:23 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-24 00:13 - 2018-12-28 20:59 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-22 22:11 - 2018-09-15 20:40 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\Packages
2020-11-21 23:19 - 2020-06-15 20:00 - 000000000 ____D C:\Users\wdpcp
2020-11-21 19:10 - 2019-02-14 08:32 - 000000000 ____D C:\Users\wdpcp\Downloads\MediaCompanion 2019
2020-11-20 14:35 - 2020-09-30 16:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-20 10:50 - 2018-09-16 01:17 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\ElevatedDiagnostics
2020-11-18 13:51 - 2020-09-29 09:35 - 000003640 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_wdpcpa
2020-11-18 09:18 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-18 07:13 - 2020-07-17 16:04 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-18 07:13 - 2019-07-04 22:07 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-18 07:13 - 2019-07-04 22:07 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-18 07:13 - 2019-03-18 22:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-18 07:12 - 2019-07-04 22:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-16 13:28 - 2020-09-24 12:24 - 000000000 ____D C:\Users\wdpcp\OneDrive\Documents\Kaufman Property Tax
2020-11-16 06:32 - 2020-02-10 15:10 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000002080 _____ C:\ProgramData\Desktop\Google Slides.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000002078 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000002068 _____ C:\ProgramData\Desktop\Google Docs.lnk
2020-11-16 06:32 - 2020-02-10 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-11-15 23:13 - 2019-02-09 20:01 - 000009475 _____ C:\Users\wdpcp\OneDrive\Documents\tv shows.xlsx
2020-11-15 21:47 - 2020-10-23 14:50 - 000000000 ____D C:\Users\wdpcp\OneDrive\Documents\Forney Air
2020-11-12 20:52 - 2020-04-14 15:54 - 000311216 _____ (Splashtop Inc.) C:\WINDOWS\system32\SRCredentialProvider.dll
2020-11-12 11:00 - 2020-02-19 10:58 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 16:22 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-12 09:14 - 2020-06-16 00:15 - 000462832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 09:14 - 2018-09-15 20:40 - 000000000 ___RD C:\Users\wdpcp\3D Objects
2020-11-12 09:14 - 2018-04-17 13:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-12 00:34 - 2019-03-19 00:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 00:33 - 2020-06-27 20:21 - 000000000 ____D C:\Users\wdpcp\OpenAudible
2020-11-11 13:35 - 2020-06-16 00:16 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-10 20:03 - 2018-09-16 00:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-10 20:01 - 2018-09-16 00:56 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-10 19:52 - 2020-06-16 00:23 - 000004538 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-10 19:52 - 2020-06-16 00:23 - 000004380 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-11-10 19:52 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-11-10 19:52 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-10 19:52 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-11-10 19:52 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-11-10 12:24 - 2018-09-15 22:43 - 000021079 _____ C:\Users\wdpcp\OneDrive\Documents\cat foods.xlsx
2020-11-10 00:04 - 2020-04-07 22:07 - 000000000 ____D C:\Program Files (x86)\QuickTime
2020-11-09 18:29 - 2019-02-16 17:56 - 000000000 ____D C:\Program Files\Private Internet Access

==================== Files in the root of some directories ========

2019-08-22 16:33 - 2019-08-22 16:33 - 000008977 _____ () C:\Users\wdpcp\AppData\Roaming\QBFileDrTool_DESKTOP-O141FKD.log
2019-07-24 21:48 - 2019-07-24 21:48 - 000000038 ___SH () C:\Users\wdpcp\AppData\Local\32cd2b0451e261ee292289.21073168

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Hiya wdpcpa,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

user posted image

 
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:

    user posted image

     
  • Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.

    user posted image

     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:

    user posted image

     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.

    user posted image

     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.

    user posted image

     
  • Please Copy and Paste the contents of the scan log in your next reply.


Let me see those logs in your reply...

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Fixlog.txt is attached.

Emsisoft Report:

12/6/2020 11:58:19 AM
High risk Malware "Trojan.GenericKD.33867051 (B)" in "C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll" quarantined by user WDP-LENOVO\WDPCPA

Scan log from EMSISOFT:

Emsisoft Emergency Kit - Version 2020.5
Last update: 12/6/2020 11:50:09 AM
My own WDP-LENOVO\wdpcpa
 WDP-LENOVO
 Windows 10x64 

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: ON
Scan archives: OFF
Scan mail archives: OFF
ADS Scan: ON
Direct disk access: OFF

Scan start:    12/6/2020 11:51:28 AM
C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll     detected: Trojan.GenericKD.33867051 (B) [krnl.xmd]

Scanned    91827
Found    1

Scan end:    12/6/2020 11:57:36 AM
Scan time:    0:06:08

C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll     Trojan.GenericKD.33867051 (B)

Quarantined    1


Many thanks,

Bill

Fixlog.txt

Link to post
Share on other sites

Latest MB Scan still shows a problem.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/6/20
Scan Time: 12:18 PM
Log File: 7fed97d2-37ef-11eb-88e6-e04f4326ffe8.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33975
License: Premium

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: WDP-LENOVO\wdpcpa

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 324674
Threats Detected: 5
Threats Quarantined: 4
Time Elapsed: 2 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.SecuryBrowse, HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fojomppheellamdaddnbgommepnlkooh, Quarantined, 429, 657125, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, 429, 657125, , , , , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 429, 657125, , , , , F699B6ECE3DBF98CA9B8BD6171E0C075, 2EEAD104B15D18A58F545827BC0D91B7A873C0DFA29F091E9D109F1B673A3128
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33975, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF
PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33975, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

MB Scan 12_6_20.JPG

Link to post
Share on other sites

Hiya Bill,

Continue with he following:

Open Chrome, select menu (3 dots top right hand of page)

Select "Settings" from the drop down menu..

Scroll to bottom of expanded page, select "Advanced" drop down.

Scroll to and select "Reset and Clean up"

From right hand pane select "Restore Settings to Original Defaults" allow that to complete.

From the same pane select "Clean up Computer" allow that to complete..

Reboot your system when that completes, run another scan with Malwarebytes...

Thank you,

Kevin..

Link to post
Share on other sites

  • Solution

Thanks Bill, continue for a fresh install of Chrome. If you do not use Google Drive just miss that part out of the instructions...

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

For your Passwords go here:

https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Continue for a clean install:

Download Chrome installer and save to install later:

https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings hit enter...


user posted image


In the new window that opens "Turn Off" option will show, select that option.


user posted image


You will then be given notice of what will be cleared. Checkmark the box that gives an option to clear bookmarks, passwords, history etc. Confirm that action by selecting "Turn Off" tab


user posted image


Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/


user posted image


If you use Google Drive, open the Google folder, right click on Drive and select "Copy" then right click on your Desktop or a folder of choice and select "Paste" to save that folder and its contents.


user posted image


When you successfully saved Google drive go back to Local folder, delete the folder named Google


user posted image


Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Import Passwords... (instructions in second step above)

Next,

Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

If you previously had Google Drive you will nee to download and install again: https://www.google.com/intl/en_rw/drive/download/

When that is completed transfer the contents of the save google drive folder to the new one...

Does that help...
 
Thanks,
 
Kevin...
Link to post
Share on other sites

Hiya Bill,

Good to hear your PC is ok for you again. I never use any type of cleaner that has the potential to damage windows registry and possibly turn your PC into a brick. I personally just use windows own disk cleanup utility, it does the job just fine: https://neosmart.net/wiki/disk-cleanup/

Next,

Continue to clean up remove tools etc...

Navigate to and delete the following, (if still present):

C:\ProgramData\Emsisoft
C:\Users\{your user name}\Desktop\start emergency kit scanner - Shortcut.lnk
C:\EEK
C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe


Next,

Right click on FRST here: C:\Users\wdpcp\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.