wdpcpa Posted December 5, 2020 ID:1425316 Share Posted December 5, 2020 Attached is a JPG showing that Malwarebyes couldn't remove the chrome secure preference infection. It comes back. What is odd is when I follow directions elsewhere it calls for turning off sync. My sync is already turned off. Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2020 ID:1425317 Share Posted December 5, 2020 Hello wdpcpa and welcome to Malwarebytes, Continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425435 Share Posted December 6, 2020 Thank you. Here is the Malwarebyes Scan Log. I will continue with the rest of the steps and report back. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/6/20 Scan Time: 8:14 AM Log File: 4c715014-37cd-11eb-a2c7-e04f4326ffe8.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33967 License: Premium -System Information- OS: Windows 10 (Build 18362.1198) CPU: x64 File System: NTFS User: WDP-LENOVO\wdpcpa -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 326116 Threats Detected: 5 Threats Quarantined: 4 Time Elapsed: 1 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SecuryBrowse, HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fojomppheellamdaddnbgommepnlkooh, Quarantined, 429, 657125, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, 429, 657125, , , , , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 429, 657125, , , , , E02E252869A5211307B5D261D854D698, A030C483C07C8395785C780CC67D22EACAAC4E0F124D6A2159730ECF88EE6F64 PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33967, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33967, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425440 Share Posted December 6, 2020 AdwCleaner by Malwarebytes found no running process but Lenovo processes so there was nothing to quarantine, no restart. Here is the log: ------------------------------- # Malwarebytes AdwCleaner 8.0.8.0 # ------------------------------- # Build: 10-08-2020 # Database: 2020-09-29.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 12-06-2020 # Duration: 00:00:18 # OS: Windows 10 Pro # Scanned: 31837 # Detected: 10 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Users\wdpcp\AppData\Local\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 Preinstalled.LenovoServiceBridge Folder C:\Users\wdpcp\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1 Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08} Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1 ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## The FRST.txt is below and the Addition is attached. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020 Ran by wdpcpa (administrator) on WDP-LENOVO (LENOVO 10NR000HUS) (06-12-2020 08:35:26) Running from C:\Users\wdpcp\Desktop Loaded Profiles: wdpcpa Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.0.595.0_x64__22t9g3sebte08\Alexa.DesktopExtension\Alexa.DesktopExtension.exe (AMZN Mobile LLC.) C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.0.595.0_x64__22t9g3sebte08\Alexa.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.66.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CYBERLINKCOM CORPORATION) C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.11322.0_x86__m916jedk64snt\Power2Go8\CLMLSvc_P2G8.exe (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\111.4.472\QtWebEngineProcess.exe <3> (EMC Corporation -> EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe (EMC Corporation -> EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <39> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2f39d6d5ddf5307f\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSCFG.exe (Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSE.exe (Kodak Alaris Inc.) [File not signed] C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSOutput.exe (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\wdpcp\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Linksys LLC -> ) [File not signed] C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe (LITE-ON TECHNOLOGY CORP. -> LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe (London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscenter.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4018976 2015-12-23] (LITE-ON TECHNOLOGY CORP. -> LITE-ON TECHNOLOGY CORP.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677472 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618080 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [210688 2015-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-10-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Smart Touch i1100] => C:\Program Files (x86)\Kodak\Document Imaging\kds_i1100\Smart Touch\KSSCFG.exe [715264 2014-10-10] (Kodak Alaris Inc.) [File not signed] HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-15] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> ) HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Run: [com.squirrel.Teams.Teams] => C:\ProgramData\wdpcp\Microsoft\Teams\Update.exe [2452112 2020-08-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\Canon MG5400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBB.DLL [30208 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5400 series: C:\WINDOWS\system32\CNMLMBB.DLL [389120 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\WINDOWS\system32\SRCredentialProvider.dll [2020-11-12] (Splashtop Inc. -> Splashtop Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-10-18] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2018-10-09] ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Amazon Services LLC -> Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-03-14] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-06-16] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2020-06-16] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2020\QBW32.EXE (Intuit, Inc. -> Intuit Inc.) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy-Firefox: Restriction <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {028FC1A9-F7C0-4E01-A63B-DA16788111FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {097F7DFE-2FCF-42E6-80E2-66A104075CF5} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {09FD63B9-79B2-40C6-A4F6-22D63495B3E5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {0FDBFE0F-CE46-41AA-9F98-0A87D168DE59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {16A946E3-3762-4F12-A2BE-D0050299A7E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {1BD31AC7-B67A-45A3-BEC2-07B85B9CD2A0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a87f6986-712f-4fa1-899d-571b95f63687 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.) Task: {1C9E5685-868D-4F3C-B470-F615AF92CBDF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupdate.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {1DBD428A-1B4D-4965-B035-A7B6AAB40976} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {200C7F22-F9F0-42A4-A189-A875C610699A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-10] (Adobe Inc. -> Adobe) Task: {25522DDB-012F-4195-88D9-AEFDF387E6E4} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {31B3C7D8-CA99-4BA9-87DF-1DE7BD4DBC89} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08607084-7e24-4fe6-95f6-e53ee258c870 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.) Task: {465A97F6-41DB-45C9-8BE6-F9BF61EC9E0D} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe Task: {46D22CD7-FE49-40B8-854C-8C7B46BDEB08} - System32\Tasks\GoogleUpdateTaskMachineCore1d57955464c6d52 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.) Task: {4B1DF809-3E3B-4C1B-96E5-F49FC74B46B4} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382792 2020-05-07] (Intuit, Inc. -> Intuit Inc.) Task: {4CD77A75-A47D-425E-9EA3-0F24E706BFAF} - System32\Tasks\WpsUpdateTask_wdpcpa => C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpsupdate.exe [158464 2020-11-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> ) Task: {5D49CA39-C648-4936-9097-F2FC7D25A5CF} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe Task: {6E883E4E-70A6-4B8B-BA30-D2ECD69D60D8} - System32\Tasks\DropboxUpdateTaskMachineUA1d5d6376fa2008 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {73E09FDA-6D5C-4B62-8AA4-04E31ECB5B2A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {747A1E8A-6C06-4286-A988-689EDF76C83F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {83CDBCBA-CFF1-43A7-BCD2-9B73C1060D29} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {866D6658-2135-451B-962C-56540C183C66} - System32\Tasks\G2MUploadTask-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupload.exe [31320 2020-10-22] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {92AD2F8C-7673-46DF-A58B-273F6FC2857A} - System32\Tasks\DropboxUpdateTaskMachineCore1d5d6376ef5f20 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\wdpcp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {A7EEE46C-BAA2-4B3F-BCA3-1EE064172610} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> ) Task: {A849D1B7-4031-4DBF-BE4D-66045BFCF272} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {ACF6A85C-7E4D-49C3-8264-831A2B99638B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f6af872-6d16-4e6c-b065-ca10059df0ee => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.) Task: {B0685EAD-4432-40CF-9D57-69209B9BCE6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B2F1BDCB-9481-461C-BF1D-4650FFA62887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.) Task: {B76E2760-2748-4367-9B31-3F5137944BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B7866752-31F3-44E0-BD46-07E7C0D36150} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {BACBFC72-B84D-45C0-9BF5-F98CAB1C0621} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87848 2020-10-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {BB3BEF18-B859-40F6-AAC1-D63DEC19BF47} - System32\Tasks\WpsExternal_wdpcpa_20201118135123 => C:\Users\wdpcp\AppData\Local\Kingsoft\WPS Office\11.2.0.9747\office6\wpscloudsvr.exe [1482496 2020-11-18] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {CB154135-3E91-487D-877D-05D13E970533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.) Task: {D10F65FC-D682-424D-948B-EAAC79F0FB0F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> ) Task: {D2FA4C2A-5A8E-4845-A4DD-4990A7D6A14C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {D465A3A8-457D-4BBF-8029-64487087B35D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe) Task: {E21B8771-0973-42E2-AB93-87AD42BFC2FD} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe Task: {E9E2462E-3706-4992-BEC7-4F33CA94BB08} - System32\Tasks\GoogleUpdateTaskMachineUA1d57955465131be => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-15] (Google Inc -> Google Inc.) Task: {EA83DA4A-DE8A-4838-AB12-8976288B4AD5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62280 2020-09-24] (Lenovo -> Lenovo Group Ltd.) Task: {EA9C0F1F-8FBE-4140-AAF2-7BC06C9AA4AB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software) Task: {F7C3E868-3FDB-4555-B2AB-16C3E43F3104} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2227461285-1414691040-4132665187-1001 => C:\Users\wdpcp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {FF304298-D7F3-45ED-A16E-BC4A02405E23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d5d6376ef5f20.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d5d6376fa2008.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2227461285-1414691040-4132665187-1001.job => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2227461285-1414691040-4132665187-1001.job => C:\Users\wdpcp\AppData\Local\GoToMeeting\18962\g2mupload.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 platform.wondershare.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1336316a-9c4e-461a-9658-142617325137}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{2ef9ab4e-0635-449c-a5a4-fabd6dfd6d18}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{558c420d-1187-4b57-ab29-9bb7883884c4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e8823026-1e77-4038-b138-d1db32219ecd}: [DhcpNameServer] 9.10.10.100 9.9.10.100 Edge: ====== Edge Notifications: HKU\S-1-5-21-2227461285-1414691040-4132665187-1001 -> hxxps://www.facebook.com; hxxps://www.newbienudes.com; hxxps://www.tubeninja.net; hxxps://www.xvideos.com; hxxps://livenewschat.eu; hxxps://www.livenewswatch.com; hxxps://voice.google.com; hxxps://www.fappenist.com Edge DefaultProfile: Default Edge Profile: C:\Users\wdpcp\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-06] Edge Notifications: Default -> hxxps://livenewschat.eu; hxxps://voice.google.com; hxxps://www.facebook.com; hxxps://www.fappenist.com; hxxps://www.livenewswatch.com; hxxps://www.newbienudes.com; hxxps://www.reddit.com; hxxps://www.tubeninja.net; hxxps://www.xvideos.com; hxxps://www.youtube.com Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 0nx304ij.default FF ProfilePath: C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\0nx304ij.default [2019-08-15] FF ProfilePath: C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\kpxu0635.default-release [2020-12-06] FF Extension: (Web Threat Shield) - C:\Users\wdpcp\AppData\Roaming\Mozilla\Firefox\Profiles\kpxu0635.default-release\Extensions\webrootsecure@webroot.com.xpi [2020-11-23] FF HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Wondershare\AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi => not found FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> ) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> ) FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2227461285-1414691040-4132665187-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\wdpcp\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default [2020-12-06] CHR Notifications: Default -> hxxps://1337x.to; hxxps://agldq.emindeed.top; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://documentconverter.app; hxxps://fileconvertor.org; hxxps://meet.google.com; hxxps://qpdownload.com; hxxps://www.batteriesplus.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.gamedesire.com; hxxps://www.instantcheckmate.com; hxxps://www.livenewswatch.com; hxxps://www.majorgeeks.com; hxxps://www.newsbreak.com; hxxps://www.reddit.com; hxxps://www.replaypoker.com; hxxps://www.truthfinder.com; hxxps://www.wps.com; hxxps://xn--80aeedslq0au3k.xn--p1ai; hxxps://zrhdi.capacygre.top CHR DefaultSearchURL: Default -> hxxps://www.trickstercards.com/image/icons/cards-clear-96x96.png CHR DefaultSearchKeyword: Default -> securyBrowse CHR DefaultSuggestURL: Default -> hxxps://ext.securybrowse.com/api/ext/suggest?q={searchTerms} CHR Extension: (Slides) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-15] CHR Extension: (MuteTab) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\acofndgbcimipbpeoplfjcapdbebbmca [2019-08-06] CHR Extension: (Docs) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-15] CHR Extension: (Google Drive) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21] CHR Extension: (YouTube) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-15] CHR Extension: (Trickster Cards) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkkmakaepfpkpdgcpphpmahbabffope [2020-05-09] CHR Extension: (Tampermonkey) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-10-09] CHR Extension: (Adobe Acrobat) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-08] CHR Extension: (Sheets) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-15] CHR Extension: (Google Docs Offline) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-11-22] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-12] CHR Extension: (Google Hangouts) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\wdpcp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20] CHR HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] CHR HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-10-18] (philandro Software GmbH -> philandro Software GmbH) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-09-16] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.) R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation -> EMC Corporation) S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-20] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81744 2020-09-24] (Lenovo -> Lenovo Group Ltd.) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.3.115.0\LenovoVantageService.exe [18360 2020-07-09] (Lenovo -> Lenovo Group Ltd.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-18] (Malwarebytes Inc -> Malwarebytes) R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1985536 2020-10-28] (London Trust Media Incorporated -> ) S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4448632 2020-10-28] (London Trust Media Incorporated -> ) S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-11-14] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-11-15] (Intuit Inc.) [File not signed] R2 RunSwUSB; C:\Windows\runSW.exe [44760 2015-05-15] (Realtek Semiconductor Corp -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WSWUSB6300; C:\Program Files (x86)\Linksys WUSB6300\WifiSvc.exe [312144 2013-07-22] (Linksys LLC -> ) [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-18] (Malwarebytes Corporation -> Malwarebytes) R3 LBAI; C:\WINDOWS\System32\Drivers\LBAI.sys [23208 2017-11-13] (WDKTestCert Win10P64US,131547553407012624 -> Lenovo) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-11-26] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-05] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-05] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-26] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-05] (Malwarebytes Inc -> Malwarebytes) R3 MpKsl28cf267e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D892CB49-3DA6-41C7-96D2-25CE15DBFF00}\MpKslDrv.sys [47336 2020-12-05] (Microsoft Windows -> Microsoft Corporation) R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-10-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-06 08:35 - 2020-12-06 08:36 - 000037873 ____C C:\Users\wdpcp\Desktop\FRST.txt 2020-12-06 08:34 - 2020-12-06 08:35 - 000000000 ____D C:\FRST 2020-12-06 08:33 - 2020-12-06 08:33 - 002288640 _____ (Farbar) C:\Users\wdpcp\Desktop\FRST64.exe 2020-12-06 08:24 - 2020-12-06 08:24 - 000000000 ____D C:\AdwCleaner 2020-12-05 11:24 - 2020-12-05 11:24 - 000001123 _____ C:\Users\Public\Desktop\MediaMonkey.lnk 2020-12-05 11:24 - 2020-12-05 11:24 - 000001123 _____ C:\ProgramData\Desktop\MediaMonkey.lnk 2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\ProgramData\MediaMonkey 2020-12-05 11:24 - 2020-12-05 11:24 - 000000000 ____D C:\Program Files (x86)\MediaMonkey 2020-12-05 10:11 - 2020-12-05 10:11 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-12-05 10:11 - 2020-12-05 10:11 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-12-05 10:11 - 2020-12-05 10:11 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-12-04 07:47 - 2020-12-04 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-12-02 11:34 - 2020-12-02 11:35 - 000180436 _____ C:\Users\wdpcp\OneDrive\Documents\Bill's Medicare and Ins cards .pdf 2020-12-02 11:26 - 2020-12-02 11:27 - 000139407 _____ C:\Users\wdpcp\OneDrive\Documents\Bill's DL.pdf 2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-12-01 16:10 - 2020-12-01 16:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-12-01 16:10 - 2020-12-01 16:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-11-29 13:22 - 2020-11-29 13:22 - 000000000 ___DC C:\Users\wdpcp\Desktop\XMAS 2020 2020-11-28 21:45 - 2020-11-28 21:47 - 000000000 ___DC C:\Users\wdpcp\Desktop\Black House 2020-11-27 21:40 - 2020-11-27 21:40 - 000012881 _____ C:\Users\wdpcp\Downloads\A.Matter.of.Justice.1993.Part.2.WEBRip.x264-ASSOCiATE-[rarbg.to].torrent 2020-11-23 21:25 - 2020-11-23 21:25 - 000000000 ____D C:\Users\wdpcp\Downloads\DiscogsAutoTag 2020-11-19 19:00 - 2020-12-05 19:14 - 000000000 ____D C:\Users\wdpcp\AppData\Roaming\MediaMonkey 2020-11-19 19:00 - 2020-11-19 19:00 - 000000000 ____D C:\Users\wdpcp\AppData\Local\MediaMonkey 2020-11-19 18:58 - 2020-11-19 22:33 - 000000000 ____D C:\Users\wdpcp\Downloads\MediaMonkey 4.1 2020-11-18 13:51 - 2020-11-18 13:51 - 000004070 _____ C:\WINDOWS\system32\Tasks\WpsExternal_wdpcpa_20201118135123 2020-11-18 07:13 - 2020-11-26 20:06 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-11-18 07:13 - 2020-11-18 07:12 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-11-16 19:57 - 2020-11-17 09:49 - 000001205 ____C C:\Users\wdpcp\Desktop\New Text Document (3).txt 2020-11-16 19:57 - 2020-11-16 19:57 - 000000495 ____C C:\Users\wdpcp\Desktop\AOC Nextdoor.txt 2020-11-11 22:07 - 2020-11-11 22:07 - 090319872 _____ (openaudible.org) C:\Users\wdpcp\Downloads\OpenAudible_2.3.5_win.exe 2020-11-11 13:35 - 2020-11-11 13:35 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2020-11-11 13:35 - 2020-11-11 13:35 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2020-11-11 13:35 - 2020-11-11 13:35 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll 2020-11-11 13:35 - 2020-11-11 13:35 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-11-11 13:35 - 2020-11-11 13:35 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-11-09 19:07 - 2020-12-02 12:30 - 000013328 _____ C:\Users\wdpcp\OneDrive\Documents\Bills Drug List 12-01-20.xlsx 2020-11-09 18:29 - 2020-11-09 18:29 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-06 08:30 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-12-06 08:30 - 2018-09-16 23:55 - 000000000 __RDC C:\Users\wdpcp\Desktop\Delete These 2020-12-06 08:05 - 2020-06-16 00:23 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A1BE38DA-19D9-4C90-B46F-4482B8CEC6EF} 2020-12-06 08:02 - 2020-02-10 15:14 - 000000000 ___RD C:\Users\wdpcp\Google Drive 2020-12-06 08:02 - 2018-11-11 13:45 - 000000000 ____D C:\Program Files\CCleaner 2020-12-05 22:29 - 2020-06-16 00:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-12-05 21:18 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-12-05 21:18 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-12-05 15:46 - 2018-09-16 00:31 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\uTorrent 2020-12-05 11:29 - 2018-09-17 14:42 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\CrashDumps 2020-12-05 10:16 - 2020-06-16 00:26 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-12-05 10:16 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF 2020-12-05 10:11 - 2020-06-16 00:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-12-05 10:11 - 2018-11-12 17:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2020-12-05 10:10 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-12-05 10:02 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-12-04 17:50 - 2020-03-07 07:06 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-12-04 17:50 - 2020-03-07 07:06 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-12-04 17:50 - 2020-03-07 07:06 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2020-12-04 10:17 - 2018-04-17 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-12-04 07:48 - 2018-09-16 01:44 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-12-03 15:29 - 2020-09-02 08:57 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-12-03 15:29 - 2019-08-15 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-12-03 14:12 - 2020-06-16 00:23 - 000003448 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d57955465131be 2020-12-03 14:12 - 2020-06-16 00:23 - 000003324 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d57955464c6d52 2020-12-02 18:13 - 2018-09-15 20:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-12-02 12:04 - 2019-06-28 10:01 - 000000000 ___DC C:\Users\wdpcp\Desktop\Stroke Clinic 2020-12-01 22:54 - 2018-09-16 01:14 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\vlc 2020-12-01 20:33 - 2018-09-16 01:50 - 000000000 ___RD C:\Users\wdpcp\Dropbox (Personal) 2020-11-29 23:35 - 2019-08-15 13:54 - 000000000 ___DC C:\Users\wdpcp\AppData\LocalLow\Mozilla 2020-11-29 23:24 - 2019-08-15 13:54 - 000000000 ____D C:\ProgramData\Mozilla 2020-11-29 23:22 - 2019-08-15 13:54 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-11-29 13:02 - 2019-12-15 22:08 - 000001368 ____C C:\Users\wdpcp\Desktop\MediaHuman YouTube to MP3 Converter.lnk 2020-11-29 13:02 - 2019-12-15 22:08 - 000000221 ____C C:\Users\wdpcp\Desktop\Visit MediaHuman Website.url 2020-11-27 23:51 - 2020-06-16 00:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-11-27 23:51 - 2020-06-16 00:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-11-27 11:32 - 2018-09-15 22:55 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\FreeFileSync 2020-11-27 09:32 - 2020-09-20 21:07 - 000001014 _____ C:\Users\Public\Desktop\FreeFileSync.lnk 2020-11-27 09:32 - 2020-09-20 21:07 - 000001014 _____ C:\ProgramData\Desktop\FreeFileSync.lnk 2020-11-27 09:32 - 2020-09-20 21:07 - 000000990 _____ C:\Users\Public\Desktop\RealTimeSync.lnk 2020-11-27 09:32 - 2020-09-20 21:07 - 000000990 _____ C:\ProgramData\Desktop\RealTimeSync.lnk 2020-11-27 09:32 - 2018-09-15 22:55 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2020-11-27 09:32 - 2018-09-15 22:55 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk 2020-11-27 09:32 - 2018-09-15 22:55 - 000000000 ____D C:\Program Files\FreeFileSync 2020-11-27 09:31 - 2020-09-20 21:05 - 000000000 ____D C:\Users\wdpcp\Downloads\FreeFileSync 2020-11-26 20:06 - 2020-10-16 16:55 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-11-26 10:55 - 2020-06-16 00:23 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-11-25 21:44 - 2019-02-14 16:59 - 000000000 ___DC C:\Users\wdpcp\AppData\Roaming\Media_Companion 2020-11-24 00:13 - 2020-06-16 00:23 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2020-11-24 00:13 - 2018-12-28 20:59 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-11-22 22:11 - 2018-09-15 20:40 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\Packages 2020-11-21 23:19 - 2020-06-15 20:00 - 000000000 ____D C:\Users\wdpcp 2020-11-21 19:10 - 2019-02-14 08:32 - 000000000 ____D C:\Users\wdpcp\Downloads\MediaCompanion 2019 2020-11-20 14:35 - 2020-09-30 16:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2020-11-20 10:50 - 2018-09-16 01:17 - 000000000 ___DC C:\Users\wdpcp\AppData\Local\ElevatedDiagnostics 2020-11-18 13:51 - 2020-09-29 09:35 - 000003640 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_wdpcpa 2020-11-18 09:18 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-11-18 07:13 - 2020-07-17 16:04 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-11-18 07:13 - 2019-07-04 22:07 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-11-18 07:13 - 2019-07-04 22:07 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-11-18 07:13 - 2019-03-18 22:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-11-18 07:12 - 2019-07-04 22:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-11-16 13:28 - 2020-09-24 12:24 - 000000000 ____D C:\Users\wdpcp\OneDrive\Documents\Kaufman Property Tax 2020-11-16 06:32 - 2020-02-10 15:10 - 000002080 _____ C:\Users\Public\Desktop\Google Slides.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000002080 _____ C:\ProgramData\Desktop\Google Slides.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000002078 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000002078 _____ C:\ProgramData\Desktop\Google Sheets.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000002068 _____ C:\Users\Public\Desktop\Google Docs.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000002068 _____ C:\ProgramData\Desktop\Google Docs.lnk 2020-11-16 06:32 - 2020-02-10 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2020-11-15 23:13 - 2019-02-09 20:01 - 000009475 _____ C:\Users\wdpcp\OneDrive\Documents\tv shows.xlsx 2020-11-15 21:47 - 2020-10-23 14:50 - 000000000 ____D C:\Users\wdpcp\OneDrive\Documents\Forney Air 2020-11-12 20:52 - 2020-04-14 15:54 - 000311216 _____ (Splashtop Inc.) C:\WINDOWS\system32\SRCredentialProvider.dll 2020-11-12 11:00 - 2020-02-19 10:58 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2020-11-12 10:59 - 2020-09-30 16:22 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2020-11-12 09:14 - 2020-06-16 00:15 - 000462832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-11-12 09:14 - 2018-09-15 20:40 - 000000000 ___RD C:\Users\wdpcp\3D Objects 2020-11-12 09:14 - 2018-04-17 13:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-11-12 00:34 - 2019-03-19 00:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\TextInput 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\setup 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-11-12 00:34 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-11-12 00:33 - 2020-06-27 20:21 - 000000000 ____D C:\Users\wdpcp\OpenAudible 2020-11-11 13:35 - 2020-06-16 00:16 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2020-11-10 20:03 - 2018-09-16 00:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-11-10 20:01 - 2018-09-16 00:56 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-11-10 19:52 - 2020-06-16 00:23 - 000004538 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-11-10 19:52 - 2020-06-16 00:23 - 000004380 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-11-10 19:52 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-11-10 19:52 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-11-10 19:52 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-11-10 19:52 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-11-10 12:24 - 2018-09-15 22:43 - 000021079 _____ C:\Users\wdpcp\OneDrive\Documents\cat foods.xlsx 2020-11-10 00:04 - 2020-04-07 22:07 - 000000000 ____D C:\Program Files (x86)\QuickTime 2020-11-09 18:29 - 2019-02-16 17:56 - 000000000 ____D C:\Program Files\Private Internet Access ==================== Files in the root of some directories ======== 2019-08-22 16:33 - 2019-08-22 16:33 - 000008977 _____ () C:\Users\wdpcp\AppData\Roaming\QBFileDrTool_DESKTOP-O141FKD.log 2019-07-24 21:48 - 2019-07-24 21:48 - 000000038 ___SH () C:\Users\wdpcp\AppData\Local\32cd2b0451e261ee292289.21073168 ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2020 ID:1425447 Share Posted December 6, 2020 Hiya wdpcpa, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment. Save EmsisoftEmergencyKit.exe to your Desktop. Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear: Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\). Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit. Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear: Choose Yes, then wait for EEK to finish updating. Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes. Wait for the scan to finish. If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected. If Emsisoft Emergency Kit asks to reboot, please do so immediately. The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop. Please Copy and Paste the contents of the scan log in your next reply. Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425469 Share Posted December 6, 2020 Fixlog.txt is attached. Emsisoft Report: 12/6/2020 11:58:19 AM High risk Malware "Trojan.GenericKD.33867051 (B)" in "C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll" quarantined by user WDP-LENOVO\WDPCPA Scan log from EMSISOFT: Emsisoft Emergency Kit - Version 2020.5 Last update: 12/6/2020 11:50:09 AM My own WDP-LENOVO\wdpcpa WDP-LENOVO Windows 10x64 Scan settings: Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files Detect PUPs: ON Scan archives: OFF Scan mail archives: OFF ADS Scan: ON Direct disk access: OFF Scan start: 12/6/2020 11:51:28 AM C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll detected: Trojan.GenericKD.33867051 (B) [krnl.xmd] Scanned 91827 Found 1 Scan end: 12/6/2020 11:57:36 AM Scan time: 0:06:08 C:\Users\wdpcp\AppData\Roaming\Browser Assistant\Updater.dll Trojan.GenericKD.33867051 (B) Quarantined 1 Many thanks, Bill Fixlog.txt Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425470 Share Posted December 6, 2020 Latest MB Scan still shows a problem. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/6/20 Scan Time: 12:18 PM Log File: 7fed97d2-37ef-11eb-88e6-e04f4326ffe8.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.33975 License: Premium -System Information- OS: Windows 10 (Build 18362.1198) CPU: x64 File System: NTFS User: WDP-LENOVO\wdpcpa -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 324674 Threats Detected: 5 Threats Quarantined: 4 Time Elapsed: 2 min, 0 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SecuryBrowse, HKU\S-1-5-21-2227461285-1414691040-4132665187-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fojomppheellamdaddnbgommepnlkooh, Quarantined, 429, 657125, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, 429, 657125, , , , , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 429, 657125, , , , , F699B6ECE3DBF98CA9B8BD6171E0C075, 2EEAD104B15D18A58F545827BC0D91B7A873C0DFA29F091E9D109F1B673A3128 PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33975, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF PUP.Optional.SecuryBrowse, C:\USERS\WDPCP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 429, 657125, 1.0.33975, , ame, , 035BA3D3BF0E43C3C6A1AD983D2AC3FD, 6609522A57F30D3063D3D5A9EACC6E0F2626588DFE016C6B2AF918A5D740CFAF Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2020 ID:1425478 Share Posted December 6, 2020 Hiya Bill, Continue with he following: Open Chrome, select menu (3 dots top right hand of page) Select "Settings" from the drop down menu.. Scroll to bottom of expanded page, select "Advanced" drop down. Scroll to and select "Reset and Clean up" From right hand pane select "Restore Settings to Original Defaults" allow that to complete. From the same pane select "Clean up Computer" allow that to complete.. Reboot your system when that completes, run another scan with Malwarebytes... Thank you, Kevin.. Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425484 Share Posted December 6, 2020 Hi Kevin, Done but still no luck. Link to post Share on other sites More sharing options...
Solution kevinf80 Posted December 6, 2020 Solution ID:1425485 Share Posted December 6, 2020 Thanks Bill, continue for a fresh install of Chrome. If you do not use Google Drive just miss that part out of the instructions... If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... For your Passwords go here:https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ Continue for a clean install: Download Chrome installer and save to install later:https://www.google.com/intl/en_uk/chrome/browser/desktop/index.htmlhttps://www.google.com/intl/en_usa/chrome/browser/desktop/index.html Next, Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings hit enter... In the new window that opens "Turn Off" option will show, select that option. You will then be given notice of what will be cleared. Checkmark the box that gives an option to clear bookmarks, passwords, history etc. Confirm that action by selecting "Turn Off" tab Next. Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ If you use Google Drive, open the Google folder, right click on Drive and select "Copy" then right click on your Desktop or a folder of choice and select "Paste" to save that folder and its contents. When you successfully saved Google drive go back to Local folder, delete the folder named Google Next, Install Google Chrome : Next, Import your Bookmarks... (instructions in the first step) Import Passwords... (instructions in second step above) Next, Install Malwarebytes Browser Extension (Free) https://chrome.google.com/webstore/detail/malwarebytes-browser-exte/ihcjicgdanjaechkgeegckofjjedodee Next, Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en If you previously had Google Drive you will nee to download and install again: https://www.google.com/intl/en_rw/drive/download/ When that is completed transfer the contents of the save google drive folder to the new one... Does that help... Thanks, Kevin... Link to post Share on other sites More sharing options...
wdpcpa Posted December 6, 2020 Author ID:1425493 Share Posted December 6, 2020 That did it. Computer is clean. BTW - I have since the dawn of the computer age used C Cleaner to tidy up occasionally. I have read that it isn't recommended much anymore. Do you have anything you like better? Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2020 ID:1425497 Share Posted December 6, 2020 Hiya Bill, Good to hear your PC is ok for you again. I never use any type of cleaner that has the potential to damage windows registry and possibly turn your PC into a brick. I personally just use windows own disk cleanup utility, it does the job just fine: https://neosmart.net/wiki/disk-cleanup/ Next, Continue to clean up remove tools etc... Navigate to and delete the following, (if still present):C:\ProgramData\Emsisoft C:\Users\{your user name}\Desktop\start emergency kit scanner - Shortcut.lnk C:\EEK C:\Users\{your user name}\Desktop\EmsisoftEmergencyKit.exe Next, Right click on FRST here: C:\Users\wdpcp\Desktop\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted December 11, 2020 ID:1426734 Share Posted December 11, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts