Jump to content

Need help with creating a fixlist

tiffran

By tiffran
in Resolved Malware Removal Logs

 Share

Recommended Posts

tiffran

tiffran

Posted
Posted

Hello, and thanks in advance. I have been dealing with this attack for a while now and it’s not the first time. From prior knowledge
I knew the only way to actually find out anything was to boot up using a partition application. My C: drive was switched to system
reserve. X: was the boot and another drive, it could have been a network had no letter just a person’s avatar and name. Of course
formatting was no help and even with no network connection the files on my partition cd ended up corrupted. File dates changed
to the same as the rest of the corrupt files, 07/12/15. I’ve always been able to fix my devices myself im just really tired for real. I
scanned my pc with Farbar’s scanner and was in the process of reading the tut on the proper way to write the fixit file and I just
decided to reach out to you guys for help. Especially being that more than 10 of my devices have been infected. I just need a to
get 1 pc cleaned up and I should be able to take it from there. So im sending my files along with this request in the hopes that you
guys can can assist me.

FRST.txt Addition.txt

Link to post
Share on other sites
tiffran

tiffran

Posted
  • Author
Posted 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by What (03-01-2021 20:36:38)
Running from C:\Users\What\Desktop
Windows 10 Home Version 1909 18363.592 (X64) (2021-01-03 21:27:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2552480816-4193987694-3828653751-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2552480816-4193987694-3828653751-503 - Limited - Disabled)
Guest (S-1-5-21-2552480816-4193987694-3828653751-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2552480816-4193987694-3828653751-504 - Limited - Disabled)
What (S-1-5-21-2552480816-4193987694-3828653751-1001 - Administrator - Enabled) => C:\Users\What

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.77 - Brave Software Inc)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2021-01-03] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.152.0_x64__kzf8qxf38zg5c [2021-01-03] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2021-01-03] (Spotify AB) [Startup Task]
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_0.0.13313.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-2552480816-4193987694-3828653751-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 20:49 - 2019-03-18 20:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2552480816-4193987694-3828653751-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-2552480816-4193987694-3828653751-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{18D59B15-C6CF-4019-A8C8-4F26F5E0BB04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FEE1C9E4-F3B5-422A-BF43-9E80817D431B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9B83B6E-1ADD-488B-BD04-58DFF6D82909}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{532D1A07-8891-49A9-9ADF-F10773DBF938}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF91F092-ED24-41D7-9527-4A2AFE30BD81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5CA5393-1A40-4AFA-8138-F6EA9D422D60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5FC8ADEF-AB9E-4942-9E8B-4C4C09DA412E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01396921-B6D9-4BE9-A329-0440EB960F92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4208BA4D-929C-44F6-A873-0F22E6055A2D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

03-01-2021 15:57:13 Windows Update

==================== Faulty Device Manager Devices ============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/03/2021 08:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.12.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 18cc

Start Time: 01d6e2529d637c21

Termination Time: 4294967295

Application Path: C:\Users\What\Desktop\FRST64.exe

Report Id: 75a8f5d6-5f26-4e5c-865c-6fc8a58649b4

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (01/03/2021 07:52:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 211c

Start Time: 01d6e24c9212c8b5

Termination Time: 119

Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe

Report Id: 05161429-90d3-44df-870b-2b322f33d9ef

Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (01/03/2021 03:51:15 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY)
Description: Certificate Services Client  failed to invoke the Providers in response to event 256. Error code 2147942405.

Error: (01/03/2021 03:51:15 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT AUTHORITY)
Description: Certificate Services Client failed to load Provider pautoenr.dll. Error code 5.

Error: (01/03/2021 02:17:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/03/2021 02:17:05 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d

Error: (01/03/2021 02:17:05 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7

Error: (01/03/2021 02:08:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (01/03/2021 08:28:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.329.1647.0).

Error: (01/03/2021 08:26:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel(R) Corporation - MEDIA - 5/10/2016 12:00:00 AM - 6.16.0.3197.

Error: (01/03/2021 08:00:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.

Error: (01/03/2021 07:57:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WarpJITSvc service terminated with the following error: 
The specified module could not be found.

Error: (01/03/2021 07:51:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - Other hardware - Intel(R) Celeron(R)/Pentium(R) SM Bus Controller - 2292.

Error: (01/03/2021 07:51:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.

Error: (01/03/2021 07:50:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: HP Inc. - HIDClass - 2.1.14.1.

Error: (01/03/2021 07:50:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Intel - DPTF - 5/13/2016 12:00:00 AM - 8.1.10608.329.


Windows Defender:
===================================
Date: 2021-01-03 14:14:15.852
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-01-03 13:51:16.928
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info =========================== 

BIOS: Insyde F.36 06/09/2017
Motherboard: HP 8175
Processor: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz
Percentage of memory in use: 58%
Total physical RAM: 4001.62 MB
Available physical RAM: 1676.78 MB
Total Virtual: 5409.62 MB
Available Virtual: 3133.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:442.06 GB) NTFS
Drive e: () (RAMDisk) (Total:465.13 GB) (Free:439.86 GB) NTFS

\\?\Volume{8d7c1787-cef4-49af-90ce-415b587cb27f}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{3c146a7c-c095-4aa4-97da-1d423914e87b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5B397E14)

Partition: GPT.

==================== End of Addition.txt =======================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020 Ran by What (administrator) on DESKTOP-60I1NFR (HP HP 15 Notebook PC) (03-01-2021 20:34:12) Running from C:\Users\What\Desktop Loaded Profiles: What Platform: Windows 10 Home Version 1909 18363.592 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.590_none_5efc551459114cb9\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\87.1.18.77\Installer\chrmstp.exe [2021-01-03] (Brave Software, Inc. -> Brave Software, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {8545A77D-3853-4015-B4BD-51A604ED7408} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {D44203F3-AE43-4381-B167-6938AC267161} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{11acfaa8-31f7-4f3a-a94c-9fe30cc0fdb2}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Edge: ====== DownloadDir: C:\Users\What\Downloads ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2021-01-03] (Brave Software, Inc. -> BraveSoftware Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation) S3 WarpJITSvc; %SystemRoot%\System32\Windows.WARP.JITService.dll [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-03 20:33 - 2021-01-03 20:35 - 000005202 _____ C:\Users\What\Desktop\FRST.txt 2021-01-03 20:32 - 2021-01-03 20:34 - 000000000 ____D C:\FRST 2021-01-03 20:28 - 2021-01-03 20:29 - 000001872 _____ C:\Users\What\Desktop\Rkill.txt 2021-01-03 20:28 - 2021-01-03 20:28 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\What\Desktop\iExplore.exe 2021-01-03 20:27 - 2021-01-03 20:27 - 005054744 _____ (AO Kaspersky Lab) C:\Users\What\Desktop\tdsskiller.exe 2021-01-03 20:27 - 2021-01-03 20:27 - 002286592 _____ (Farbar) C:\Users\What\Desktop\FRST64.exe 2021-01-03 20:15 - 2021-01-03 20:15 - 000000000 _____ C:\Windows\start 2021-01-03 20:11 - 2021-01-03 20:12 - 000000000 _____ C:\Windows\system32\start 2021-01-03 19:56 - 2021-01-03 19:56 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-01-03 19:56 - 2021-01-03 19:56 - 000002359 _____ C:\Users\Public\Desktop\Brave.lnk 2021-01-03 19:56 - 2021-01-03 19:56 - 000002359 _____ C:\ProgramData\Desktop\Brave.lnk 2021-01-03 19:56 - 2021-01-03 19:56 - 000000000 ____D C:\Program Files\BraveSoftware 2021-01-03 19:54 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\LocalLow\Temp 2021-01-03 19:53 - 2021-01-03 19:54 - 000230224 _____ C:\Users\What\Desktop\ml.pdf 2021-01-03 19:51 - 2021-01-03 19:56 - 000000000 ____D C:\Users\What\AppData\Local\BraveSoftware 2021-01-03 19:51 - 2021-01-03 19:51 - 000003438 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA 2021-01-03 19:51 - 2021-01-03 19:51 - 000003314 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore 2021-01-03 19:51 - 2021-01-03 19:51 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2021-01-03 19:49 - 2021-01-03 19:49 - 000000000 ___HD C:\Users\What\MicrosoftEdgeBackups 2021-01-03 16:13 - 2021-01-03 19:46 - 000000296 _____ C:\Users\What\Desktop\results.txt 2021-01-03 15:58 - 2021-01-03 15:58 - 000035379 _____ C:\Users\What\Desktop\2.txt 2021-01-03 15:58 - 2021-01-03 15:58 - 000035071 _____ C:\Users\What\Desktop\1.txt 2021-01-03 15:56 - 2021-01-03 15:57 - 000035071 _____ C:\Windows\system32\0 2021-01-03 15:56 - 2021-01-03 15:56 - 000031093 _____ C:\Users\What\Desktop\0.txt 2021-01-03 15:52 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\Local\PlaceholderTileLogoFolder 2021-01-03 14:12 - 2021-01-03 14:13 - 000000000 ____D C:\Users\What\AppData\Local\Comms 2021-01-03 14:12 - 2021-01-03 14:12 - 000000000 ____D C:\Windows\pss 2021-01-03 14:11 - 2021-01-03 14:22 - 000000000 ____D C:\Users\What\AppData\Local\D3DSCache 2021-01-03 14:10 - 2021-01-03 19:54 - 000000000 ____D C:\ProgramData\Packages 2021-01-03 13:51 - 2021-01-03 14:14 - 000225106 _____ C:\Windows\ntbtlog.txt 2021-01-03 13:51 - 2021-01-03 14:14 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2021-01-03 13:36 - 2021-01-03 19:48 - 000000000 ____D C:\Users\What\AppData\Local\MicrosoftEdge 2021-01-03 13:36 - 2021-01-03 13:36 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-01-03 13:35 - 2021-01-03 13:35 - 000001450 _____ C:\Users\What\Desktop\Microsoft Edge.lnk 2021-01-03 13:34 - 2021-01-03 19:54 - 000000000 ____D C:\Users\What\AppData\Local\Packages 2021-01-03 13:34 - 2021-01-03 14:28 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-01-03 13:34 - 2021-01-03 14:28 - 000000000 ___RD C:\Users\What\3D Objects 2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Roaming\Adobe 2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\VirtualStore 2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\Publishers 2021-01-03 13:34 - 2021-01-03 13:34 - 000000000 ____D C:\Users\What\AppData\Local\ConnectedDevicesPlatform 2021-01-03 13:33 - 2021-01-03 13:33 - 000000020 ___SH C:\Users\What\ntuser.ini 2021-01-03 13:32 - 2021-01-03 19:49 - 000000000 ____D C:\Users\What 2021-01-03 13:32 - 2019-03-18 20:46 - 000001105 _____ C:\Users\What\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-01-03 13:29 - 2021-01-03 14:20 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI 2021-01-03 13:27 - 2021-01-03 13:27 - 000000000 ____D C:\Windows\minidump 2021-01-03 13:25 - 2021-01-03 13:25 - 000000000 _SHDL C:\Documents and Settings 2021-01-03 13:17 - 2021-01-03 19:46 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-01-03 13:17 - 2021-01-03 14:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-01-03 13:17 - 2021-01-03 13:17 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT 2021-01-03 13:17 - 2021-01-03 13:17 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-01-03 13:17 - 2021-01-03 13:17 - 000000000 ____D C:\Windows\ServiceProfiles 2021-01-03 13:16 - 2021-01-03 13:24 - 000000000 ____D C:\Windows\Panther ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-03 20:26 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-03 20:05 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\AppReadiness 2021-01-03 19:53 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-03 19:50 - 2019-03-18 20:50 - 000000000 ____D C:\Windows\INF 2021-01-03 19:48 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\USOPrivate 2021-01-03 15:18 - 2019-03-18 20:37 - 000000000 ____D C:\Windows\CbsTemp 2021-01-03 14:28 - 2019-03-18 20:52 - 000000000 __RSD C:\Windows\Media 2021-01-03 14:28 - 2019-03-18 20:52 - 000000000 __RHD C:\Users\Public\Libraries 2021-01-03 14:15 - 2019-03-18 20:37 - 000262144 _____ C:\Windows\system32\config\BBI 2021-01-03 13:29 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\spool 2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\system32\FxsTmp 2021-01-03 13:28 - 2019-03-18 20:52 - 000000000 ____D C:\Windows\ServiceState 2021-01-03 13:19 - 2019-03-18 20:52 - 000000000 ___RD C:\Windows\PrintDialog 2021-01-03 13:19 - 2019-03-18 20:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-01-03 13:18 - 2019-03-18 20:37 - 000032768 _____ C:\Windows\system32\config\ELAM 2021-01-03 13:16 - 2019-03-18 20:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept