Jump to content

my malware keeps coming back!


Recommended Posts

Hello rollingaway and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language right click on FRST, select rename then rename to FRSTEnglish.
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Woah Kevin, I can't believe Malwarebytes hasn't paid you for this yet. Thanks so much for helping out. Requested files attached.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-05-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  2

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Conduit
Deleted       Trovi search
Not Deleted   Trovi search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2316 octets] - [03/02/2021 23:49:06]
AdwCleaner[C00].txt - [2321 octets] - [03/02/2021 23:49:32]
AdwCleaner[S01].txt - [1528 octets] - [03/02/2021 23:53:30]
AdwCleaner[C01].txt - [1718 octets] - [03/02/2021 23:53:42]
AdwCleaner[S02].txt - [3475 octets] - [04/02/2021 14:37:00]
AdwCleaner[C02].txt - [3297 octets] - [04/02/2021 14:37:28]
AdwCleaner[S03].txt - [1935 octets] - [05/02/2021 15:29:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
Ran by Father (administrator) on DESKTOP-D6K5RR3 (05-02-2021 15:31:25)
Running from C:\Users\Father\Downloads
Loaded Profiles: Father
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Father\Downloads\adwcleaner_8.0.9.1.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Father\AppData\Local\Kingsoft\WPS Office\11.2.0.9984\office6\wpscloudsvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-02] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DA8087C-2780-4450-965E-764BCCE19C5E} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {0E091041-E824-4DBE-8FB4-F41AC08A2EEB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {189191D0-D1CD-4D14-81B2-5CAF7AEF75DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {193E26D5-0E0B-4799-9072-6DD0F0DC01FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-19] (Google Inc -> Google LLC)
Task: {8497ED5A-6020-47F7-B179-AD15E989A572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-19] (Google Inc -> Google LLC)
Task: {9658B70D-926B-4D49-931F-407562FD4CD3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AA4EFEA8-66A8-4642-8B36-918E7CBE6A5D} - System32\Tasks\WpsUpdateTask_Father => C:\Users\Father\AppData\Local\Kingsoft\WPS Office\11.2.0.9984\office6\wpsupdate.exe [164536 2021-02-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {BE25A2CE-163A-40E9-AD72-7C2D56DFEFED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {CE86C3F8-8969-4170-86B4-666566A821ED} - System32\Tasks\WpsExternal_Father_20210204014448 => C:\Users\Father\AppData\Local\Kingsoft\WPS Office\11.2.0.9984\office6\wpscloudsvr.exe [1666744 2021-02-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {DF224AF5-A4BA-4712-B5C6-82C441A3422C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\WpsExternal_Father_20210204014448.job => C:\Users\Father\AppData\Local\Kingsoft\WPS Office\11.2.0.9984\office6\wpscloudsvr.exe/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Father.job => C:\Users\Father\AppData\Local\Kingsoft\WPS Office\11.2.0.9984\office6\wpsupdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{95fb6783-c970-422b-a2b9-5f6405de53c5}: [DhcpNameServer] 192.168.1.254 75.153.176.9

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Father\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-04]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: aezp7u9j.default
FF ProfilePath: C:\Users\Father\AppData\Roaming\Mozilla\Firefox\Profiles\aezp7u9j.default [2020-01-30]
FF ProfilePath: C:\Users\Father\AppData\Roaming\Mozilla\Firefox\Profiles\pu1l4smq.default-release [2021-02-04]
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default [2021-02-05]
CHR Notifications: Default -> hxxps://en.softonic.com; hxxps://www.fileconvertertab.com; hxxps://www.luckyvitamin.com; hxxps://www.youtube.com
CHR HomePage: Default -> chrome://bookmarks/#1
CHR StartupUrls: Default -> "chrome://bookmarks/#1"
CHR Extension: (Safe Torrent Scanner) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-02-04]
CHR Extension: (Google Drive) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-19]
CHR Extension: (Honey) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-01-07]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-05]
CHR Extension: (Web Safety) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2021-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Unblock Youku) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2021-02-03]
CHR Extension: (Gmail) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Father\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [628920 2019-09-06] (CyberLink Corp. -> CyberLink)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-05] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142440 2021-02-05] (Malwarebytes Inc -> Malwarebytes)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [37672 2020-02-18] (McAfee, LLC. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-05 15:31 - 2021-02-05 15:32 - 000013925 _____ C:\Users\Father\Downloads\FRST.txt
2021-02-05 15:30 - 2021-02-05 15:30 - 002297856 _____ (Farbar) C:\Users\Father\Downloads\FRST64 (1).exe
2021-02-05 15:23 - 2021-02-05 15:32 - 000000000 ____D C:\FRST
2021-02-05 15:22 - 2021-02-05 15:22 - 002297856 _____ (Farbar) C:\Users\Father\Downloads\FRST64.exe
2021-02-05 15:19 - 2021-02-05 15:19 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-05 15:19 - 2021-02-05 15:19 - 000142440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-05 15:19 - 2021-02-05 15:19 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-05 15:19 - 2021-02-05 15:19 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-05 15:19 - 2021-02-05 15:19 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-05 15:19 - 2021-02-05 15:19 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-05 15:19 - 2021-02-05 15:19 - 000000000 ____D C:\Users\Father\AppData\Local\mbam
2021-02-05 15:18 - 2021-02-05 15:18 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-05 15:18 - 2021-02-05 15:18 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-05 15:18 - 2021-02-05 15:18 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-05 15:18 - 2021-02-05 15:18 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-05 15:18 - 2021-02-05 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-05 15:18 - 2021-02-05 15:18 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-05 15:17 - 2021-02-05 15:17 - 002086424 _____ (Malwarebytes) C:\Users\Father\Downloads\MBSetup.exe
2021-02-04 14:49 - 2021-02-04 14:53 - 000000000 ____D C:\Users\Father\OneDrive\Documents\CyberLink
2021-02-04 14:49 - 2021-02-04 14:49 - 000000000 ____D C:\Users\Public\CyberLink
2021-02-04 14:49 - 2021-02-04 14:49 - 000000000 ____D C:\Users\Father\AppData\Roaming\BorisFX
2021-02-04 14:48 - 2021-02-04 14:48 - 000000000 ____D C:\Users\Father\AppData\Roaming\CyberLink
2021-02-04 14:47 - 2021-02-04 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boris FX Continuum CYBERLINK
2021-02-04 14:47 - 2021-02-04 14:47 - 000000000 ____D C:\ProgramData\GenArts
2021-02-04 14:47 - 2021-02-04 14:47 - 000000000 ____D C:\ProgramData\BorisFX
2021-02-04 14:47 - 2021-02-04 14:47 - 000000000 ____D C:\Program Files\BorisFX
2021-02-04 14:46 - 2021-02-04 14:46 - 000000000 ____D C:\Users\Father\AppData\Roaming\proDAD
2021-02-04 14:46 - 2021-02-04 14:46 - 000000000 ____D C:\ProgramData\proDAD
2021-02-04 14:46 - 2021-02-04 14:46 - 000000000 ____D C:\Program Files\proDAD
2021-02-04 14:46 - 2021-02-04 14:46 - 000000000 ____D C:\Program Files\Common Files\NewBlue
2021-02-04 14:46 - 2019-09-06 05:41 - 000607256 _____ (proDAD GmbH) C:\WINDOWS\system32\prodad-codec.dll
2021-02-04 14:46 - 2019-09-06 05:41 - 000376344 _____ (proDAD GmbH) C:\WINDOWS\system32\proDAD-PA-Support.dll
2021-02-04 14:45 - 2021-02-04 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2021-02-04 14:45 - 2021-02-04 14:46 - 000000000 ____D C:\Program Files\NewBlue
2021-02-04 14:45 - 2021-02-04 14:46 - 000000000 ____D C:\Program Files (x86)\NewBlue
2021-02-04 14:45 - 2021-02-04 14:45 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 18.lnk
2021-02-04 14:45 - 2021-02-04 14:45 - 000002053 _____ C:\Users\Public\Desktop\CyberLink PowerDirector 18.lnk
2021-02-04 14:45 - 2021-02-04 14:45 - 000002053 _____ C:\ProgramData\Desktop\CyberLink PowerDirector 18.lnk
2021-02-04 14:45 - 2021-02-04 14:45 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2021-02-04 14:45 - 2021-02-04 14:45 - 000000000 ____D C:\Program Files (x86)\CyberLink
2021-02-04 14:44 - 2021-02-04 14:49 - 000000000 ___HD C:\ProgramData\CyberLink
2021-02-04 14:44 - 2021-02-04 14:47 - 000000000 ____D C:\ProgramData\CLSK
2021-02-04 14:44 - 2021-02-04 14:46 - 000000000 ____D C:\ProgramData\install_clap
2021-02-04 14:44 - 2021-02-04 14:45 - 000000000 ____D C:\Program Files\CyberLink
2021-02-04 14:44 - 2021-02-04 14:44 - 000000000 ____D C:\ProgramData\install_backup
2021-02-04 12:43 - 2021-02-04 12:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-02-04 12:43 - 2021-02-04 12:43 - 000000000 ____D C:\ProgramData\ATI
2021-02-04 12:41 - 2021-02-05 13:23 - 001390214 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-04 12:40 - 2021-02-05 12:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-04 12:40 - 2021-02-04 21:30 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-04 12:40 - 2021-02-04 21:30 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-04 12:40 - 2021-02-04 15:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 12:40 - 2021-02-04 12:40 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-02-04 12:40 - 2021-02-04 12:40 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-02-04 12:40 - 2021-02-04 12:40 - 000003568 _____ C:\WINDOWS\system32\Tasks\Driver Easy Scheduled Scan
2021-02-04 12:40 - 2021-02-04 12:40 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-04 12:40 - 2021-02-04 12:40 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-04 12:40 - 2021-02-04 12:40 - 000003222 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Father_20210204014448
2021-02-04 12:40 - 2021-02-04 12:40 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-04 12:40 - 2021-02-04 12:40 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2304461074-3436397256-2970397967-1001
2021-02-04 12:40 - 2021-02-04 12:40 - 000002794 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Father
2021-02-04 12:40 - 2021-02-04 12:40 - 000000020 ___SH C:\Users\Father\ntuser.ini
2021-02-04 12:40 - 2021-02-04 12:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2021-02-04 12:33 - 2021-02-04 15:17 - 000000000 ____D C:\Users\Father
2021-02-04 12:33 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Father\AppData\Roaming\ATI
2021-02-04 12:33 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Father\AppData\Local\ATI
2021-02-04 12:33 - 2019-12-07 01:10 - 000001105 _____ C:\Users\Father\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-04 12:32 - 2021-02-04 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2021-02-04 12:32 - 2021-02-04 12:32 - 000000000 ____D C:\Program Files\ATI Technologies
2021-02-04 12:31 - 2021-02-04 12:32 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2021-02-04 12:31 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Default\AppData\Roaming\ATI
2021-02-04 12:31 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Default\AppData\Local\ATI
2021-02-04 12:31 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2021-02-04 12:31 - 2021-02-04 12:31 - 000000000 ____D C:\Users\Default User\AppData\Local\ATI
2021-02-04 12:30 - 2021-02-05 12:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-04 12:30 - 2021-02-05 12:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-04 12:30 - 2021-02-04 12:30 - 000323280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-04 12:29 - 2021-02-04 12:40 - 000000000 ____D C:\Windows.old
2021-02-04 12:27 - 2021-02-04 12:29 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-02-04 12:25 - 2021-02-04 12:27 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-02-04 12:25 - 2021-02-04 12:25 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-02-04 12:24 - 2021-02-04 12:24 - 000000000 ____D C:\ProgramData\ssh
2021-02-04 12:19 - 2021-02-04 12:19 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-02-04 12:19 - 2021-02-04 12:19 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-02-04 12:19 - 2021-02-04 12:19 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-02-04 12:19 - 2021-02-04 12:19 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-02-04 12:19 - 2021-02-04 12:19 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-02-04 12:19 - 2021-02-04 12:19 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-02-04 12:19 - 2021-02-04 12:19 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-04 12:18 - 2021-02-04 12:18 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-04 12:18 - 2021-02-04 12:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-04 12:18 - 2021-02-04 12:18 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-02-04 12:18 - 2021-02-04 12:18 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-02-04 12:18 - 2021-02-04 12:18 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-02-04 12:18 - 2021-02-04 12:18 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-02-04 12:18 - 2021-02-04 12:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-02-04 12:18 - 2021-02-04 12:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-02-04 12:18 - 2021-02-04 12:18 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-02-04 12:18 - 2021-02-04 12:18 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-04 12:18 - 2021-02-04 12:18 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-02-04 12:18 - 2021-02-04 12:18 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-04 12:18 - 2021-02-04 12:18 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-02-04 12:18 - 2021-02-04 12:18 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-02-04 12:18 - 2021-02-04 12:18 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-04 12:18 - 2021-02-04 12:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-02-04 12:17 - 2021-02-04 12:17 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-02-04 12:17 - 2021-02-04 12:17 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-02-04 12:17 - 2021-02-04 12:17 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-02-04 12:17 - 2021-02-04 12:17 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-02-04 12:17 - 2021-02-04 12:17 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-02-04 12:17 - 2021-02-04 12:17 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-02-04 12:17 - 2021-02-04 12:17 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-02-04 12:17 - 2021-02-04 12:17 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-02-04 12:17 - 2021-02-04 12:17 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-02-04 12:17 - 2021-02-04 12:17 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-02-04 12:17 - 2021-02-04 12:17 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-02-04 12:17 - 2021-02-04 12:17 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-02-04 12:16 - 2021-02-04 12:16 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-02-04 12:16 - 2021-02-04 12:16 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-02-04 12:16 - 2021-02-04 12:16 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-02-04 12:16 - 2021-02-04 12:16 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-02-04 12:16 - 2021-02-04 12:16 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-02-04 12:16 - 2021-02-04 12:16 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-02-04 12:16 - 2021-02-04 12:16 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-02-04 12:09 - 2021-02-04 12:09 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHS
2021-02-04 12:07 - 2021-02-05 13:23 - 000425944 _____ C:\WINDOWS\system32\prfh0804.dat
2021-02-04 12:07 - 2021-02-05 13:23 - 000132502 _____ C:\WINDOWS\system32\prfc0804.dat
2021-02-04 12:07 - 2021-02-04 12:07 - 000113218 _____ C:\WINDOWS\system32\prfi0804.dat
2021-02-04 12:07 - 2021-02-04 12:07 - 000033402 _____ C:\WINDOWS\system32\prfd0804.dat
2021-02-04 12:07 - 2021-02-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2021-02-04 12:07 - 2021-02-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-02-04 12:07 - 2021-02-04 12:07 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2021-02-04 12:04 - 2021-02-04 12:04 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-02-04 12:04 - 2021-02-04 12:04 - 000000000 ____D C:\Program Files\MSBuild
2021-02-04 12:04 - 2021-02-04 12:04 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-02-04 12:04 - 2021-02-04 12:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-02-04 01:44 - 2021-02-04 12:40 - 000000716 _____ C:\WINDOWS\Tasks\WpsExternal_Father_20210204014448.job
2021-02-04 00:18 - 2021-02-04 14:45 - 000000000 ____D C:\Users\Father\Downloads\CyberLink PowerDirector Ultimate 18.0.2313.0 Pre-Activated [SadeemPC]
2021-02-04 00:14 - 2021-02-05 15:16 - 000000000 ____D C:\Users\Father\AppData\Roaming\uTorrent
2021-02-04 00:14 - 2021-02-04 00:14 - 000000877 _____ C:\Users\Father\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-02-04 00:09 - 2021-02-05 13:20 - 000000000 ____D C:\Users\Father\AppData\Local\BitTorrentHelper
2021-02-04 00:08 - 2021-02-04 00:20 - 000000000 ____D C:\Users\Father\AppData\Local\Opera Software
2021-02-04 00:07 - 2021-02-04 14:37 - 000000000 ____D C:\Users\Father\AppData\Roaming\Lavasoft
2021-02-04 00:07 - 2021-02-04 14:37 - 000000000 ____D C:\Users\Father\AppData\Local\Lavasoft
2021-02-04 00:07 - 2021-02-04 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-04 00:07 - 2021-02-04 14:37 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-04 00:07 - 2021-02-04 14:37 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-04 00:07 - 2021-02-04 00:12 - 000001888 _____ C:\Users\Father\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2021-02-04 00:07 - 2021-02-04 00:07 - 000000000 ____D C:\Users\Father\AppData\Roaming\Opera Software
2021-02-03 23:47 - 2021-02-03 23:49 - 000000000 ____D C:\AdwCleaner
2021-02-03 23:46 - 2021-02-03 23:47 - 008457584 _____ (Malwarebytes) C:\Users\Father\Downloads\adwcleaner_8.0.9.1.exe
2021-02-03 23:46 - 2021-02-03 23:46 - 000000000 ____D C:\Users\Father\AppData\Local\Safer-Networking Ltd
2021-02-03 23:37 - 2021-02-03 23:37 - 001610095 _____ C:\Users\Father\AppData\Roaming\VideoPad.dmp
2021-02-03 23:33 - 2021-02-03 23:33 - 000000000 ____D C:\Users\Father\OneDrive\Documents\VideoPad Projects
2021-02-03 23:33 - 2021-02-03 23:33 - 000000000 ____D C:\Users\Father\AppData\Roaming\NCH Software
2021-02-03 23:29 - 2021-02-03 23:29 - 000000000 ____D C:\Users\Father\.thumbnails
2021-02-03 23:11 - 2021-02-04 12:29 - 000000000 ____D C:\WINDOWS\en
2021-02-03 23:10 - 2021-02-03 23:10 - 000001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2021-02-03 23:10 - 2021-02-03 23:10 - 000001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2021-02-03 23:10 - 2021-02-03 23:10 - 000000000 ____D C:\Program Files (x86)\Windows Live
2021-02-03 23:10 - 2021-02-03 23:10 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2021-02-03 23:09 - 2021-02-03 23:12 - 000000000 ____D C:\Users\Father\AppData\Local\Windows Live
2021-02-03 23:07 - 2021-02-03 23:07 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2021-02-03 23:05 - 2021-02-04 12:40 - 000000000 ___DC C:\WINDOWS\Panther
2021-02-03 22:37 - 2021-02-03 23:30 - 000000000 ____D C:\Users\Father\.openshot_qt
2021-02-03 20:01 - 2021-02-03 20:01 - 000000000 ____D C:\Users\Father\OneDrive\Documents\BACKUP
2021-02-03 17:20 - 2021-02-03 17:20 - 000225370 _____ C:\Users\Father\Downloads\WhatsApp Image 2020-12-31 at 7.22.58 PM.jpeg
2021-02-03 10:01 - 2020-12-08 09:29 - 000000842 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210203-100127.backup
2021-02-02 22:17 - 2021-02-02 22:17 - 000000000 ___HD C:\$WinREAgent
2021-02-02 13:31 - 2021-02-02 13:31 - 000000000 ____D C:\Safer-Networking Ltd
2021-02-02 13:30 - 2021-02-05 12:31 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-02-02 13:30 - 2021-02-04 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-02-02 13:30 - 2021-02-03 09:57 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-02-02 13:30 - 2021-02-02 13:30 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-02-02 13:30 - 2021-02-02 13:30 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2021-02-02 13:30 - 2021-02-02 13:30 - 000001452 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2021-02-02 13:30 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2021-02-02 13:30 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2021-02-02 13:25 - 2021-02-02 13:25 - 000000000 ____D C:\Users\Father\AppData\Local\D3DSCache
2021-02-01 21:30 - 2021-02-01 21:30 - 000144251 _____ C:\Users\Father\Downloads\WhatsApp Image 2021-02-01 at 5.36.48 PM.jpeg
2021-02-01 21:29 - 2021-02-01 21:29 - 025254000 _____ C:\Users\Father\Downloads\Tommy Thomas.pdf
2021-01-27 13:38 - 2021-01-27 13:38 - 000017916 _____ C:\Users\Father\Downloads\Review_letter_2021_01_25_06_31_59_959.pdf
2021-01-26 09:26 - 2021-01-26 09:26 - 000061440 _____ C:\Users\Father\Downloads\invoice (1).pdf
2021-01-26 09:24 - 2021-01-26 09:24 - 000061440 _____ C:\Users\Father\Downloads\invoice.pdf
2021-01-25 11:46 - 2021-01-25 11:46 - 000533181 _____ C:\Users\Father\Downloads\AFamosa2021Tax.jpeg
2021-01-25 11:41 - 2021-01-25 11:41 - 000071583 _____ C:\Users\Father\Downloads\WhatsApp Image 2021-01-19 at 9.24.52 PM.jpeg
2021-01-25 10:50 - 2021-01-25 10:50 - 000071282 _____ C:\Users\Father\Downloads\BCCHF-1531058-TaxReceipt.pdf
2021-01-21 08:52 - 2021-01-21 08:52 - 000016736 _____ C:\Users\Father\Downloads\2200023334Jan2021.pdf
2021-01-18 18:32 - 2021-01-18 18:32 - 001210675 _____ C:\Users\Father\Downloads\Vitamin C on Covid .pdf
2021-01-18 13:02 - 2021-01-18 13:02 - 000074689 _____ C:\Users\Father\Downloads\archive.zip
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-14 13:05 - 2021-01-14 13:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-14 13:04 - 2021-01-14 13:04 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.ShellPosition.dll
2021-01-14 13:03 - 2021-01-14 13:03 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2021-01-14 13:03 - 2021-01-14 13:03 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2021-01-14 12:40 - 2021-01-14 12:40 - 000587280 _____ C:\Users\Father\Downloads\statement (2).pdf
2021-01-13 11:30 - 2021-01-13 11:30 - 000587280 _____ C:\Users\Father\Downloads\statement (1).pdf
2021-01-13 11:28 - 2021-01-13 11:28 - 000587280 _____ C:\Users\Father\Downloads\statement.pdf
2021-01-06 12:56 - 2021-01-06 12:56 - 000000080 ___SH C:\bootTel.dat

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-05 15:30 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-05 15:25 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-05 15:23 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-05 15:18 - 2019-12-07 01:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-05 13:20 - 2020-08-13 21:04 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-05 13:20 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-05 13:20 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-05 13:20 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-02-05 12:34 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-04 14:47 - 2019-11-19 17:18 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-04 14:45 - 2020-01-18 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-02-04 14:37 - 2019-11-19 17:22 - 000000000 ____D C:\Users\Father\AppData\Local\PlaceholderTileLogoFolder
2021-02-04 14:34 - 2019-11-19 17:19 - 000000000 ____D C:\Users\Father\AppData\Local\Packages
2021-02-04 12:57 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-02-04 12:41 - 2019-11-19 17:36 - 000000000 ____D C:\ProgramData\Packages
2021-02-04 12:41 - 2019-11-19 17:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-02-04 12:41 - 2019-11-19 17:19 - 000000000 ___RD C:\Users\Father\3D Objects
2021-02-04 12:40 - 2020-12-23 18:34 - 000000378 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Father.job
2021-02-04 12:40 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-04 12:40 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-02-04 12:40 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-04 12:40 - 2019-12-07 01:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-04 12:39 - 2019-11-19 17:22 - 000000000 ___RD C:\Users\Father\OneDrive
2021-02-04 12:36 - 2019-12-07 01:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-02-04 12:36 - 2019-11-19 17:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 12:36 - 2019-11-19 17:28 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-04 12:36 - 2019-11-19 17:28 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-04 12:34 - 2020-09-04 18:24 - 000000000 ____D C:\Users\Father\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-02-04 12:34 - 2020-07-05 18:40 - 000000000 ____D C:\Users\Father\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-02-04 12:34 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-04 12:34 - 2019-11-20 15:39 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-04 12:32 - 2019-11-19 17:19 - 000000000 ____D C:\ProgramData\AMD
2021-02-04 12:31 - 2019-11-19 17:18 - 000000000 ____D C:\AMD
2021-02-04 12:30 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-02-04 12:29 - 2020-12-12 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2021-02-04 12:29 - 2020-05-30 17:46 - 000000000 ____D C:\Program Files\UNP
2021-02-04 12:29 - 2020-01-18 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2021-02-04 12:29 - 2020-01-18 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2021-02-04 12:29 - 2020-01-01 20:44 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7
2021-02-04 12:29 - 2019-12-07 01:18 - 000000000 ____D C:\WINDOWS\Setup
2021-02-04 12:29 - 2019-12-07 01:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\ta-in
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-04 12:29 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-04 12:29 - 2019-12-06 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-02-04 12:29 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-02-04 12:29 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-02-04 12:27 - 2019-11-19 17:18 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-02-04 12:27 - 2019-11-19 17:18 - 000000000 ____D C:\Program Files\AMD
2021-02-04 12:24 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-02-04 12:24 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-04 12:24 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-02-04 12:24 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-04 12:22 - 2019-12-07 01:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-04 12:22 - 2019-12-07 01:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-04 12:08 - 2019-12-07 01:51 - 000000000 ____D C:\WINDOWS\OCR
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-02-04 12:07 - 2019-12-07 01:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-02-04 12:07 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-02-04 12:07 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-02-04 12:07 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-02-03 23:41 - 2020-07-21 17:54 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro
2021-02-03 23:31 - 2020-07-17 12:27 - 000000000 ____D C:\Users\Father\AppData\Roaming\5KPlayer
2021-02-03 23:31 - 2020-07-17 12:27 - 000000000 ____D C:\Program Files (x86)\DearMob
2021-02-03 23:11 - 2019-12-06 00:12 - 000000000 ____D C:\Users\Father\AppData\Roaming\vlc
2021-02-03 23:07 - 2019-12-06 00:12 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-02-03 23:07 - 2019-12-06 00:12 - 000001143 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-02-03 18:09 - 2020-01-17 19:19 - 000000000 ___RD C:\Users\Father\OneDrive\Documents\Scanned Documents
2021-01-22 09:50 - 2019-11-19 19:22 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-14 13:13 - 2019-11-20 09:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 13:11 - 2019-11-20 09:47 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2021-02-03 23:37 - 2021-02-03 23:37 - 001610095 _____ () C:\Users\Father\AppData\Roaming\VideoPad.dmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

malware.txt Addition.txt FRST.txt

Link to post
Share on other sites

Restarted and ran Adware cleaner again. They're back!!!

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-05-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  2


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Conduit
Deleted       Trovi search
Not Deleted   Trovi search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2316 octets] - [03/02/2021 23:49:06]
AdwCleaner[C00].txt - [2321 octets] - [03/02/2021 23:49:32]
AdwCleaner[S01].txt - [1528 octets] - [03/02/2021 23:53:30]
AdwCleaner[C01].txt - [1718 octets] - [03/02/2021 23:53:42]
AdwCleaner[S02].txt - [3475 octets] - [04/02/2021 14:37:00]
AdwCleaner[C02].txt - [3297 octets] - [04/02/2021 14:37:28]
AdwCleaner[S03].txt - [1935 octets] - [05/02/2021 15:29:15]
AdwCleaner[C03].txt - [2004 octets] - [05/02/2021 15:29:40]
AdwCleaner[S04].txt - [2057 octets] - [05/02/2021 19:08:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
 

Link to post
Share on other sites

similar / same results here again:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/5/21
Scan Time: 7:10 PM
Log File: e3c80ee0-6828-11eb-82a0-60a44cd03f1d.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36775
License: Trial

-System Information-
OS: Windows 10 (Build 19041.789)
CPU: x64
File System: NTFS
User: DESKTOP-D6K5RR3\Father

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 276623
Threats Detected: 6
Threats Quarantined: 0
Time Elapsed: 3 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
PUP.Optional.Conduit, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 139, 454832, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C
PUP.Optional.Conduit, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 139, 454832, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C
PUP.Optional.Conduit, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 139, 454832, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C
PUP.Optional.Trovi, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 1226, 454808, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C
PUP.Optional.Conduit, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 139, 454832, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C
PUP.Optional.Conduit, C:\USERS\FATHER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 139, 454835, 1.0.36775, , ame, , 4CB5A01C2896C74066E052270A0B0333, 23AE01AA75E152BB3AA587E83C6E8865CE3404D333960FEBD066CAE1A284D33C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hiya rollingaway,

Continue please:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Use the instructions from the following linke to reset Chrome:

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Next,

user posted image

 
  • Click Here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8/10 users: Accept UAC warning if it is enabled). A screen like this will appear:

    user posted image

     
  • Leave everything as it is, then click Extract. This maybe listed as Install This will unpack or install Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction or installation is done, an icon will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.

    user posted image

     
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:

    user posted image

     
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.

    user posted image

     
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.

    user posted image

     
  • Please Copy and Paste the contents of the scan log in your next reply.


Next,

Run another scan with AdwCleaner.....

Let me see those logs in your reply, also confirm Chrome has been reset...

Thank you,

Kevin..

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.