Jump to content

"Your McAfee subscription has expired" malware


Go to solution Solved by Swegnson,

Recommended Posts

I am running Windows 10 with Malwarebytes Premium (4.4.3), both current. I am getting multiple periodic pop-ups with the subject message even after blocking all notifications and pop-ups in Google Chrome. I have no McAfee software installed. I am not using any Peer to Peer software. Here is the Frst,txt data -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by hamre (administrator) on HP-PAVILION (HP HP Pavilion Desktop 590-p0xxx) (15-07-2021 17:24:21)
Running from C:\Users\hamre\Downloads
Loaded Profiles: hamre
Platform: Windows 10 Home Version 2004 19041.1083 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointGpuInfo.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-17] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service9] => C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe [404288 2020-07-27] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34612864 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31019504 2020-06-09] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\WINDOWS\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-01] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-05-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042EB5C8-8144-4CDB-86DE-9AACD14EFF7E} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {0B0826DC-CBA1-4DFA-8F8A-1C3F7CDB6F9B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {0D3BB49F-A3C4-488B-BB05-130A4C86DFDF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {0FE392D6-B793-42B9-A857-00941B213CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-09] (Google LLC -> Google LLC)
Task: {1A406509-039E-4011-B6D1-8D5D12947631} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-09] (Google LLC -> Google LLC)
Task: {1B0D5D61-82D6-4EBC-B6C7-8BB93A1DAD21} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-06-09] (Garmin International, Inc. -> )
Task: {1D119BC7-076C-4590-9BBD-C7B21F3DFC09} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.)
Task: {1FD8A90A-47E9-4712-BD28-4127DA494D10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-07-08] (HP Inc. -> HP Inc.)
Task: {23303FC9-6D65-46CA-B3FC-6972CA220AD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-08] (HP Inc. -> HP Inc.)
Task: {30290928-1B23-4681-B9B3-E4776F574FB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-08] (HP Inc. -> HP Inc.)
Task: {45B1D906-3889-4E89-B1D7-A83D0B773BAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4D9A77C1-BADB-4062-B26A-E0BF3B272C5A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-335056227-1647677489-823375949-500 => C:\Users\hamre\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {5E40918D-E516-4435-ADDD-0D8BE7A92582} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B4FE6750-8D9B-47B6-A8F5-EBA3DBF43D4B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-335056227-1647677489-823375949-1003 => C:\Users\hamre\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B97D079B-E824-484B-8631-FF75783E38BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-08] (HP Inc. -> HP Inc.)
Task: {C00B8F5F-10B4-4638-8685-3E9197A804B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {C24A9F69-90AD-4687-A56D-0EE9DCAD1644} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA172CAC-542C-4DF3-BB49-87B01CB65372} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6FFE3F4-C19B-4047-91BC-07FDBD3B2930} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {E583AC74-5D1A-45C7-8A5E-8A816750F645} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform)
Task: {F9BF530E-88BD-4C5D-93AD-443F4E971512} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-30] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f35dac7-acf2-4530-8690-cfba24ffb473}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\hamre\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: gn826bg3.default
FF ProfilePath: C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\gn826bg3.default [2020-05-12]
FF ProfilePath: C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\ljh7u77t.default-release [2021-07-08]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\ljh7u77t.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-06-23]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default [2021-07-15]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://nytimes.com/
CHR StartupUrls: Default -> "hxxps://www.nytimes.com/","hxxps://www.optimum.net/login?referer=%2FWebmail%2FSSOBroker%3Ftarget%3Dhttps%3A%2F%2Fwebtop.webmail.optimum.net%2F","hxxps://www.google.com/webhp?source=search_app"
CHR DefaultSearchKeyword: Default -> google.com__
CHR Extension: (Slides) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-09]
CHR Extension: (Entanglement Web App) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-05-09]
CHR Extension: (Docs) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-09]
CHR Extension: (Google Drive) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-09]
CHR Extension: (hxxps://www.findagrave.com/) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppkaoipkphocjgefgcifolhmnedjpgi [2020-05-09]
CHR Extension: (Sheets) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-09]
CHR Extension: (hxxps://finance.yahoo.com/quote/IBM/) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikegddiibopocgjpodbgcbndjoogpoi [2020-05-09]
CHR Extension: (Google Docs Offline) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-07-08]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-08]
CHR Extension: (Disconnect) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-10-24]
CHR Extension: (Yahoo Finance New Tab) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkjlpjkmkmhjinldbbjmhpmikljflfc [2020-05-09]
CHR Extension: (ZIP Extractor) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2020-05-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-30]
CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-15]
CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-15]
CHR Notifications: Profile 1 -> hxxps://flashymass.com; hxxps://kokotrokot.com; hxxps://www.overstock.com
CHR Extension: (Slides) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-12]
CHR Extension: (Docs) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-12]
CHR Extension: (Google Drive) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-12]
CHR Extension: (Adobe Acrobat) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]
CHR Extension: (Sheets) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]
CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2020-06-27] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\AppHelperCap.exe [734752 2021-05-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\DiagsCap.exe [733192 2021-05-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\NetworkCap.exe [733216 2021-05-24] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\SysInfoCap.exe [733720 2021-05-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointAnalyticsClientService.exe [489512 2021-05-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [313344 2019-04-08] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1637936 2021-07-13] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 clwvd9; C:\WINDOWS\System32\drivers\clwvd9.sys [60984 2019-09-08] (CyberLink Corp. -> CyberLink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-03-28] (Malwarebytes Inc -> Malwarebytes)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-15] (Malwarebytes Inc -> Malwarebytes)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [88376 2018-10-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-15 17:24 - 2021-07-15 17:24 - 000027521 _____ C:\Users\hamre\Downloads\FRST.txt
2021-07-15 17:23 - 2021-07-15 17:24 - 000000000 ____D C:\FRST
2021-07-15 17:23 - 2021-07-15 17:23 - 002300416 _____ (Farbar) C:\Users\hamre\Downloads\FRST64.exe
2021-07-15 16:25 - 2021-07-15 16:25 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-15 16:25 - 2021-07-15 16:25 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-07-15 16:25 - 2021-07-15 16:25 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-07-15 16:25 - 2021-07-15 16:25 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-07-08 20:55 - 2021-07-08 20:55 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-08 20:55 - 2021-07-08 20:55 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-08 20:55 - 2021-07-08 20:55 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-08 20:55 - 2021-07-08 20:55 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-08 20:55 - 2021-07-08 20:55 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-08 20:55 - 2021-07-08 20:55 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-08 20:55 - 2021-07-08 20:55 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-08 20:55 - 2021-07-08 20:55 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-08 20:55 - 2021-07-08 20:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-08 20:55 - 2021-07-08 20:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-08 20:55 - 2021-07-08 20:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-08 20:55 - 2021-07-08 20:55 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-08 15:16 - 2021-07-08 15:16 - 000070510 _____ C:\Users\hamre\Downloads\Country-Examples-Refugee-Numbers.xlsx
2021-07-06 22:21 - 2021-07-06 22:21 - 001299943 _____ C:\Users\hamre\Downloads\AccidentEstimate.pdf
2021-07-04 10:34 - 2021-07-04 10:34 - 000031922 _____ C:\Users\hamre\Downloads\Atrium Timeline, draft 6.29.21 (1).pdf
2021-07-04 10:22 - 2021-07-04 10:22 - 008814817 _____ C:\Users\hamre\Downloads\SmithsonianUSATInspirationNationSpring2021reduced.pdf
2021-07-04 10:22 - 2021-07-04 10:22 - 005041862 _____ C:\Users\hamre\Downloads\Picture Our Journey_Learning Center_Fall 2021_description_6_29_21.pdf
2021-07-04 10:21 - 2021-07-04 10:21 - 001068408 _____ C:\Users\hamre\Downloads\immigration_pack_for_kids.pdf
2021-07-04 10:21 - 2021-07-04 10:21 - 001033539 _____ C:\Users\hamre\Downloads\Political_Cartoon_Analysis_Sample_Lesson_Plan_for_English_Learners_Index_Page_Numbers.pdf
2021-07-04 10:19 - 2021-07-04 10:19 - 000362103 _____ C:\Users\hamre\Downloads\#ImmigrationSyllabus.pdf
2021-07-03 15:17 - 2021-07-03 15:17 - 000617859 _____ C:\Users\hamre\Downloads\GrandCanyonPix (2).zip
2021-07-03 13:13 - 2021-07-03 13:13 - 000315884 _____ C:\Users\hamre\Downloads\Curatorial essay, Heather Ewing.pdf
2021-07-03 13:12 - 2021-07-03 13:12 - 000200470 _____ C:\Users\hamre\Downloads\Atrium timeline cartoons_interventions.pdf
2021-07-03 13:12 - 2021-07-03 13:12 - 000031922 _____ C:\Users\hamre\Downloads\Atrium Timeline, draft 6.29.21.pdf
2021-07-03 13:11 - 2021-07-03 13:11 - 000190554 _____ C:\Users\hamre\Downloads\ARRIVALS_RighterElevations.pdf
2021-07-03 13:10 - 2021-07-03 13:10 - 162728615 _____ C:\Users\hamre\Downloads\Arrivals_Images_210401.pptx
2021-07-03 13:09 - 2021-07-03 13:09 - 000152650 _____ C:\Users\hamre\Downloads\ARRIVALS_Beitzel Elevations_Alternate.pdf
2021-07-03 13:08 - 2021-07-03 13:08 - 000485223 _____ C:\Users\hamre\Downloads\Today non-full doc.pdf
2021-07-03 13:07 - 2021-07-03 13:07 - 000592457 _____ C:\Users\hamre\Downloads\Ellis_Angel Island - not full doc - NH.pdf
2021-07-03 13:07 - 2021-07-03 13:07 - 000339851 _____ C:\Users\hamre\Downloads\1965 full docent training notes - EW.pdf
2021-07-03 13:06 - 2021-07-03 13:06 - 000498863 _____ C:\Users\hamre\Downloads\Slavery_Middle Passage - not full doc - NH.pdf
2021-07-03 13:04 - 2021-07-03 13:04 - 000588012 _____ C:\Users\hamre\Downloads\Mayflower full docent training notes - EW.pdf
2021-07-02 13:04 - 2021-07-02 13:04 - 006406651 _____ C:\Users\hamre\Downloads\Hamren Proposal.pdf
2021-06-23 15:08 - 2021-06-23 15:08 - 000000000 ____D C:\Users\hamre\AppData\Local\GoToAssist Corporate
2021-06-16 15:16 - 2021-06-16 15:16 - 000002491 _____ C:\Users\hamre\Downloads\Cladogram resources.zip
2021-06-15 10:33 - 2021-06-15 10:33 - 007043489 _____ C:\Users\hamre\Downloads\MaryJane.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-15 17:03 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-15 17:00 - 2020-05-09 17:38 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-15 16:25 - 2020-05-10 11:47 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-15 16:25 - 2020-05-10 11:47 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-15 16:22 - 2020-05-09 17:09 - 000000000 __SHD C:\Users\hamre\IntelGraphicsProfiles
2021-07-15 16:19 - 2021-03-07 02:11 - 000934906 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-15 16:19 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-15 16:15 - 2020-05-10 11:14 - 000000000 ____D C:\Program Files\CCleaner
2021-07-15 16:13 - 2021-03-07 02:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-15 16:13 - 2021-03-07 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-15 16:13 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-15 16:08 - 2021-03-07 02:08 - 000004156 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{26FB9C09-3C01-41DA-BCE2-5B69C645769A}
2021-07-15 16:05 - 2021-03-07 02:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-15 09:00 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-15 09:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-15 08:51 - 2020-05-09 18:12 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-14 20:54 - 2021-03-07 02:08 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-14 20:54 - 2021-03-07 02:08 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-10 20:15 - 2020-05-09 17:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-08 22:00 - 2021-03-07 02:02 - 000468384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-08 22:00 - 2020-01-09 07:00 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-08 20:57 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-08 15:17 - 2020-05-09 17:05 - 000000000 ____D C:\Users\hamre\AppData\Local\Packages
2021-07-05 12:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-07-05 12:09 - 2021-03-07 02:08 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-01 20:59 - 2020-05-09 17:38 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-01 20:58 - 2021-04-26 09:40 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71318ce14a59
2021-07-01 20:58 - 2021-03-07 02:08 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-29 13:13 - 2020-11-10 14:47 - 000000000 ____D C:\Users\hamre\AppData\Local\CrashDumps
2021-06-24 12:26 - 2020-05-12 07:37 - 000000000 ____D C:\Users\hamre\AppData\LocalLow\Mozilla
2021-06-24 12:26 - 2020-05-12 07:37 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-23 18:21 - 2021-02-05 13:51 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-23 15:16 - 2020-05-12 07:37 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

Hello @Swegnson please run the steps below and we'll see if that cleans it or if you still need further assistance.

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 

 

 

 

Spoiler

 

 

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

  • 3 weeks later...

Hello @Swegnson   I hope you are doing well.  Just checking on your case. We have not heard back from you after several days have gone by.

Do you still need help ?

Have you seen Ron's reply here https://forums.malwarebytes.com/topic/276611-your-mcafee-subscription-has-expired-malware/?do=findComment&comment=1469607

 

Link to post
Share on other sites

Thank you for the information.    You can proceed with cleanup of tools  used.

To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe.
Then run that ( double click on it) to begin the cleanup process.


I wish you all the best. Stay safe.

Sincerely.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.