Jump to content

Partner clicked on button a phishing email from "HSBC"

RSM

By RSM
in Resolved Malware Removal Logs

 Share

Recommended Posts

RSM

RSM

Posted
Posted

Hi everyone, I am new to the forum, but could use some help. My partner clicked on a button as it says above. She didnt enter any details and I have scanned the PC with several anti virus/anti Malware programs and come up with nothing. However, I have tried multiple times to open a genuine link sent to me, that I need to open and I keep getting a block message below and I am concerned it has something to do with this email, that was clicked on. Any ideas ?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/12/21
Protection Event Time: 2:37 PM
Log File: 6fc9d216-fb72-11eb-91ba-d067e527daa7.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.44060
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: findresults.site
IP Address: 103.224.182.251
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

(end)

Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted
Hello and Welcome
I'm sorry the software isn't working properly but we'll do our best to help.
Just clicking a link in a phishing email should not cause what you are seeing especially if nothing will filled out in the website.  Have you rebooted your computer since this happened? A reboot may clear it all up. Either way lets get some logs to see if we can tell what may be going on here.
To begin, please do the following so that we may take a closer look at your installation for troubleshooting:
NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply
Thank you
Link to post
Share on other sites
RSM

RSM

Posted
  • Author
Posted

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2021
Ran by Trevor (administrator) on TREVOR-PC (Dell Inc. Inspiron 620) (12-08-2021 13:32:50)
Running from C:\Users\Trevor\Downloads
Loaded Profiles: Trevor
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adlice -> ) C:\Program Files\UCheck\UCheck64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Devolutions inc. -> ) C:\Program Files\Devolutions\Wayk Agent\NowService.exe
(Devolutions inc. -> ) C:\Program Files\Devolutions\Wayk Agent\WaykCrashReporter.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\128.4.2870\QtWebEngineProcess.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Trevor\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation -> Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8089888 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-105084621-2470936660-356980580-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-105084621-2470936660-356980580-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\LogMeIn Print Processor: C:\Windows\System32\spool\prtprocs\x64\LMIproc.dll [60744 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Windows x64\Print Processors\sht13cPC: C:\Windows\System32\spool\prtprocs\x64\sht13cpc.dll [82856 2019-07-21] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\uh004PC: C:\Windows\System32\spool\prtprocs\x64\uh004pc.dll [74048 2019-04-01] (联想图像(天津)科技有限公司 -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MB2100 series: CNCALCZ.DLL
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX720 series: C:\WINDOWS\system32\CNCALBK.DLL [303104 2012-09-21] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: CNCALBL.DLL
HKLM\...\Print\Monitors\Canon BJ Language Monitor MB2100 series: CNMLMCZ.DLL
HKLM\...\Print\Monitors\Canon BJ Language Monitor MB2100 series XPS: C:\WINDOWS\system32\CNMXLMCZ.DLL [438784 2018-07-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX720 series: C:\WINDOWS\system32\CNMLMBK.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX720 series XPS: C:\WINDOWS\system32\CNMXLMBK.DLL [393728 2012-09-20] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\WINDOWS\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-07-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\WINDOWS\system32\custmon64i.dll [87552 2011-10-04] () [File not signed]
HKLM\...\Print\Monitors\HP 5412 Status Monitor: C:\WINDOWS\system32\hpinksts5412LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\LogMeIn Printer Port Monitor: C:\WINDOWS\system32\LMIport.dll [35656 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Print\Monitors\sht13c Langmon: C:\WINDOWS\system32\sht13clm.dll [61840 2019-07-21] (联想图像(天津)科技有限公司 -> )
HKLM\...\Print\Monitors\uh004 Langmon: C:\WINDOWS\system32\uh004lm.dll [53056 2019-04-01] (联想图像(天津)科技有限公司 -> )
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\WINDOWS\system32\LMIinit.dll [2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DEB208-5CB9-49CA-B9D4-2A66A30C21FE} - System32\Tasks\GoogleUpdateTaskMachineUA1d1aafe43a2359 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B6DFC31-60EE-4030-8964-7D8DEEE7607D} - System32\Tasks\Phoenix360\ActiveReporter-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {0C1FA638-A93C-4198-85F4-CBA14716478C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {15514877-F30A-457D-B345-EC40D49AA8BD} - System32\Tasks\{10B4A429-340B-4224-B42F-CB7C13348265} => C:\Windows\system32\pcalua.exe -a D:\SERVICE\PCInstall.exe -d D:\SERVICE
Task: {2186E218-45FB-48C8-8F6E-82E1B7E9CD1B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26CDD12E-9538-4A8D-A342-2394F841D48D} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {2C9F8640-E85D-46B5-8DF9-397AC20EFDB4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2E367C82-2D35-48A1-9DA2-C2C785C984D9} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [1086336 2018-05-24] (Alittera Limited Inc -> 4Team Corporation)
Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {34A5B3AE-928E-4F29-ACD5-7BAAC3F5B24F} - System32\Tasks\UCheck => C:\Program Files\UCheck\UCheck64.exe [26558008 2020-09-16] (Adlice -> )
Task: {376C045B-D53B-40AC-BEB0-5FF70D02A8A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3DDEDC3A-B8DB-4E09-BDF1-4C2AE7F7F850} - System32\Tasks\{E9A8F2EA-E2E2-41FE-A089-80BCAE05F6BB} => C:\Windows\system32\pcalua.exe -a C:\Users\Trevor\Downloads\QuickBooksUK2010.exe -d C:\Users\Trevor\Desktop
Task: {45C1D84D-A8DE-4FA0-85C5-3CEDE39D9DE5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4CDEC47D-968A-435E-AD14-794102F55C2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5AB32EB1-084D-4F3A-9E0D-D544D7A388C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D7F99F3-A6A8-4B5D-9E6D-420343E0BC3D} - System32\Tasks\avastBCLRestartS-1-5-21-105084621-2470936660-356980580-1001 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 0
Task: {60157AE6-2A5E-4BFA-875F-2F92B79F2A47} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65899461-1FC6-40B3-AFA4-F2A43923DCB6} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {664E79EA-72A5-4BC1-ACB5-BCAB03D9A5B6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {66B89340-B0FE-4AD1-A869-7719465C5772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282280 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {723915CB-40A3-487F-8754-0971CB6A418A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {76775995-4B02-42D7-97D5-FE67D34C0C48} - System32\Tasks\{3DCC002B-D302-46B3-9C40-B95539249579} => C:\Windows\system32\pcalua.exe -a "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00\CDM_Setup.exe" -d "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00"
Task: {777E1701-75C6-4F62-8F92-F876D658BA63} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {7A122A7D-A028-4B00-87F1-761C287F5B79} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {80AFCD6B-66BB-439F-8848-D21ED44850CA} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\AutoUpdate.exe [2369808 2020-03-06] (IObit Information Technology -> IObit)
Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F7AA920-DCFC-470D-8E25-879AE28D4E99} - System32\Tasks\{1B447821-D9F5-415E-9BA3-336A32609963} => C:\Windows\system32\pcalua.exe -a "C:\Users\Trevor\Documents\duplicate_remover\Setup for Outlook 64-bit.exe" -d C:\Users\Trevor\Documents\duplicate_remover
Task: {9853F459-CABD-4672-A8C3-BFBD884D0EC5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {9947CDC5-B24D-4C66-B8F4-4ED9238BD8CA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-21] (Adobe Inc. -> Adobe)
Task: {9A44F714-E455-4899-A9E0-1C820AFCC4C3} - System32\Tasks\{8EC820F7-4CA0-4CE1-9B10-2A9FD4C41861} => C:\Windows\system32\pcalua.exe -a "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00\FTDIUNIN.exe" -d "D:\DRIVER&USB\Distribution\Windows XP Driver\CDM 2.00.00"
Task: {9E9CC566-77ED-47C1-8416-365D9F26D56C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {A0C66E86-BC34-4CE2-BCC1-DBBC79758A61} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A5350653-16AE-4FCF-B05E-4F14D592FD25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE295510-F901-4D28-91A0-8E4DF44EFAD3} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1EB7F07-AF98-4777-97BC-17351A87A121} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\Scheduler.exe [149776 2020-02-27] (IObit Information Technology -> IObit)
Task: {B70C89CA-D251-41FD-8477-14E302EF9509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BFA47043-60AA-4FA3-9FCA-5FD9A75E19E7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C5250AEA-992B-46AB-9CA9-C152D7A07E73} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C56C339F-D4B0-470F-984B-78E47E45BC38} - System32\Tasks\{454A3CE8-B486-47D3-BF5E-B92ECAC9100A} => C:\Windows\system32\pcalua.exe -a D:\ENV\ActiveXRegSetup.exe -d D:\ENV
Task: {C61525E5-AB47-4241-8EFA-21D34C436BD1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CA8384D1-C3EE-4D1D-A6ED-811F9E4D4C66} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CD9B19B9-E4B2-4A04-8685-6236275D32FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D62F328B-D0F8-4A6E-A5F1-860AC11E33B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D92EA0D0-9E2B-4C88-A488-29862A985580} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe [556816 2019-12-20] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {E54F305F-55B2-4EA7-8B8D-EAA6AD683EA5} - System32\Tasks\Christmas Task (One-Time) => C:\Program Files (x86)\IObit\Driver Booster\7.3.0\xmas.exe
Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E9657B7D-A38A-4FE1-BEEE-E2A5850BAE87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9E02B38-FBF3-4BBA-9FD4-B39D2D2CCF99} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aafe35676c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EEBD6104-DD09-4A5B-992A-489891F03EAC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F29147B7-A909-4993-A988-209B54944DCF} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9608979-743F-4487-9C15-A6F7676BD678} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {F9F71D54-5180-4DB0-8129-3293224B2AC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-21] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4203D66C-69BE-429D-AE78-2193EA9AA5EF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F9419E88-BAD8-4C2E-A8A2-461912EFF709}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F9419E88-BAD8-4C2E-A8A2-461912EFF709}: [DhcpNameServer] 192.168.1.254

Edge: 
=======
DownloadDir: C:\Users\Trevor\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-12]
Edge HomePage: Default -> hxxps://uk.search.yahoo.com/?type=715483&fr=yo-yhp-ch
Edge Extension: (Avast Passwords) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-06-22]
Edge Extension: (Avast Online Security) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-03-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Trevor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-12]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 17ikk9n1.default
FF ProfilePath: C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\17ikk9n1.default [2021-07-24]
FF Extension: (IBM Security Rapport) - C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-01-22] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-21] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-21] (Adobe Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-09-07] (Motive, Inc.) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default [2021-08-12]
CHR Notifications: Default -> hxxps://app.rain-alarm.com; hxxps://calendar.google.com; hxxps://www.facebook.com; hxxps://www.greatwarforum.org; hxxps://www.mirror.co.uk; hxxps://www.reddit.com; hxxps://www.whats-on-netflix.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/?type=715483&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/"
CHR Extension: (Adobe Acrobat) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-05]
CHR Extension: (Avast Passwords) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-02-14]
CHR Extension: (Avast Online Security) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR Profile: C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-04]
CHR HKU\S-1-5-21-105084621-2470936660-356980580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1157592 2019-09-26] (Acronis International GmbH -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-21] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-02-21] (Freemake) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-29] (Alcatel-Lucent) [File not signed]
R2 NOBU; C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2823000 2010-08-26] (Symantec Corporation -> Dell, Inc.)
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2011-03-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
S4 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM -> IBM Corp.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13610040 2020-09-15] (Adlice -> )
R2 SgtSch2Svc; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [1200312 2018-03-05] (Acronis International GmbH -> )
S3 SysnetProtect; C:\Program Files\SysnetProtect\windows_service\device_security_service.exe [5987336 2019-02-21] (Sysxnet Limited -> Sysnet Global Solutions)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13238568 2021-07-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WaykNowService; C:\Program Files\Devolutions\Wayk Agent\NowService.exe [9444656 2021-07-15] (Devolutions inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 LMIRescue_ca296989-8fdc-826d-7ef3-8b1ae0d0b596; "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe" -service -sid ca296989-8fdc-826d-7ef3-8b1ae0d0b596 -wd "C:\Users\Trevor\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\\"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-10] (Malwarebytes Inc -> Malwarebytes)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-04-26] (SurfRight B.V. -> )
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-04] (Martin Malik - REALiX -> REALiX(tm))
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-08-12] (Malwarebytes Inc -> Malwarebytes)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM -> IBM Corp.)
S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-02-20] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM -> IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM -> IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM -> IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM -> IBM Corp.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-02-19] (iolo technologies, LLC -> EldoS Corporation)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [19016 2019-05-31] (HP Inc. -> )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-08-11] (Adlice -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-11-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-12 13:04 - 2021-08-12 13:07 - 000073904 _____ C:\Users\Trevor\Downloads\Addition.txt
2021-08-12 12:57 - 2021-08-12 13:33 - 000039771 _____ C:\Users\Trevor\Downloads\FRST.txt
2021-08-12 12:56 - 2021-08-12 13:33 - 000000000 ____D C:\FRST
2021-08-12 12:55 - 2021-08-12 12:56 - 002300416 _____ (Farbar) C:\Users\Trevor\Downloads\FRST64.exe
2021-08-12 11:06 - 2021-08-12 11:06 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-12 11:06 - 2021-08-12 11:06 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-12 11:06 - 2021-08-12 11:06 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-12 11:06 - 2021-08-12 11:06 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-11 10:05 - 2021-08-11 10:05 - 000221743 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE31072021.xlsb
2021-08-11 10:05 - 2021-08-11 10:05 - 000221722 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE311082021.xlsb
2021-08-11 02:23 - 2021-08-11 02:23 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-08-11 01:34 - 2021-08-11 01:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 01:34 - 2021-08-11 01:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 01:34 - 2021-08-11 01:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-11 01:34 - 2021-08-11 01:34 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 01:33 - 2021-08-11 01:33 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-11 01:33 - 2021-08-11 01:33 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-11 01:33 - 2021-08-11 01:33 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-11 01:23 - 2021-08-11 01:23 - 000000000 ___HD C:\$WinREAgent
2021-08-09 21:00 - 2021-08-09 21:00 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-08-09 21:00 - 2021-08-09 21:00 - 000002253 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-08-07 21:06 - 2021-08-07 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-08-05 21:33 - 2021-08-05 21:33 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-08-05 21:33 - 2021-08-05 21:33 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-08-05 18:40 - 2021-08-05 18:40 - 000079872 _____ C:\Users\Trevor\Downloads\motorcycle incident Ridesure .xls
2021-08-05 09:08 - 2021-08-05 09:08 - 000002425 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-01 00:21 - 2021-08-01 00:21 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-30 11:49 - 2021-07-30 11:49 - 000220792 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE28072021.xlsb
2021-07-28 14:41 - 2021-07-28 14:41 - 000220324 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE24062021.xlsb
2021-07-28 14:26 - 2021-07-28 14:26 - 000028367 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\RidesureDL1965185826-850.xlsx
2021-07-28 10:44 - 2021-07-28 10:44 - 000027517 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template.xltx.xlsx
2021-07-28 10:35 - 2021-07-28 10:35 - 000028413 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165776-800.xlsx
2021-07-28 09:11 - 2021-07-28 09:11 - 000028394 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165776-800.xltx
2021-07-27 20:48 - 2021-07-27 20:48 - 000024054 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template1.xltx - Copy.xlsx
2021-07-27 20:47 - 2021-07-27 20:48 - 000024054 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template1.xltx.xlsx
2021-07-27 12:18 - 2021-07-27 12:18 - 000028439 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl1965165751-775.xlsx
2021-07-23 16:11 - 2021-07-23 16:11 - 000219905 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE14062021.xlsb
2021-07-23 11:16 - 2021-07-23 11:16 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-20 10:29 - 2021-07-20 10:29 - 000219350 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE16062021.xlsb
2021-07-20 10:29 - 2021-07-20 10:29 - 000219337 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE20062021.xlsb
2021-07-16 19:16 - 2021-07-16 19:16 - 000000072 _____ C:\WINDOWS\system32\wayk-now.bat
2021-07-16 19:16 - 2021-07-16 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wayk Agent
2021-07-16 10:04 - 2021-07-16 10:13 - 206941304 _____ C:\Users\Trevor\Downloads\wetransfer-fd8186.zip
2021-07-14 18:33 - 2021-07-14 18:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-14 18:33 - 2021-07-14 18:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-14 18:33 - 2021-07-14 18:33 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-14 18:33 - 2021-07-14 18:33 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-14 07:45 - 2021-07-14 07:45 - 000218699 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\INVOICE10062021.xlsb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-31 19:57 - 2012-08-20 19:04 - 000689664 _____ (AdminSystem Software Limited) C:\WINDOWS\system32\ANPOP.dll
2021-08-12 13:14 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-12 13:07 - 2020-11-12 12:21 - 000000000 ____D C:\Users\Ridesure
2021-08-12 13:07 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-12 12:57 - 2011-12-06 19:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-12 12:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-12 11:57 - 2020-11-12 12:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-12 11:16 - 2018-09-21 19:06 - 000000000 ____D C:\Program Files\CCleaner
2021-08-12 11:06 - 2021-06-10 10:46 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-12 11:06 - 2020-11-17 15:41 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-12 03:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-11 16:37 - 2019-12-16 12:53 - 000000000 ____D C:\Users\Trevor\AppData\Local\Packages
2021-08-11 02:30 - 2020-11-12 12:35 - 000939138 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-11 02:24 - 2021-05-05 12:06 - 000000000 ___RD C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training
2021-08-11 02:24 - 2016-04-29 17:33 - 000000000 ___RD C:\Users\Trevor\OneDrive
2021-08-11 02:23 - 2020-11-12 12:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-11 02:23 - 2020-11-12 12:15 - 000544696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-11 02:23 - 2020-11-12 12:15 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-11 02:23 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-11 02:23 - 2018-02-23 13:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-11 02:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 02:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-11 01:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-11 00:29 - 2020-11-12 12:21 - 000000000 ____D C:\Users\Trevor
2021-08-10 23:57 - 2013-07-26 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-10 23:48 - 2011-12-01 13:14 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-09 21:00 - 2011-12-06 19:25 - 000000000 ____D C:\Program Files\Google
2021-08-07 21:06 - 2020-10-21 17:47 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-08-07 05:35 - 2020-06-21 20:38 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-07 05:35 - 2020-06-21 20:38 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-08-05 09:07 - 2011-09-21 10:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-08-05 01:59 - 2018-02-23 13:32 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-05 01:59 - 2018-02-23 13:32 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-04 20:52 - 2020-11-12 12:56 - 000003448 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d1aafe43a2359
2021-08-04 20:52 - 2020-11-12 12:56 - 000003324 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d1aafe35676c3
2021-08-04 08:18 - 2019-12-14 20:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-02 13:30 - 2020-11-30 12:56 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b8e77c620f25
2021-08-02 13:30 - 2020-11-12 12:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-27 12:25 - 2021-05-10 14:44 - 000027497 _____ C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Ridesuredl196template.xltx
2021-07-23 16:18 - 2018-03-23 12:50 - 000000000 ____D C:\Users\Trevor\AppData\Local\CrashDumps
2021-07-16 12:58 - 2011-12-16 15:59 - 000000000 ___RD C:\Users\Trevor\OneDrive - Ridesure Motorcycle Training\Documents\Scanned Documents
2021-07-14 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-14 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System

==================== Files in the root of some directories ========

2018-12-29 13:49 - 2018-12-29 13:49 - 000000288 _____ () C:\Users\Trevor\AppData\Roaming\.backup.dm
2012-08-29 08:36 - 2013-02-11 14:37 - 000000754 _____ () C:\Users\Trevor\AppData\Roaming\AtomicAlarmClock.ini
2012-12-11 18:47 - 2012-12-11 18:47 - 000012288 _____ (Archlink Technology Corporation) C:\Users\Trevor\AppData\Roaming\CheckOSandLaunch.exe
2012-12-12 15:14 - 2012-12-12 15:14 - 000001855 _____ () C:\Users\Trevor\AppData\Roaming\CheckOSandLaunch.exe.config
2011-12-08 14:17 - 2014-02-21 20:02 - 000022236 _____ () C:\Users\Trevor\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-05-20 11:17 - 2016-04-26 20:40 - 000000600 _____ () C:\Users\Trevor\AppData\Roaming\winscp.rnd
2020-11-25 15:50 - 2020-11-26 16:48 - 000007168 _____ () C:\Users\Trevor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-12-16 17:22 - 2020-12-16 17:22 - 000000884 _____ () C:\Users\Trevor\AppData\Local\recently-used.xbel
2011-12-23 17:56 - 2021-05-12 14:48 - 000007635 _____ () C:\Users\Trevor\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @RSM

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour
Java 8 Update 261
CCleaner (most experts no longer recommend the use of this program)

 

Then run the following Microsoft scanner for me.

 

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

Thanks

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

That log as I'm sure you see, shows clean.

Let me have you run the following, please.

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24 fromhttps://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's SmartScreen blocks that with a message window
  • Click on the MORE INFO spot and override that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow it to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

Thank you

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the log @RSM

Please uninstall, update, or otherwise address the following issues as appropriate for your system

 


--------------------------- [ OtherUtilities ] ----------------------------

calibre 64bit v.3.41.3 Warning! Download Update


------------------------------ [ ArchAndFM ] ------------------------------

TreeSize Free V4.1.2 v.4.1.2 Warning! Download Update


------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.22 v.2.10.22 Warning! Download Update

FastStone Image Viewer 4.6 v.4.6 Warning! Download Update

Picasa 3 v.3.9 Warning! This software is no longer supported.


-------------------------- [ IMAndCollaborate ] ---------------------------

Microsoft Teams v.1.3.00.3564 Warning! Download Update

Skype™ 7.40 v.7.40.151 Warning! Download Update


-------------------------------- [ Media ] --------------------------------

iTunes v.12.11.0.26 Warning! Download Update
^Please use Apple Software Update tool.^

K-Lite Codec Pack 7.0.0 (Standard) v.7.0.0 Warning! Download Update

QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.

 

------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 71.0 (x64 en-GB) v.71.0 Warning! Download Update

Safari v.5.34.57.2 Warning! This software is no longer supported.


----------------------------- [ EmailClient ] -----------------------------

Windows Live Essentials v.16.4.3508.0205 Warning! This software is no longer supported.

Windows Live Mail v.16.4.3508.0205 Warning! This software is no longer supported.


---------------------------- [ UnwantedApps ] -----------------------------

Driver Booster 7 v.7.3.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.

Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.

System Mechanic v.18.7.3.176 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.