Jump to content

How to remove PUM.Optional.DisableRegistryTools and PUM.Optional.Norun


Recommended Posts

A few days ago I noticed that if I tried to open cmd it'd immediately close so I ran a malwarebytes scan and I found out that I had 3 PUM's, the 2 in the title and a PUP called PUP.Optional.MaxUninstaller. After I scanned my laptop I tried opening cmd and it still didn't work but it only detected 2 threats but it was still not working. So, is there any way to remove these files?

Link to post
Share on other sites

Hello dycat and welcome to Malwarebytes,

Lets grab some logs and see whats going on, continue with the following:

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

If our tools do not run because of windows smart screen or your security, consider the following:

Disable smart screen if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....


Thank you,

Kevin....
Link to post
Share on other sites

I've attached the malwarebytes logs and the Addition.txt logst and below I've pasted the adwcleaner logs and the FRST logs

Thank you for your help so far.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-17-2021
# Duration: 00:00:02
# OS:       Windows 10 Education
# Cleaned:  2
# Awaiting reboot:2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot  Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed   C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed   C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [1714 octets] - [16/08/2021 18:17:10]
AdwCleaner[C00].txt - [2159 octets] - [16/08/2021 18:17:53]
AdwCleaner[S01].txt - [1674 octets] - [17/08/2021 15:02:50]
AdwCleaner[S02].txt - [1735 octets] - [17/08/2021 15:03:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021
Ran by 005615 (administrator) on PDLLN-4B5VW33 (Dell Inc. Latitude 3190 2-in-1) (17-08-2021 15:09:02)
Running from C:\Users\005615\Downloads
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
Platform: Windows 10 Education Version 2004 19041.1165 (X64) Language: Dutch (Netherlands) -> English (United Kingdom)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Time Boss\time_boss_s.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <17>
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Discord Inc. -> Discord Inc.) C:\Users\005615\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
(FabulaTech, LLP -> VMware) C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_3bd4cd1d0a01f3b6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_08f11cc9a4c9585a\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_90af7db2c816ac7b\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_90af7db2c816ac7b\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\005615\Downloads\adwcleaner_8.3.0.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\005615\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NiceKit) [File not signed] C:\Program Files (x86)\Time Boss\time_boss.exe
(NiceKit) [File not signed] C:\Program Files (x86)\Time Boss\time_boss_v.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_9e45e2d5613ef7ef\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_9e45e2d5613ef7ef\WavesSysSvc64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1684216 2020-05-13] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1084704 2020-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_9e45e2d5613ef7ef\WavesSvc64.exe [1237920 2019-08-28] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [2748696 2021-08-11] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8089888 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-08-10] (Intel Corporation -> Intel)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [com.squirrel.Teams.Teams] => C:\Users\005615\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-05-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [Discord] => C:\Users\005615\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [Spotify] => C:\Users\005615\AppData\Roaming\Spotify\Spotify.exe [24364680 2021-08-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [5970632 2021-06-25] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408888 2021-01-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Run: [com.squirrel.Myki] => C:\Users\005615\AppData\Local\myki\app-1.4.5\MYKI.exe [71029824 2021-08-17] (MYKI SAL -> MYKI Inc.)
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\system: [DisableClock] 1
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [NoRun] 1
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [DisableCMD] 1
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [NoFind] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWB] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWC] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWD] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWE] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWF] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWG] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWH] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWI] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWJ] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWK] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWL] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWM] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWN] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWO] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWP] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWQ] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWR] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWS] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWT] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWU] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWV] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWW] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWX] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWY] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\...\Policies\Explorer: [LWZ] 0
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [224768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MX450 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBN.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX450 series: C:\Windows\system32\CNCALBN.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX450 series: C:\Windows\system32\CNMLMBN.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\92.1.28.105\Installer\chrmstp.exe [2021-08-13] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-08-17] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-11-15]
ShortcutTarget: Twitch.lnk -> C:\Users\005615\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E5475C-79D4-44D5-9B6C-DA1FBD5D5D6E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {07C78E7F-5690-4CCF-9B16-2949D12B046C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D1656B8-37BD-4B83-B691-96A32F2332FE} - System32\Tasks\Microsoft\Intune\Intune Management Extension Health Evaluation => C:\Program Files (x86)\Microsoft Intune Management Extension\ClientHealthEval.exe [50040 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CBB8A3B-7E97-455D-AE94-2B5B610E6CCB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-01] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1D4008EB-CA5F-4BBF-9A68-22BCE9D80755} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1405858445-2433674594-1016498779-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1D516BD6-AD46-40C7-AB9C-A032F68EEE3A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {22EE070E-9911-41D8-9FE9-AC89C7E88718} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2CFD2AB0-9259-41AA-97D7-1A67BABD33B4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2DB18523-4A32-4DDC-AB81-BE785BB49C27} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [435712 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2DB90009-339A-409D-819C-368E3FF5FDD3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2FEA4F75-5938-475A-A9D4-D3AFD87648EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {37D084FF-6085-4923-B11B-B97601BC16C8} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [6098200 2021-08-10] (Avast Software s.r.o. -> Avast Software)
Task: {3E373743-A216-4C85-8388-D3451751F14C} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {402B08ED-044A-44C4-AC9B-22C0D9E8EE01} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {40644ABD-373E-4BC1-A651-6A0DC06D768E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [435712 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {40C8A81F-40F5-4CB3-899F-D0082BCBF000} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {42515F22-0ED9-4E3E-A50E-C34DBB317C32} - System32\Tasks\S-1-5-21-1405858445-2433674594-1016498779-1001\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Login Schedule created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {56D5AF7F-353E-414C-8EF2-AA2BCFE5BEEF} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {5B865B54-652A-44D0-B895-8C03AD49FEB7} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4755224 2021-08-11] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log"  --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 2235cf2c-51a8-4ac6-bedd-7d0d25de2606
Task: {68F0C967-0DDB-42DE-9C0F-22BB294CB270} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {6BF3CDDE-FEA4-4174-B198-21D63053DA64} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
Task: {75EE260B-A880-47F8-8470-ED674251072C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A40121B-5124-4FBC-A980-825D20113F7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {86F1370C-3451-40D5-BD5E-5E5D121435EF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {998EF6DC-2960-483B-B1A5-5C9BAFA5D8FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9AC849EE-2904-4DFB-86D4-F78D62597D1C} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-01] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B423EC2B-9CC2-4CE7-8E5B-6C50C76F5F15} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {BB804A4D-D76F-4149-A6DC-B5A44CF3D625} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {BFB68174-B456-4678-A1D5-7CFD7DC23DCB} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4083792 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9F8F49B-2CB6-4B13-9D7E-2B062A72FE31} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D36FA784-E783-4947-8898-B28F1CDF21F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6A5FB6C-3E6C-4A39-B282-16A0A8FA7BF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D76C2E3C-E476-4C40-B681-7201D9930540} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE7BA749-49C0-4878-BFFD-417076241EF1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1405858445-2433674594-1016498779-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {DEF3A779-3BDE-447C-8642-F96B101D786D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-22] (Google LLC -> Google LLC)
Task: {E6A5B111-65E7-45C7-B470-401118790644} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\722D7A43-681C-43C0-BD2D-8D1D5B9CCA42\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [470016 2021-08-16] (Microsoft Windows -> Microsoft Corporation)
Task: {E82CB1BB-4EDD-4F4B-BB5F-CCA93DAD563A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6A1CB66-76C1-48C2-B27E-7F3860A1B04A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-22] (Google LLC -> Google LLC)
Task: {FA872EE7-082B-42E3-B475-15B84D11A776} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-12-1-2385713554-1329925412-1192992689-3785234526] => 91.93.118.3:8090
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{11f91b7a-ebbc-4785-8e65-90d31851e352}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cfb9033f-3936-4dc9-a9c1-c92967de2c21}: [DhcpNameServer] 192.168.50.1
HKU\S-1-12-1-2385713554-1329925412-1192992689-3785234526\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\005615\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-14]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\005615\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-16]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ynzldh0o.default
FF ProfilePath: C:\Users\005615\AppData\Roaming\Mozilla\Firefox\Profiles\ynzldh0o.default [2020-09-08]
FF ProfilePath: C:\Users\005615\AppData\Roaming\Mozilla\Firefox\Profiles\1zmlozxe.default-release [2021-08-05]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\005615\AppData\Roaming\Mozilla\Firefox\Profiles\1zmlozxe.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-07-16]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\005615\AppData\Roaming\Mozilla\Firefox\Profiles\1zmlozxe.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-06-17]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-08-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-08-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-08-17]
CHR Extension: (Presentaties) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-01]
CHR Extension: (Documenten) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-01]
CHR Extension: (Google Drive) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-01]
CHR Extension: (Tampermonkey) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-05-20]
CHR Extension: (Spreadsheets) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-01]
CHR Extension: (Offline Documenten) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-17]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\005615\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR Profile: C:\Users\005615\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-08-17]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Google Translate) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
BRA Extension: (MYKI Password Manager & Authenticator) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bmikpgodpkclnkgmnpphehdgcimmided [2021-08-17]
BRA Extension: (Tampermonkey) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-05-27]
BRA Extension: (Timer) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2020-12-27]
BRA Extension: (Picture-in-Picture for Chrome) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ekoomohieogfomodjdjjfdammloodeih [2021-07-16]
BRA Extension: (Boxel Rebound) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\iginnfkhmmfhlkagcmpgofnjhanpmklb [2021-08-04]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-11]
BRA Extension: (Twitch Live) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\imcjibojeokeogfofjgaajlobobagbeg [2021-03-08]
BRA Extension: (Twitch Fullscreen Plus) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jbbmdehmiclndmeedcocofcjlpgjnmea [2021-05-25]
BRA Extension: (Boxel 3D) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mjjgmlmpeaikcaajghilhnioimmaibon [2021-06-11]
BRA Extension: (Hotkeys) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mmbiohbmijkiimgcgijfomelgpmdiigb [2021-05-05]
BRA Extension: (Screencastify - Screen Video Recorder) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-08-13]
BRA Extension: (Kahoot Flooder) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nebfgdmbcckgdicofllbbkibfihmcddl [2021-04-14]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-08-10]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-08-17]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2021-08-07]
BRA Extension: (Brave Ad Block Updater (EasyList Dutch)) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\fbmjnabmpmfnfknjmbegjmjigmelggmf [2021-08-17]
BRA Extension: (Brave NTP sponsored images) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\hgokbmpjajigbckbjhklcifehhbkepnf [2021-08-11]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-06-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-08-17]
BRA Extension: (Brave Ads Resources) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\neglbnegiidighiifljiphcldmgibifn [2021-06-22]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-08-11]
BRA Extension: (Brave Ads Resources) - C:\Users\005615\AppData\Local\BraveSoftware\Brave-Browser\User Data\opoleacilplnkhobipjcihpdoklpnjkk [2021-05-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"TimeBossSrv" => service was unlocked. <==== ATTENTION

S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [11482488 2020-09-13] (Constantin Schreiber -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-01] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-12-01] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [15024408 2021-08-11] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [442840 2020-03-10] (VMware, Inc. -> VMware, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5026104 2021-01-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [36792 2021-08-10] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [176568 2021-08-10] (Intel Corporation -> Intel)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [280176 2020-02-25] (FabulaTech, LLP -> )
R2 ftscanmgrhv; C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe [4369520 2020-02-27] (FabulaTech, LLP -> )
R2 IntuneManagementExtension; C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe [187744 2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-16] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-06-03] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-23] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-23] (ProtonVPN AG -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TimeBossSrv; C:\Program Files (x86)\Time Boss\time_boss_s.exe [248832 2021-07-21] () [File not signed]
R2 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [459888 2020-02-20] (FabulaTech, LLP -> VMware)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OverwolfUpdater; "C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2020-09-13] (OOO AMEKS -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-01-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2021-01-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-16] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49008 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2021-08-15] (Windscribe Limited -> The OpenVPN Project)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2020-12-16] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
S3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2021-08-15] (Windscribe Limited -> WireGuard LLC)
S3 VBAudioVACMME; \SystemRoot\System32\drivers\vbaudio_cable64_win7.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-17 15:09 - 2021-08-17 15:10 - 000041985 _____ C:\Users\005615\Downloads\FRST.txt
2021-08-17 15:07 - 2021-08-17 15:09 - 000000000 ____D C:\FRST
2021-08-17 15:07 - 2021-08-17 15:07 - 002300416 _____ (Farbar) C:\Users\005615\Downloads\FRST64.exe
2021-08-17 15:02 - 2021-08-17 15:02 - 008553680 _____ (Malwarebytes) C:\Users\005615\Downloads\adwcleaner_8.3.0.exe
2021-08-17 15:00 - 2021-08-17 15:01 - 000001614 _____ C:\Users\005615\Downloads\malwarebytes_log.txt
2021-08-17 14:52 - 2021-08-17 15:03 - 000000000 ____D C:\Users\005615\AppData\Roaming\Bitwarden
2021-08-17 14:52 - 2021-08-17 14:52 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitwarden.lnk
2021-08-17 14:52 - 2021-08-17 14:52 - 000001944 _____ C:\Users\Public\Desktop\Bitwarden.lnk
2021-08-17 14:52 - 2021-08-17 14:52 - 000000000 ____D C:\Users\005615\AppData\Local\bitwarden-updater
2021-08-17 14:48 - 2021-08-17 14:52 - 000000000 ____D C:\Program Files\Bitwarden
2021-08-17 14:48 - 2021-08-17 14:48 - 000710984 _____ (Bitwarden Inc.) C:\Users\005615\Downloads\Bitwarden-Installer-1.27.1.exe
2021-08-17 09:05 - 2021-08-17 09:05 - 000000000 ____D C:\Users\005615\AppData\Roaming\Telegram Desktop
2021-08-17 09:05 - 2021-08-17 09:05 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2021-08-17 09:04 - 2021-08-17 09:04 - 033091360 _____ (Telegram FZ-LLC ) C:\Users\005615\Downloads\tsetup-x64.2.9.2.exe
2021-08-17 08:32 - 2021-08-17 15:06 - 000000000 ____D C:\Users\005615\AppData\Roaming\MYKI
2021-08-17 08:32 - 2021-08-17 08:32 - 000001394 _____ C:\Users\005615\Desktop\MYKI.lnk
2021-08-17 08:32 - 2021-08-17 08:32 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MYKI Inc
2021-08-17 08:32 - 2021-08-17 08:32 - 000000000 ____D C:\Users\005615\AppData\Local\myki
2021-08-17 08:28 - 2021-08-17 08:29 - 000000000 ____D C:\Windows\system32\appmgmt
2021-08-16 18:16 - 2021-08-16 18:17 - 000000000 ____D C:\AdwCleaner
2021-08-16 17:05 - 2021-08-17 14:58 - 000000000 ____D C:\Users\005615\AppData\LocalLow\IGDump
2021-08-16 16:54 - 2021-08-16 16:54 - 000000876 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
2021-08-16 15:08 - 2021-08-16 15:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-08-16 15:08 - 2021-08-16 15:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-08-16 15:08 - 2021-08-16 15:08 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-08-16 15:08 - 2021-08-16 15:08 - 000011347 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-08-16 15:07 - 2021-08-16 15:07 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-08-16 15:07 - 2021-08-16 15:07 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-08-16 15:07 - 2021-08-16 15:07 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-08-16 15:00 - 2021-08-16 15:04 - 000000000 ____D C:\Users\005615\AppData\Roaming\unfx-proxy-checker
2021-08-16 15:00 - 2021-08-16 15:00 - 000000000 ____D C:\Users\005615\AppData\Local\unfx-proxy-checker-updater
2021-08-16 14:53 - 2021-08-16 14:53 - 000000000 ___HD C:\$WinREAgent
2021-08-15 09:50 - 2021-08-16 16:32 - 000000084 _____ C:\Users\005615\.kicl_sts.properties
2021-08-15 09:43 - 2021-08-15 09:43 - 000057768 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2021-08-15 09:43 - 2021-08-15 09:43 - 000047544 _____ (WireGuard LLC) C:\Windows\system32\Drivers\windtun420.sys
2021-08-15 09:43 - 2021-08-15 09:43 - 000000000 ____D C:\Users\005615\AppData\Local\Windscribe
2021-08-14 20:09 - 2021-08-14 20:09 - 000001425 _____ C:\Windows\system32\default_error_stack-000005-000000.txt
2021-08-14 15:13 - 2021-08-14 15:13 - 000000000 ____D C:\Users\005615\AppData\Roaming\java
2021-08-14 15:11 - 2021-08-14 15:11 - 000164696 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2021-08-14 15:11 - 2021-08-14 15:11 - 000000000 ____D C:\Program Files (x86)\Java
2021-08-13 11:24 - 2021-08-13 11:24 - 000000000 ____D C:\Users\005615\AppData\LocalLow\Ladia Group
2021-08-13 11:22 - 2021-08-13 11:22 - 000001314 _____ C:\Users\005615\Desktop\Ancient Rome 2.lnk
2021-08-13 11:22 - 2021-08-13 11:22 - 000001297 _____ C:\Users\005615\Desktop\Free Farm Games.lnk
2021-08-13 11:22 - 2021-08-13 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2021-08-13 11:22 - 2021-08-13 11:22 - 000000000 ____D C:\ProgramData\Gametop
2021-08-13 11:22 - 2021-08-13 11:22 - 000000000 ____D C:\Program Files (x86)\GameTop.com
2021-08-12 18:16 - 2021-08-12 18:16 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2021-08-12 18:16 - 2021-07-23 11:36 - 000041816 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2021-08-12 18:13 - 2021-08-12 18:13 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2021-08-10 08:35 - 2021-08-10 08:35 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-08-10 08:35 - 2021-08-10 08:35 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-08-10 08:35 - 2021-08-10 08:35 - 000000000 ____D C:\Program Files\Google
2021-08-08 20:39 - 2021-08-08 20:39 - 000001426 _____ C:\Windows\system32\default_error_stack-000004-000000.txt
2021-08-07 20:00 - 2021-08-07 20:00 - 000001424 _____ C:\Windows\system32\default_error_stack-000003-000000.txt
2021-08-07 09:37 - 2021-08-07 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-08-06 20:15 - 2021-08-06 20:15 - 000001425 _____ C:\Windows\system32\default_error_stack-000002-000000.txt
2021-08-05 22:33 - 2021-08-05 22:33 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-08-05 22:33 - 2021-08-05 22:33 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-08-05 22:33 - 2021-08-05 22:33 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-08-05 22:33 - 2021-08-05 22:33 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2021-08-05 11:14 - 2021-08-05 16:48 - 000000000 __SHD C:\Program Files (x86)\Time Boss
2021-08-05 11:14 - 2021-08-05 11:14 - 000001036 _____ C:\Users\005615\Desktop\Time Boss.lnk
2021-08-05 11:14 - 2021-08-05 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Boss
2021-08-04 15:47 - 2021-08-05 21:25 - 000000000 ____D C:\Users\005615\AppData\Roaming\REAPER
2021-08-04 15:47 - 2021-08-04 15:47 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-08-02 10:47 - 2021-08-05 18:52 - 000001450 _____ C:\Users\005615\Desktop\Roblox Player.lnk
2021-08-02 10:47 - 2021-08-05 18:52 - 000001273 _____ C:\Users\005615\Desktop\Roblox Studio.lnk
2021-08-02 10:47 - 2021-08-02 10:47 - 000000000 ____D C:\Users\005615\AppData\Local\Roblox
2021-08-01 17:59 - 2021-08-01 17:59 - 000000000 ____D C:\Users\005615\AppData\Local\install
2021-08-01 17:53 - 2021-08-01 17:53 - 000000000 ____D C:\Users\005615\AppData\LocalLow\Unity
2021-08-01 17:51 - 2021-08-01 17:51 - 000000000 ____D C:\VRChat
2021-08-01 17:51 - 2021-08-01 17:51 - 000000000 ____D C:\Users\005615\AppData\LocalLow\VRChat
2021-08-01 09:29 - 2021-08-01 09:35 - 000001681 _____ C:\Users\Public\Desktop\League of Legends.lnk
2021-08-01 08:28 - 2021-08-01 08:28 - 000000000 ____D C:\Users\005615\AppData\LocalLow\Dinosaur Polo Club
2021-07-31 19:11 - 2021-07-31 19:11 - 000000000 ____D C:\Users\005615\AppData\Local\VALORANT
2021-07-31 19:09 - 2021-08-16 17:24 - 000534632 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-31 19:08 - 2021-07-31 19:30 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2021-07-31 18:40 - 2021-08-01 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-07-31 18:40 - 2021-07-31 19:30 - 000000000 ____D C:\Riot Games
2021-07-31 16:54 - 2021-07-31 16:54 - 000001459 _____ C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk
2021-07-31 16:47 - 2021-08-17 08:30 - 000000000 ____D C:\Users\005615\AppData\Roaming\JAM Software
2021-07-31 16:25 - 2021-07-31 16:25 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Cleanup Premium.lnk
2021-07-31 16:25 - 2021-07-31 16:25 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-31 16:25 - 2021-07-31 16:25 - 000000000 ____D C:\Windows\system32\gf2engine
2021-07-31 16:25 - 2021-07-31 16:25 - 000000000 ____D C:\Users\005615\AppData\Roaming\Avast Software
2021-07-31 16:25 - 2021-07-26 14:12 - 000036120 _____ (Avast Software) C:\Windows\system32\icarus_rvrt.exe
2021-07-31 16:24 - 2021-08-17 15:04 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-31 16:24 - 2021-07-31 16:24 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-07-31 16:24 - 2021-07-31 16:24 - 000000000 ____D C:\Program Files\Avast Software
2021-07-31 11:22 - 2021-07-31 11:22 - 000000000 ____D C:\Users\005615\AppData\Local\Wasntafairfight
2021-07-31 11:22 - 2021-07-31 11:22 - 000000000 ____D C:\Users\005615\AppData\Local\Resanance
2021-07-30 16:43 - 2021-07-30 16:43 - 000000000 ____D C:\Users\005615\AppData\Local\gtk-2.0
2021-07-30 16:32 - 2021-07-30 16:32 - 000001544 _____ C:\Users\005615\AppData\Local\recently-used.xbel
2021-07-30 16:22 - 2021-07-31 16:25 - 000000000 ____D C:\Users\005615\AppData\Local\babl-0.1
2021-07-30 16:22 - 2021-07-30 16:22 - 000000000 ____D C:\Users\005615\AppData\Roaming\GIMP
2021-07-30 16:22 - 2021-07-30 16:22 - 000000000 ____D C:\Users\005615\AppData\Local\GIMP
2021-07-30 16:22 - 2021-07-30 16:22 - 000000000 ____D C:\Users\005615\AppData\Local\gegl-0.4
2021-07-30 16:21 - 2021-07-30 16:21 - 000001324 _____ C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.24.lnk
2021-07-22 17:48 - 2021-07-22 17:48 - 000000000 ____D C:\Users\005615\AppData\Roaming\altening
2021-07-21 16:49 - 2021-07-21 17:37 - 000000000 ____D C:\Users\005615\AppData\Roaming\npm-cache
2021-07-21 16:49 - 2021-07-21 16:49 - 000000000 ____D C:\Users\005615\.config
2021-07-21 16:36 - 2021-07-21 16:36 - 000000000 ____D C:\Users\005615\AppData\Roaming\npm
2021-07-21 16:36 - 2021-07-21 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-07-21 16:36 - 2021-07-21 16:36 - 000000000 ____D C:\Program Files\nodejs
2021-07-21 09:56 - 2021-07-21 10:02 - 000000000 ____D C:\Users\005615\intentlauncher
2021-07-20 11:35 - 2021-07-20 11:35 - 000000000 ____D C:\Users\005615\AppData\Roaming\.LiquidLauncher
2021-07-20 11:34 - 2021-08-17 08:25 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCBlueX
2021-07-20 11:34 - 2021-08-17 08:25 - 000000000 ____D C:\Users\005615\AppData\Local\electron_liquidlauncher
2021-07-20 11:34 - 2021-07-20 11:35 - 000000000 ____D C:\Users\005615\AppData\Roaming\LiquidLauncher
2021-07-19 09:15 - 2021-07-19 09:15 - 000000000 ____D C:\Users\005615\.cache
2021-07-19 09:13 - 2021-07-19 09:13 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2021-07-19 09:11 - 2021-07-19 09:11 - 000000000 ____D C:\Users\005615\eclipse
2021-07-19 09:10 - 2021-07-21 09:25 - 000000000 ____D C:\Users\005615\.p2
2021-07-19 09:10 - 2021-07-19 09:15 - 000000000 ____D C:\Users\005615\.eclipse
2021-07-18 18:08 - 2021-07-18 18:08 - 000001103 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2021-07-18 18:08 - 2021-07-18 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2021-07-18 11:41 - 2021-07-18 11:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-18 11:41 - 2021-07-18 11:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-18 11:41 - 2021-07-18 11:41 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-18 11:41 - 2021-07-18 11:41 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-17 15:10 - 2020-09-12 20:29 - 000000000 ____D C:\Users\005615\AppData\Roaming\discord
2021-08-17 15:09 - 2020-06-22 11:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-17 15:08 - 2020-06-18 15:56 - 001771832 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-17 15:08 - 2019-12-07 17:14 - 000788796 _____ C:\Windows\system32\perfh013.dat
2021-08-17 15:08 - 2019-12-07 17:14 - 000154872 _____ C:\Windows\system32\perfc013.dat
2021-08-17 15:08 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-08-17 15:06 - 2020-12-05 21:51 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-17 15:06 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration
2021-08-17 15:05 - 2021-02-05 12:39 - 000000000 ____D C:\Users\005615\AppData\Local\Discord
2021-08-17 15:05 - 2020-09-28 10:20 - 000000000 ___RD C:\Users\005615\OneDrive - Pallas Athene College
2021-08-17 15:04 - 2020-09-08 05:31 - 000000000 __SHD C:\Users\005615\IntelGraphicsProfiles
2021-08-17 15:04 - 2020-06-30 11:20 - 000000000 ____D C:\Intel
2021-08-17 15:04 - 2020-06-18 15:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-17 15:04 - 2020-06-18 15:04 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-17 15:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-08-17 15:04 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-17 15:04 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-17 15:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-08-17 14:45 - 2020-06-18 15:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-08-17 09:22 - 2021-06-07 21:00 - 000000000 ____D C:\Users\005615\AppData\Local\Deployment
2021-08-17 09:08 - 2020-06-22 11:13 - 000000000 ____D C:\Program Files\7-Zip
2021-08-17 09:07 - 2020-09-12 17:06 - 000000000 ____D C:\Users\005615\AppData\Local\Adobe
2021-08-17 09:07 - 2020-06-22 11:15 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-08-17 08:32 - 2020-09-08 05:32 - 000000000 ____D C:\Users\005615\AppData\Local\SquirrelTemp
2021-08-17 08:30 - 2021-07-06 19:30 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2021-08-17 08:30 - 2021-07-06 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2021-08-17 08:30 - 2021-07-06 19:30 - 000000000 ____D C:\Program Files\VB
2021-08-17 08:30 - 2020-12-05 21:56 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-17 08:29 - 2021-01-08 16:03 - 000000000 ____D C:\Users\005615\AppData\Roaming\Sidify Music Converter
2021-08-17 08:29 - 2021-01-08 16:03 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidify
2021-08-17 08:29 - 2021-01-08 16:03 - 000000000 ____D C:\Program Files (x86)\Sidify
2021-08-17 08:28 - 2021-07-11 17:52 - 000000000 ____D C:\Users\005615\AppData\Local\Jagex
2021-08-17 08:28 - 2021-07-11 17:52 - 000000000 ____D C:\ProgramData\Jagex
2021-08-17 08:28 - 2020-06-22 13:04 - 000000000 ____D C:\Program Files (x86)\SafeExamBrowser
2021-08-17 08:27 - 2021-02-23 21:49 - 000000000 ____D C:\Program Files\obs-studio
2021-08-17 08:25 - 2021-07-10 18:47 - 000000000 ____D C:\Users\005615\AppData\Local\Growtopia
2021-08-17 08:24 - 2020-06-22 11:27 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-16 18:21 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2021-08-16 18:21 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Macromed
2021-08-16 18:17 - 2020-06-30 11:18 - 000000000 ____D C:\Program Files (x86)\Dell
2021-08-16 17:23 - 2019-12-07 17:17 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-08-16 17:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-08-16 17:23 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-08-16 17:10 - 2021-07-14 10:24 - 000000000 ____D C:\Users\005615\AppData\Roaming\Code
2021-08-16 17:10 - 2020-09-13 09:15 - 000000000 ____D C:\Users\005615\AppData\Roaming\lunarclient
2021-08-16 17:10 - 2020-09-12 16:16 - 000000000 ____D C:\Users\005615\AppData\Roaming\.minecraft
2021-08-16 16:58 - 2021-05-03 10:10 - 000000000 ____D C:\Users\005615\AppData\Local\CrashDumps
2021-08-16 15:13 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-08-16 14:55 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-16 09:46 - 2020-09-08 05:34 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-16 09:46 - 2020-09-08 05:34 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-15 09:50 - 2020-09-08 05:31 - 000000000 ____D C:\Users\005615
2021-08-15 09:44 - 2020-06-19 15:27 - 000000000 ____D C:\Program Files\Microsoft Office
2021-08-15 09:40 - 2021-06-12 16:21 - 000001022 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-15 09:40 - 2021-06-12 16:21 - 000001018 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-14 17:11 - 2020-06-18 19:32 - 000000000 ____D C:\Windows\system32\MRT
2021-08-14 16:50 - 2020-06-18 19:31 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-08-14 15:13 - 2021-06-07 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-08-14 15:13 - 2020-06-22 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-08-13 19:41 - 2020-09-08 05:35 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-13 08:36 - 2020-12-01 18:20 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-08-12 19:58 - 2021-07-14 10:24 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2021-08-12 19:22 - 2021-01-14 12:28 - 000003834 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2021-08-12 18:16 - 2021-01-13 14:13 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2021-08-12 18:16 - 2021-01-13 14:13 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2021-08-12 18:16 - 2020-06-19 13:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-12 18:13 - 2021-07-11 17:15 - 000000000 ____D C:\Program Files (x86)\Intel
2021-08-12 16:02 - 2021-06-12 16:21 - 000004082 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2021-08-12 16:02 - 2021-06-12 16:21 - 000003850 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2021-08-11 16:56 - 2020-12-18 12:09 - 000000000 ____D C:\Users\005615\AppData\Local\GeometryDash
2021-08-11 09:49 - 2020-09-26 16:39 - 000000000 ____D C:\Users\005615\AppData\Roaming\obs-studio
2021-08-11 09:35 - 2021-07-06 19:55 - 000006109 _____ C:\Users\005615\AppData\Roaming\VoiceMeeterDefault.xml
2021-08-11 09:06 - 2020-10-13 18:13 - 000000000 ____D C:\Users\005615\AppData\Roaming\vlc
2021-08-11 09:01 - 2021-06-26 21:01 - 000000015 _____ C:\Users\005615\AppData\Roaming\obs-virtualcam.txt
2021-08-10 19:48 - 2020-11-15 16:47 - 000000000 ____D C:\Users\005615\AppData\Roaming\Twitch
2021-08-10 16:48 - 2020-09-08 05:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Intune Management Extension
2021-08-10 16:48 - 2020-09-08 05:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Intune Management Extension
2021-08-10 16:44 - 2020-12-10 18:52 - 000000000 ____D C:\Users\005615\AppData\Local\Spotify
2021-08-10 16:44 - 2020-12-10 18:51 - 000000000 ____D C:\Users\005615\AppData\Roaming\Spotify
2021-08-07 16:05 - 2020-11-07 17:38 - 000000000 ____D C:\ProgramData\Riot Games
2021-08-07 09:37 - 2021-06-12 16:21 - 000000000 ____D C:\Users\005615\AppData\Local\Dropbox
2021-08-07 09:37 - 2021-06-12 16:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-08-06 18:27 - 2020-09-08 05:32 - 000000000 ____D C:\Users\005615\AppData\Local\PlaceholderTileLogoFolder
2021-08-05 20:32 - 2021-06-02 11:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-05 18:52 - 2020-12-11 18:35 - 000000000 ____D C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-08-05 16:04 - 2020-06-22 11:25 - 000003578 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-05 16:04 - 2020-06-22 11:25 - 000003454 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-05 11:13 - 2020-09-08 10:42 - 000000000 ____D C:\Users\005615\AppData\LocalLow\Mozilla
2021-08-05 11:13 - 2020-06-22 11:41 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-04 08:40 - 2020-06-18 15:09 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-08-04 08:39 - 2020-09-08 05:32 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-2385713554-1329925412-1192992689-3785234526
2021-08-04 08:39 - 2020-09-08 05:32 - 000002400 _____ C:\Users\005615\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-02 10:47 - 2020-12-11 18:35 - 000000252 _____ C:\Users\005615\AppData\LocalLow\rbxcsettings.rbx
2021-08-02 10:40 - 2020-09-12 16:17 - 000000000 ____D C:\Users\005615\AppData\Local\D3DSCache
2021-07-31 19:34 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-31 19:11 - 2021-01-13 12:04 - 000000000 ____D C:\Users\005615\AppData\Local\UnrealEngine
2021-07-31 19:11 - 2020-11-07 17:38 - 000000000 ____D C:\Users\005615\AppData\Local\Riot Games
2021-07-31 16:28 - 2021-02-18 15:47 - 000000000 ____D C:\Users\005615\AppData\Roaming\WhatsApp
2021-07-31 16:28 - 2021-02-15 11:24 - 000000000 ____D C:\Users\005615\AppData\Roaming\Mumble
2021-07-31 16:28 - 2020-06-18 16:01 - 000000000 ____D C:\Windows\Panther
2021-07-31 09:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-30 15:57 - 2020-09-14 10:36 - 000000000 ____D C:\Users\005615\AppData\Local\paint.net
2021-07-20 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-20 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-19 10:42 - 2020-06-22 12:23 - 000000000 ____D C:\Program Files\Java
2021-07-18 18:08 - 2020-09-12 16:16 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher

==================== Files in the root of some directories ========

2021-06-26 21:01 - 2021-08-11 09:01 - 000000015 _____ () C:\Users\005615\AppData\Roaming\obs-virtualcam.txt
2021-07-06 19:55 - 2021-08-11 09:35 - 000006109 _____ () C:\Users\005615\AppData\Roaming\VoiceMeeterDefault.xml
2021-07-30 16:32 - 2021-07-30 16:32 - 000001544 _____ () C:\Users\005615\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

malwarebytes_log.txt Addition.txt

Link to post
Share on other sites

Hiya dycat,

The FRST log indicates your a running from a temporary profile, are you aware of that. Can you restart your PC and make sure you are logged in correctly to admin account...

Quote

Loaded Profiles: False <==== ATTENTION (Temporary Profile?)

From the correct account run FRST again please...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image
 
Thank you,
 
Kevin...
Edited by kevinf80
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.