Jump to content

News-back.org infection removal help please


Recommended Posts

I am running MWB premium on W10 and it does not detect an infection of

www1.News-back.org

which is a malicious site that displays fake error messages to trick you into subscribing to its browser notifications.

The pop messages are incessant and very annoying.

Please can anyone help with advice regarding removal ?

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • Root Admin

Hello @Davemeysner

 

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 
Spoiler

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

Steps 1 and 2 completed successfully. Step 3 - something is blocking my download of Farbar so I cannot complete this step. Firstly Maybe I need to understand now to disable my Antivirus which is preventing the Farbar download … please advise how to resolve this. Thank you.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02
Ran by davem (administrator) on DESKTOP-IUAN9SM (Dell Inc. Vostro 420 Series) (29-09-2021 02:33:33)
Running from C:\Users\davem\Dropbox\My PC (DESKTOP-IUAN9SM)\Downloads
Loaded Profiles: davem
Platform: Windows 10 Pro Version 2004 19041.1237 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> ) C:\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <31>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [OfficeSuite] => C:\Program Files\MobiSystems\OfficeSuite\MobiSystemsUpdate.exe [336616 2021-09-15] (MobiSystems, Inc. -> MobiSystems Inc.)
HKLM\...\Run: [MobiDrive] => C:\Program Files\MobiSystems\MobiDrive\MobiDriveUpdate.exe [343272 2021-08-26] (MobiSystems, Inc. -> MobiSystems Inc.)
HKLM\...\Run: [PDFExtra] => C:\Program Files\MobiSystems\PDFExtra\PdfEditorUpdate.exe [347880 2021-09-15] (MobiSystems, Inc. -> MobiSystems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-25] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-09-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354984 2021-03-24] (Malwarebytes Inc -> Malwarebytes)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [1700928 2021-01-21] (Sony Nordic (Sweden), Filial till Sony Europe B.V.(NL) -> Sony)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [MicrosoftEdgeAutoLaunch_72537CB43253ADC37F4BB7D1EA8B02DA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [MobiDrive] => C:\Program Files\MobiSystems\MobiDrive\MobiDrive.exe [1943272 2021-08-26] (MobiSystems, Inc. -> MobiSystems Inc.)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\MountPoints2: {cd713e25-d43c-11eb-8bbd-00219b155bf6} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Windows x64\Print Processors\Canon MX340 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA5.DLL [28672 2010-05-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX340 series: C:\Windows\system32\CNMLMA5.DLL [344064 2010-05-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MX340 series: C:\Windows\system32\CNCF2Lk.DLL [343552 2009-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\...\Print\Monitors\PDFsam Enhanced 7 Monitor: C:\Windows\system32\spool\DRIVERS\x64\pdfsam enhanced_pdfpmon_v.6.11.0.7.dll [960120 2021-04-08] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.61\Installer\chrmstp.exe [2021-09-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-09-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2020-07-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26BC7108-FC6B-414B-93AE-5BA7931E36C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-06] (Google LLC -> Google LLC)
Task: {2ADA37E6-DCD1-4F04-96EA-BDB8F5C5C7F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {441DFCEF-054E-4E6B-8A21-29D9B384591D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {5A207594-2163-4FD6-87B8-7A094C52FF51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8D0D51EE-5FC9-4E99-80C5-77BDBB1F4F58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-06] (Google LLC -> Google LLC)
Task: {B884AF09-739D-43B6-A151-00CF384423FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC0B6A47-7CAF-418E-ADD3-DDD1B919F0F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DE5732E3-5BEB-4381-B5B3-E854C9541137} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8CD1AD2-5FD7-47AB-B153-70A0A4AEFE89} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {F2D2A45E-1C6A-4D91-ADEA-97E1BBDDBDF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fac5e3e8-9a0e-4663-a97c-7f050321d501}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-29]
Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://www.aliexpress.com; hxxps://www.youtube.com; hxxps://www1.news-back.org
Edge Extension: (Honey) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-09-03]
Edge Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2021-08-16]
Edge Extension: (Google Docs Offline) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
Edge Extension: (True Key™ by McAfee) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2021-05-20]
Edge Extension: (Amazon Assistant) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2021-07-28]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: xufz9hnt.default
FF ProfilePath: C:\Users\davem\AppData\Roaming\Mozilla\Firefox\Profiles\xufz9hnt.default [2021-03-30]
FF ProfilePath: C:\Users\davem\AppData\Roaming\Mozilla\Firefox\Profiles\fbw6ztim.default-release [2021-09-28]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google Inc -> Google, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default [2021-09-28]
CHR Notifications: Default -> hxxps://drive.google.com
CHR HomePage: Default -> hxxp://uk.msn.com/?ocid=OIE8HP&PC=B8DF
CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb?ocid=OIE8HP&PC=B8DF","hxxps://www.google.com/","hxxps://www.google.co.uk/?gfe_rd=cr&ei=QY1pVunmOcfHcKjcgdgP&gws_rd=ssl","hxxp://www.nectar.com/?source=toolbar"
CHR Extension: (Slides) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-06]
CHR Extension: (Save to Google Photos™) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoanickgmocpddnppajakfcafbkncdab [2020-07-06]
CHR Extension: (Docs) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-06]
CHR Extension: (Google Drive) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-16]
CHR Extension: (Nectar Notifier) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bilfacghikncbjidkgdenbjimhfkgobo [2021-03-01]
CHR Extension: (YouTube) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-06]
CHR Extension: (Sheets) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-06]
CHR Extension: (Avira Browser Safety) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-13]
CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-03-24]
CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-09-25] (Dropbox, Inc -> Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-09-27] (Malwarebytes Inc -> Malwarebytes)
R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3272496 2021-03-24] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2239304 2021-03-24] (Malwarebytes Inc -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2296\McCHSvc.exe [416752 2021-09-03] (McAfee, LLC -> McAfee, LLC)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S2 PDFsam Enhanced 7; C:\Program Files\PDFsam Enhanced 7\ws.exe [2617416 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S3 PDFsam Enhanced 7 Creator; C:\Program Files\PDFsam Enhanced 7\creator-ws.exe [511560 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S2 PDFsam Enhanced 7 Update Service; C:\Program Files\PDFsam Enhanced 7\updater-ws.exe [1740872 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2575360 2021-01-21] (Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210344 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-09-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-09-29] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41400 2020-05-22] (McAfee, LLC. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [38176 2020-12-13] (WireGuard LLC -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-29 02:33 - 2021-09-29 02:33 - 000000000 ____D C:\FRST
2021-09-29 02:28 - 2021-09-29 02:30 - 000319978 _____ C:\Windows\ntbtlog.txt
2021-09-29 02:28 - 2021-09-29 02:30 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-29 02:20 - 2021-09-29 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-09-28 13:07 - 2021-09-28 13:10 - 000000000 ____D C:\AdwCleaner
2021-09-28 10:53 - 2021-09-29 02:29 - 082051072 _____ C:\Windows\system32\config\SOFTWARE
2021-09-28 10:48 - 2021-09-28 10:53 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-09-28 09:56 - 2021-09-28 09:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-27 11:41 - 2021-09-27 11:41 - 000000000 ____D C:\Users\davem\AppData\Local\mbam
2021-09-27 11:40 - 2021-09-29 02:30 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-09-27 11:40 - 2021-09-29 02:30 - 000210344 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-09-27 11:40 - 2021-09-27 11:40 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-09-27 11:40 - 2021-09-27 11:40 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-09-27 11:40 - 2021-09-27 11:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-27 11:40 - 2021-09-27 11:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2021-09-25 23:01 - 2021-09-25 23:01 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2021-09-24 11:45 - 2021-09-24 11:45 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-09-24 11:45 - 2021-09-24 11:45 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-09-24 11:45 - 2021-09-24 11:45 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-09-24 11:45 - 2021-09-24 11:45 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-09-24 11:45 - 2021-09-09 10:29 - 000389640 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs3525.sys
2021-09-15 13:42 - 2021-09-15 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2021-09-14 22:36 - 2021-09-14 22:36 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-14 22:36 - 2021-09-14 22:36 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-14 22:36 - 2021-09-14 22:36 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-14 22:36 - 2021-09-14 22:36 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-14 22:36 - 2021-09-14 22:36 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-14 22:36 - 2021-09-14 22:36 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-14 22:36 - 2021-09-14 22:36 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-14 22:36 - 2021-09-14 22:36 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-14 22:36 - 2021-09-14 22:36 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-14 22:35 - 2021-09-14 22:35 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-14 22:35 - 2021-09-14 22:35 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-14 22:35 - 2021-09-14 22:35 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-14 22:35 - 2021-09-14 22:35 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-14 22:35 - 2021-09-14 22:35 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-14 22:35 - 2021-09-14 22:35 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-14 22:35 - 2021-09-14 22:35 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-14 22:35 - 2021-09-14 22:35 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-14 22:35 - 2021-09-14 22:35 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-14 22:35 - 2021-09-14 22:35 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-14 22:35 - 2021-09-14 22:35 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-14 22:35 - 2021-09-14 22:35 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-14 22:26 - 2021-09-14 22:26 - 000000000 ___HD C:\$WinREAgent
2021-09-14 10:30 - 2021-09-14 11:24 - 000029184 ___HL C:\Users\davem\OneDrive\Documents\~WRL2412.tmp
2021-09-13 15:11 - 2021-09-13 15:11 - 001234755 ____L C:\Users\davem\OneDrive\Documents\HSBC Ref 1542637556 Meysner Bank Income Pension and PIP.pdf
2021-09-04 16:39 - 2021-09-19 12:16 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Extra Update.lnk
2021-09-04 16:39 - 2021-09-19 12:16 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Extra .lnk
2021-09-04 16:39 - 2021-09-19 12:16 - 000001120 _____ C:\Users\Public\Desktop\PDF Extra .lnk
2021-09-04 16:34 - 2021-09-04 16:34 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiDrive Update.lnk
2021-09-04 16:34 - 2021-09-04 16:34 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiDrive.lnk
2021-09-04 16:34 - 2021-09-04 16:34 - 000001132 _____ C:\Users\Public\Desktop\MobiDrive.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Mail.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Documents.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002082 _____ C:\Users\Public\Desktop\OfficeSuite Documents.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Slides.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Sheets.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002059 _____ C:\Users\Public\Desktop\OfficeSuite Slides.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002059 _____ C:\Users\Public\Desktop\OfficeSuite Sheets.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000002043 _____ C:\Users\Public\Desktop\OfficeSuite Mail.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiSystems Update.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite PDF.lnk
2021-09-04 16:31 - 2021-09-19 12:13 - 000001110 _____ C:\Users\Public\Desktop\OfficeSuite PDF.lnk
2021-09-04 16:31 - 2021-09-04 16:39 - 000000000 ____D C:\Program Files\MobiSystems

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-29 02:32 - 2020-07-05 22:40 - 000000000 ____D C:\Users\davem\AppData\Local\D3DSCache
2021-09-29 02:30 - 2019-12-07 15:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-29 02:29 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-29 02:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-09-29 02:27 - 2019-12-07 15:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-29 02:27 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-29 02:21 - 2020-07-07 11:24 - 000000000 ____D C:\Users\davem\AppData\Local\Dropbox
2021-09-29 02:20 - 2020-07-07 11:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-29 02:19 - 2020-07-06 12:55 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-29 02:18 - 2020-07-06 12:56 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-29 02:18 - 2020-07-06 12:56 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-29 02:17 - 2020-07-18 16:35 - 000000000 ___RD C:\Users\davem\MobiDrive
2021-09-29 02:17 - 2020-06-28 00:19 - 000000000 __RDL C:\Users\davem\OneDrive
2021-09-28 19:54 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-28 19:33 - 2019-12-07 15:48 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-28 11:40 - 2021-08-16 08:29 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-09-28 09:58 - 2020-06-28 00:14 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-28 09:57 - 2021-03-30 10:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-28 09:56 - 2021-08-02 14:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-28 09:56 - 2021-03-30 10:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-28 09:56 - 2021-03-30 10:34 - 000000000 ____D C:\Users\davem\AppData\LocalLow\Mozilla
2021-09-28 09:56 - 2021-03-30 10:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-28 09:53 - 2020-06-28 00:14 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-28 09:42 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-28 09:42 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-27 15:42 - 2020-07-06 12:55 - 000000000 ____D C:\Users\davem\AppData\Local\Google
2021-09-27 12:34 - 2020-06-28 00:11 - 000000000 ____D C:\Users\davem
2021-09-27 11:40 - 2020-12-13 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-27 11:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-27 11:39 - 2020-12-13 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-26 17:23 - 2020-06-28 10:01 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-26 17:23 - 2020-06-28 10:01 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-26 17:21 - 2020-06-28 00:19 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1370645763-2818373483-1388332187-1001
2021-09-26 17:21 - 2020-06-28 00:11 - 000002428 _____ C:\Users\davem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-24 11:45 - 2020-10-13 00:07 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2021-09-24 11:45 - 2020-10-13 00:07 - 000002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2021-09-24 11:45 - 2020-10-13 00:07 - 000002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2021-09-24 11:45 - 2020-10-13 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-09-24 11:45 - 2020-10-13 00:07 - 000000000 ____D C:\Program Files\Google
2021-09-19 16:33 - 2021-08-04 12:57 - 001687268 ____L C:\Users\davem\OneDrive\Documents\LPE1 GFF 8 Kings Road Clevedon BS217HA.pdf
2021-09-17 11:32 - 2020-07-06 12:05 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-17 11:32 - 2020-07-06 12:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-15 13:42 - 2020-07-06 12:36 - 000002018 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2021-09-15 13:42 - 2020-07-06 12:36 - 000000000 ____D C:\Program Files\McAfee Security Scan
2021-09-15 13:42 - 2020-07-06 12:05 - 000000000 ____D C:\ProgramData\McAfee
2021-09-15 00:25 - 2019-12-07 15:48 - 000314080 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-15 00:24 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-15 00:24 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-09-14 22:40 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-14 22:18 - 2020-07-10 10:24 - 000000000 ____D C:\Windows\system32\MRT
2021-09-14 22:15 - 2020-07-10 10:24 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-13 12:13 - 2021-01-24 13:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-10 11:31 - 2019-12-07 15:48 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-04 16:40 - 2020-07-16 00:41 - 000000000 ____D C:\Users\davem\AppData\Roaming\MobiSystems
2021-09-04 16:39 - 2020-07-16 00:43 - 000000000 ____D C:\Users\davem\AppData\Local\Mobisystems
2021-09-04 16:39 - 2020-07-06 12:11 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-03 19:00 - 2020-07-16 21:49 - 000000000 ____D C:\Users\davem\AppData\Local\ElevatedDiagnostics
2021-09-03 18:53 - 2020-06-28 10:01 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites

  • Root Admin

Please follow the advice from the following topic and clean up your installation of Google Chrome. @Davemeysner

 

 

Uninstall the following program from Control Panel, Programs, Programs and Features

McAfee Security Scan Plus

 

When that's all done please run the following antivirus scan

 

 

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g. their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.