Jump to content

Recommended Posts

Hi, 
I’m getting lots of "Website Blocked Due to Riskware" messages (see log pasted below). Just in case, I scanned Windows 10 PC with Malwarebytes, ADWCleaner, Windows Defender, Windows Defender offline, Panda, Emisoft Emergency Kit, HitmanPro, etc. but nothing unusual was reported.
The only new app I’ve installed in the last couple of months – apart from normal updates to OS and software, is NordVPN. Using NordVPN, I connected to servers in the UK, Germany, Spain, etc. 
Yesterday (23-October-2021) I connected to Yahoo Mail without using NordVPN and I started to get the “Website Blocked Due to Riskware” messages (16+ in 30 minutes!). As I used MS Edge, the log report shows msedge.exe but same problem occurs when accessing Yahoo Mail using Chrome.
Without a VPN connection, the pop-up messages are displayed when checking my emails using Yahoo Mail, but no message when browsing websites. When connected to a NordVPN server the Malwarebytes message is not displayed at all when using Yahoo Mail or browsing
Can you please help/advise how I can stop these outbound attempts? Thank you 

-Log Details-

Protection Event Date: 23/10/2021

Protection Event Time: 17:03

Log File: b8b0a906-341a-11ec-92fa-086266b90212.json

-Software Information-

Version: 4.4.9.142

Components Version: 1.0.1486

Update Package Version: 1.0.46316

Licence: Premium

-System Information-

OS: Windows 10 (Build 19043.1288)

CPU: x64

File System: NTFS

User: System

-Blocked Website Details-

Malicious Website: 1

, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, ,

 

-Website Data-

Category: RiskWare

Domain: wilege-thical.icu

IP Address: 18.195.128.171

Port: 443

Type: Outbound

File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

 

Malware export Riskware.txt

Link to post
Share on other sites

Hello Eddysep and welcome to Malwarebytes,

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

Hi Kevinf80,

Thanks for your prompt reply - much appreciated

As requested, the FRST.txt is copied below and the Addition.txt is attached.

Regards

{Eddy – start here} 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by Eddy (administrator) on DESKTOP-N573KM8 (ASUSTeK COMPUTER INC. N551VW) (25-10-2021 06:46:21)
Running from D:\Eddy\Desktop

Loaded Profiles: Eddy
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp//WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp//www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\LiveTuner2.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\LiveTunerService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\ScanToPCActivationApp.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Moyea Software -> ) C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [586888 2018-09-20] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp//www.all2pdf.com)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\LiveTuner2.exe [4751776 2019-09-27] (Ashampoo GmbH & Co. KG -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [588288 2016-01-08] (Nikon Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2340200 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4888904 2016-11-22] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 2017\ashsnap.exe [7223608 2017-01-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [HP OfficeJet 5200 (NET)] => C:\Program Files\HP\HP OfficeJet 5200 series\Bin\ScanToPCActivationApp.exe [4064160 2019-03-19] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [Boom 3D] => C:\Program Files\Global Delight\Boom 3D\Boom3D.exe [7851184 2021-09-13] (Global Delight Technologies Private Limited -> Global-Delight)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [MicrosoftEdgeAutoLaunch_4B2EE03F50C934E578A23F56A9B9CC4B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\MountPoints2: {195ad90f-6af0-11eb-a00f-185e0f1935b0} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\...\MountPoints2: {9228bdf4-b203-11ea-9e11-185e0f1935b0} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2537941160-614238875-3030485169-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\ActMask: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [51336 2016-04-12] (ActMask Group Co., Ltd -> ActMask Co.,Ltd)
HKLM\...\Windows x64\Print Processors\ActMaskR: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [51336 2016-04-12] (ActMask Group Co., Ltd -> ActMask Co.,Ltd)
HKLM\...\Print\Monitors\HP BB11 Status Monitor: C:\Windows\system32\hpinkstsBB11LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP CD11 Status Monitor: C:\Windows\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\stkMonitor: C:\Windows\system32\stkMonitor.dll [65680 2021-06-30] (Amazon.com Services LLC -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2021-01-11]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe (IO3O LLC -> IO3O LLC) [File not signed]
Startup: C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-08-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {163C39B0-9A21-4DD3-A920-D8DD137B5A1D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1CEB8142-BB12-48CD-AB6E-A6B102163996} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A0C7A87-4AD1-4651-8347-31871653BBB7} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-N573KM8-Eddy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {30DC5101-94A1-4391-A717-2AB9C4302F0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {359ABB1D-195C-4398-9C48-E590E3FDC803} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {55EA122A-1297-4B0F-B03A-EFCF26CFE49B} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {575748F7-4E7E-4E65-934A-5103982923B0} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {5D2832B7-688B-4A85-9F25-A7DC5C444D4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-07] (Google Inc -> Google Inc.)
Task: {5E1C43D7-933B-48C8-AF33-38C71825D927} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6DF9DE6D-BB71-4CEE-896B-CB601AB08E35} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134504 2021-10-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7007C9E3-9822-4E76-8522-C472CE48278E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {76BF94BD-6EEE-4A49-BA12-486E6AB9BF8E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407280 2015-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {81161DCF-E928-47DA-A2EC-5ACE13D5881D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-07] (Google Inc -> Google Inc.)
Task: {85AB1EEE-106C-4F96-A46D-F015AB33A7F2} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {90AB82A8-B74C-457E-8714-D8E92E376EA4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3977576 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FE66771-6A0F-4A3D-83FB-69231AF8C466} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A1429AFD-804F-4612-B629-A125300076E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A56C2A6C-381A-42D5-B33F-9BCBCE8BC2E3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {AEAFD756-FB94-4D89-B400-C4FE276FB2DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {B5D32AA1-A607-4BD9-B220-E5D4E855508C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1409432 2015-09-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {CAADD46F-9B21-428F-9466-7A331C0CFB3B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CB3C4A51-36D0-434E-9E8B-6F7B6482A424} - System32\Tasks\CorelUpdateHelperTask-48712A0DB537EEA77C264E8D6E475C49 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {D45FF9EF-5A84-4BA9-A728-BD2B267AAA15} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {D6F1B44B-783E-4F2F-814D-3749CF8C2A4B} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {E27FC004-DA4D-4809-BEF9-1191F41FA95C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {E96CCA60-8CD5-4EB1-8C24-5A38AF59875E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134504 2021-10-19] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{57841d1d-9e75-465e-bb60-9b43a2a207c9}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{72f60cc4-3a2e-4cf0-976a-53306a025cd6}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{8b81ad7f-4886-4600-a7bf-a380f52db40d}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{a69a50b8-e47d-4b0b-b18d-bd3284f72ca1}: [DhcpNameServer] 198.18.0.1 198.18.0.2

Edge: 
=======
DownloadDir: D:\Eddy\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (IBM Security Rapport) -> EdgeExtension_IBMTrusteerIBMTrusteerRapport_756wk15nt3n8e => C:\Program Files\WindowsApps\IBMTrusteer.IBMTrusteerRapport_1.1.34.0_x64__756wk15nt3n8e [2018-12-13]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2019-02-01]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1910.9.0_neutral__343d40qqvtj1t [2019-10-12]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Eddy\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-25]
Edge DownloadDir: Default -> D:\Eddy\Downloads
Edge HomePage: Default -> hxxps//www.bbc.co.uk/
Edge StartupUrls: Default -> "hxxps//www.bbc.co.uk/"
Edge Extension: (Amazon Assistant) - C:\Users\Eddy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2021-07-28]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Eddy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-22]
Edge Extension: (IBM Security Rapport) - C:\Users\Eddy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kajikgogckeajjplomldcempamhidmcc [2021-03-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]

FireFox:
========
FF DefaultProfile: b7glk6ie.default-1512385070220
FF ProfilePath: C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\b7glk6ie.default-1512385070220 [2021-10-24]
FF Extension: (IBM Security Rapport) - C:\Users\Eddy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com (1).xpi [2018-04-06] [UpdateUrl:hxxps//clients2.google.com/service/update2/crx]
FF Extension: (IBM Security Rapport) - C:\Users\Eddy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2020-05-04] [UpdateUrl:hxxps//clients2.google.com/service/update2/crx]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\b7glk6ie.default-1512385070220\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-10-23]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-08-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-06-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-06-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-08-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default [2021-10-22]
CHR Extension: (Rapport) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-08-20]
CHR Profile: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-01-28]
CHR Profile: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-10-25]
CHR StartupUrls: Profile 2 -> "hxxps//www.bbc.com/news"
CHR Extension: (Slides) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (IBM Security Rapport) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2021-02-18]
CHR Extension: (YouTube) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-20]
CHR Extension: (Sheets) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-22]
CHR Extension: (Grammarly for Chrome) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-18]
CHR Extension: (Player para ver Movistar+) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2020-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\Eddy\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-09]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKU\S-1-5-21-2537941160-614238875-3030485169-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9251696 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\DfsdkS.exe [406016 2019-09-27] (mst software GmbH, Germany) [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2016-01-07] () [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.196.0921.0007\FileSyncHelper.exe [3252584 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2021-05-30] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2015-11-04] (Shenzhen Moyea Software -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-10-23] (Malwarebytes Inc -> Malwarebytes)
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.196.0921.0007\OneDriveUpdaterService.exe [3721576 2021-10-21] (Microsoft Corporation -> Microsoft Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3017848 2021-03-11] (IBM -> IBM Corp.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\LiveTunerService.exe [308616 2020-05-25] (Ashampoo GmbH & Co. KG -> )
S4 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-17] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [120408 2016-01-07] (Hiroki Asakawa -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 GDPL_BOOM; C:\WINDOWS\system32\drivers\boomvad.sys [51016 2021-05-09] (WDKTestCert Adarsh,131897759775447238 -> Windows (R) Win 7 DDK provider)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2020-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 17\LiveTuner64.sys [24432 2019-09-27] (Ashampoo GmbH & Co. KG -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-10-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-06-08] (TEFINCOM S.A. -> )
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [42576 2021-06-13] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [456248 2021-03-11] (IBM -> IBM Corp.)
S1 RapportCerberus_2009064; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2009064.sys [1488336 2021-08-22] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [555024 2021-03-11] (IBM -> IBM Corp.)
S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [405008 2021-03-11] (IBM -> IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [456016 2021-03-11] (IBM -> IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [576080 2021-03-11] (IBM -> IBM Corp.)
S3 t6sta; C:\WINDOWS\System32\Drivers\t6sta.sys [161608 2020-06-01] (Magic Control Technology Corp. -> Magic Control Technology Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapipvanish; C:\WINDOWS\System32\drivers\tapipvanish.sys [45552 2016-09-22] (IPVanish (Mudhook Marketing, Inc) -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S3 tbhsd; C:\WINDOWS\system32\drivers\tbhsd.sys [57648 2019-06-05] (Audials AG -> RapidSolution Software AG)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller FREE\IFS64.sys [40520 2018-11-19] (Ashampoo GmbH & Co. KG -> )
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [235832 2019-01-28] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-04] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-18] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-25 05:14 - 2021-10-25 05:14 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-10-25 05:14 - 2021-10-25 05:14 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-10-25 05:14 - 2021-10-25 05:14 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-10-24 07:54 - 2021-10-24 07:55 - 000000000 ____D C:\Users\Eddy\AppData\Local\WhatsApp
2021-10-23 17:14 - 2021-10-24 20:39 - 000000000 ____D C:\Users\Eddy\AppData\Local\NordVPN
2021-10-23 17:14 - 2021-10-23 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-10-23 17:14 - 2021-06-13 11:02 - 000042576 _____ (TEFINCOM S.A.) C:\WINDOWS\system32\Drivers\nordlwf.sys
2021-10-23 17:14 - 2021-06-08 21:25 - 000105184 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-10-23 17:13 - 2021-10-23 17:14 - 000000000 ____D C:\ProgramData\NordVPN
2021-10-23 17:13 - 2021-10-23 17:14 - 000000000 ____D C:\Program Files\NordVPN
2021-10-23 17:13 - 2021-10-23 17:13 - 000000000 ____D C:\Program Files\NordVPN network TUN
2021-10-23 17:13 - 2021-10-23 17:13 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2021-10-23 16:54 - 2021-10-23 16:54 - 000935096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-23 11:21 - 2021-10-23 11:21 - 000000000 ____D C:\Program Files (x86)\Panda Security
2021-10-23 11:21 - 2015-09-14 13:03 - 000039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2021-10-23 11:21 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2021-10-23 10:51 - 2021-10-23 10:51 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-23 10:51 - 2021-10-23 10:51 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-22 23:18 - 2021-10-24 20:39 - 133955584 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-18 17:59 - 2021-10-18 17:59 - 000029680 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\wintun.sys
2021-10-15 16:09 - 2021-10-15 16:09 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 16:09 - 2021-10-15 16:09 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 16:09 - 2021-10-15 16:09 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 16:08 - 2021-10-15 16:08 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 16:08 - 2021-10-15 16:08 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 16:08 - 2021-10-15 16:08 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 16:08 - 2021-10-15 16:08 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 16:08 - 2021-10-15 16:08 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 16:08 - 2021-10-15 16:08 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 16:08 - 2021-10-15 16:08 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 16:08 - 2021-10-15 16:08 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 16:07 - 2021-10-15 16:07 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 16:07 - 2021-10-15 16:07 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 15:53 - 2021-10-15 15:53 - 000000000 ___HD C:\$WinREAgent
2021-10-12 17:41 - 2021-10-12 17:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-25 06:47 - 2017-04-14 09:36 - 000000000 ____D C:\Users\Eddy\AppData\Local\WiFi Guard
2021-10-25 06:46 - 2017-04-11 08:44 - 000000000 ____D C:\FRST
2021-10-25 06:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-25 06:08 - 2016-04-07 18:01 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-25 05:21 - 2016-04-11 18:24 - 000000000 ____D C:\Users\Eddy\AppData\Local\Adobe
2021-10-25 05:18 - 2020-06-21 13:49 - 000971894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-25 05:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-25 05:14 - 2017-03-23 21:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-10-25 05:14 - 2016-03-31 07:29 - 000000000 __SHD C:\Users\Eddy\IntelGraphicsProfiles
2021-10-25 05:13 - 2021-01-17 15:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-25 05:13 - 2020-06-21 13:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-25 05:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-25 05:13 - 2017-08-09 20:09 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-24 20:39 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-24 20:10 - 2020-06-21 13:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-24 17:39 - 2021-05-19 16:08 - 000003334 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-48712A0DB537EEA77C264E8D6E475C49
2021-10-24 13:03 - 2016-11-22 17:58 - 000000000 ____D C:\Users\Eddy\AppData\LocalLow\Mozilla
2021-10-24 10:37 - 2019-02-21 03:23 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-24 07:56 - 2016-12-23 16:24 - 000000000 ____D C:\Users\Eddy\AppData\Roaming\WhatsApp
2021-10-24 07:55 - 2016-12-23 16:24 - 000000000 ____D C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-10-24 07:55 - 2016-12-23 16:24 - 000000000 ____D C:\Users\Eddy\AppData\Local\SquirrelTemp
2021-10-23 16:06 - 2018-01-28 11:48 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-10-23 14:30 - 2016-04-13 21:21 - 000000000 ____D C:\Users\Eddy\AppData\Local\FSDART
2021-10-23 13:52 - 2016-06-01 19:40 - 000000000 ____D C:\Users\Eddy\AppData\Local\CrashDumps
2021-10-23 13:52 - 2016-04-05 11:42 - 000000000 ____D C:\Users\Eddy\AppData\LocalLow\Temp
2021-10-23 12:14 - 2016-04-13 21:21 - 000000000 ____D C:\ProgramData\F-Secure
2021-10-23 11:43 - 2020-06-21 13:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-10-23 08:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-22 23:18 - 2017-08-14 18:22 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-10-22 22:50 - 2020-05-11 09:39 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-22 22:40 - 2021-04-03 17:04 - 000000000 ____D C:\Program Files (x86)\ReturnTo528
2021-10-22 22:40 - 2017-08-10 21:02 - 000000000 ____D C:\Users\Eddy\AppData\Local\NPE
2021-10-22 22:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-22 22:14 - 2018-10-12 15:09 - 000000000 ____D C:\Users\Eddy\AppData\Local\D3DSCache
2021-10-22 21:56 - 2017-08-14 16:39 - 000000000 ____D C:\EEK
2021-10-22 21:26 - 2017-08-10 16:01 - 000000000 ____D C:\AdwCleaner
2021-10-22 06:10 - 2020-04-09 17:03 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-21 06:03 - 2021-06-17 11:50 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-10-21 04:27 - 2021-06-23 11:38 - 000000000 ____D C:\Users\Eddy\AppData\Local\Boom 3D
2021-10-21 04:06 - 2020-06-21 13:51 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-10-21 04:05 - 2019-12-21 19:04 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-19 12:34 - 2021-08-10 19:17 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-15 16:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-15 16:12 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-15 15:59 - 2016-04-11 18:27 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-15 15:53 - 2016-03-31 08:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-15 15:47 - 2016-03-31 08:11 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 11:58 - 2020-06-21 13:51 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-10-13 06:13 - 2020-11-15 11:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-13 06:13 - 2017-11-25 12:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-12 17:41 - 2017-11-25 12:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-12 08:37 - 2021-06-25 15:29 - 000001342 _____ C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-12 08:37 - 2021-06-25 15:29 - 000000000 ___RD C:\Users\Eddy\AppData\Local\PCHealthCheck
2021-10-11 06:18 - 2021-07-02 08:01 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7578a88fb4aba
2021-10-11 06:18 - 2020-06-21 13:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-11 06:14 - 2021-02-12 09:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-06 16:28 - 2016-02-13 18:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-10-04 04:30 - 2018-02-21 18:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-02 08:03 - 2020-06-21 13:51 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-02 08:03 - 2020-06-21 13:51 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-01 10:29 - 2021-06-23 11:38 - 000003023 _____ C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Boom 3D.lnk

==================== Files in the root of some directories ========

2019-08-30 15:33 - 2018-06-05 16:22 - 000000204 _____ () C:\ProgramData\smpc.dll
2018-01-26 10:43 - 2018-01-26 10:43 - 001502848 _____ (IO3O LLC                                                    ) C:\Users\Eddy\mywifi403.exe
2016-05-29 08:11 - 2016-12-12 11:31 - 000000268 ___RH () C:\Users\Eddy\AppData\Roaming\Audio Unit Effect
2016-12-12 11:31 - 2016-12-12 11:31 - 000000268 ___RH () C:\Users\Eddy\AppData\Roaming\Authentication
2018-03-18 13:08 - 2018-03-18 13:15 - 000000167 _____ () C:\Users\Eddy\AppData\Roaming\PLGComp.ini
2016-12-21 15:51 - 2017-11-04 08:50 - 000005632 _____ () C:\Users\Eddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-30 08:57 - 2018-09-30 08:57 - 000000000 _____ () C:\Users\Eddy\AppData\Local\oobelibMkey.log
2021-06-06 07:46 - 2021-06-06 07:46 - 000002083 _____ () C:\Users\Eddy\AppData\Local\recently-used.xbel
2017-05-11 19:33 - 2020-05-19 07:16 - 000007639 _____ () C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Link to post
Share on other sites

Hiya Eddysep,

Thanks for those logs, continue;

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to this file:
    C:\Users\Eddy\mywifi403.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.
  • Repeat the above steps for the following files

Thank you,

Kevin.

Edited by kevinf80
Link to post
Share on other sites

Hiya Eddtsep,

Thanks for the update, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.


Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.

Open Zemana again then do the following to get the latest report

Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply....

Let me see those logs in your reply...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

It took longer than expected - I decided to backup my data before following your instructions but the backup software found a corrupt folder ... and I could not delete it using Windows utilities, third party software, etc. Eventually I found the way to do it (run chkdsk, etc.). Then after completing your instructions, my PC was showing no icons on the desktop! After rebooting a few times, they all - magically, reappeared! And after that, it took me a while to login to this forum as password not recognised, etc. Actually, over the last few days I had the same problem login to Malwarebytes forum and had to use the "forgot password" link quite a few times.

Anyway, as requested please find attached the fixlog.txt and the Zemana Scan Report.txt

Thank you Kevin!

Regards

Eddy

 

Fixlog.txt Zemana Scan Report.txt

Link to post
Share on other sites

Kevin.

Is there any way to trace Malwarebytes actions? i.e. what is triggering the message? I've been trying to get real-time logs using ProcMon (process monitor) at the time the website is blocked but the number of events created is massive ... and I wouldn't know what to look for!

Thanks 

Eddy

Link to post
Share on other sites

Hi Kevin,

It is now 01:30 and I had enough for today but before I switched off ... I've carried out further tests about the blocked website problem:

1. Opened my Yahoo Mail on Android devices - mobile phone and tablet, and Malwarebyte does not block any website

2. Opened my Yahoo Mail on a different Windows 10 PC and no problems reported by Malwarebytes.

3. I executed Zemana with the depth option and all clear

Any suggestions would be much appreciated

Thank you

Eddy

Link to post
Share on other sites

Hiya Eddy,

Regarding Chrome, use the instructions in the following link and see if that clears the issue...

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Regarding Edge, try the reset option from the following link:

https://www.howtogeek.com/237527/how-to-reset-microsoft-edge-in-windows-10/

Does either one help?

Thank you,

Kevin.

 

Link to post
Share on other sites

Hi Kevin,

Done as instructed and the problem remains

Attached is the message before I started changing MS Edge browser. After following steps

1 Clear browsing data

2 running SFC

3 Powershell to restore MS Edge

After each step, Yahoo Mail was launched and the blocked website message displayed every time

Thank you Kevin

Regards

Eddy

 

Blocked website Screenshot 2021-10-26 080253.png

Link to post
Share on other sites

Hi Kevin,

A PIA indeed! The messages (and I got too many to count!) are identical - same IP and same domain.

I think at some point - before contacting the Forum. I did set up an Outbound rule for that IP, but  as Malwarebytes is blocking the website not sure if ithe rule worked or not. 

But i will check the link you suggest just in case I set up the rule incorrectly

Regards

Eddy

 

Link to post
Share on other sites

Hello Eddy,

The IP is related to Amazon, can you remove the following extension from EDGE and see if that clears the issue, I`ve tried running the IP and domain through a few different test tools and they do not return any issues. This may be a false positive (fp)...

Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps

Thanks,

Kevin.

 

Link to post
Share on other sites

Link to post
Share on other sites

Hi Kevin,

Malwarebytes is the only app reporting this and I'd love to know what is actually triggering this message. Is it a false positive? I hope so.

I agree with you that probably it is not malicious BUT it is quite unnerving to get this message every time I use Yahoo Mail. And everytime it is the same message, same IP and the same domain... and on top of that it has an extension ICU. Wow! Scary! 

I trust you'd let me know any news from DEV. In the meantime, I'll be considering the options I have if this problem can't be identified and eliminated, e.g re-install Windows?

Thank you Kevin

Eddy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.