Jump to content

Malware Detected, Removed, and Keeps Returning. What to do?

JxTwidget
 Share

Recommended Posts

JxTwidget

JxTwidget

Posted
Posted

I was following this thread but it kinda ended abruptly.

I followed Kevin's instructions and this is what I came up with. 

The first TXT is MalwareBytes, 2nd is ADWCleaner, 3rd is FRST

 

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office15ProPlus, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{870E4359-4BBD-47E4-A255-F15E3168E7ED}, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{870E4359-4BBD-47E4-A255-F15E3168E7ED}, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Windows100Professional, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2D18B38B-BC44-4290-8980-32588D5DB385}, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{2D18B38B-BC44-4290-8980-32588D5DB385}, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 42
Trojan.Glupteba.BITSRST, C:\USERS\USER\APPDATA\ROAMING\EPICNET INC, Quarantined, 8950, 781247, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, Quarantined, 8950, 781247, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, Quarantined, 8950, 781247, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Roaming\EpicNet Inc\CloudNet, Quarantined, 8950, 781247, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\USERS\USER\APPDATA\LOCAL\EPICNET INC, Quarantined, 8950, 781248, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, Quarantined, 8950, 781248, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, Quarantined, 8950, 781248, 1.0.82116, , ame, , , 
Trojan.Glupteba.BITSRST, C:\Users\USER\AppData\Local\EpicNet Inc\CloudNet, Quarantined, 8950, 781248, 1.0.82116, , ame, , , 
RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, Quarantined, 7191, 820459, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\USERS\USER\APPDATA\LOCAL\TEMP\CSRSS, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\winboxscan-1003-2.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\obfs4proxy.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\lsa64install_in.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\winboxls-1008-2.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\Tor\tor.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\i2pd\i2pd.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\tor.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\scheduled.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\cloudnet.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\smb\e7.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\lsa64.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\mrt.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\al.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\vc.exe\Protection Dir, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\winboxscan-1003-2.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\obfs4proxy.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\lsa64install_in.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\winboxls-1008-2.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\Tor\tor.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\i2pd\i2pd.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\tor.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\scheduled.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\cloudnet.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\smb\e7.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\lsa64.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy\Tor, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\mrt.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\al.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\vc.exe, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\proxy, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\i2pd, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 
Trojan.Ranumbot, C:\Users\USER\AppData\Local\Temp\csrss\smb, Quarantined, 9261, 995472, 1.0.82116, , ame, , , 

File: 4
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office15ProPlus, Quarantined, 7191, 820459, 1.0.82116, , ame, , 9EBF1AADCC98320D10B85AD0A14D9566, CCF11D157D61156ED0C6EF7F7CE62EB7A77DE8FF7E1449F353242E0196C5A84C
RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Windows100Professional, Quarantined, 7191, 820459, 1.0.82116, , ame, , F649F60E1DF9D6A46DD354AB8281C443, 6CE641CD130A40D993B925A08F704CFF2014132AED30A4A4DEA9F69F3F7E2A09
RiskWare.SystemRequirementsLab, C:\USERS\USER\DOWNLOADS\DETECTION (1).EXE, Quarantined, 11683, 1159453, 1.0.82116, , ame, , 25F60CB01828DB07C70D89FE15A38F83, 449586282D444040540B009C2279D7A24120495068078969C61610DF01C5A4E7
MachineLearning/Anomalous.100%, C:\PROGRAM FILES (X86)\WORLD OF WARCRAFT\_CLASSIC_ERA_\BLIZZARDERROR.EXE, Quarantined, 0, 392687, 1.0.82116, , shuriken, , C065DB44A658A280FB050422792ACB32, 14F429C06276A58D167A1C5CCFDE72310FF08B2FAB12E11DB2E61FF3A96DE1E0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Start:    03-19-2024
# Duration: 00:00:11
# OS:       Windows 10 (Build 19045.4170)
# Scanned:  32104
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Trojan.Agent                    C:\Windows\rss

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.VeePN              Free VPN for Chrome - VPN Proxy VeePN - majdfhpaihoncoakbjgbdhglocklcgno

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Discord Inc. -> Discord Inc.) C:\Users\USER\AppData\Local\Discord\app-1.0.9036\Discord.exe <6>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <34>
(explorer.exe ->) (RingCentral, Inc. -> RingCentral) C:\Users\USER\AppData\Local\Programs\RingCentral\RingCentral.exe <6>
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvsmi.inf_amd64_0dc81fb0ef77b5d4\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2410.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) E:\WindowsApps\Microsoft.GamingApp_2402.1001.26.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1927392 2024-03-05] (Smadsoft) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4384104 2024-03-07] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [Discord] => C:\Users\USER\AppData\Local\Discord\Update.exe [1525016 2023-08-01] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [MicrosoftEdgeAutoLaunch_28CC4C91291F97998E40A29656715B1C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060712 2024-03-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [Upwork] => C:\Users\USER\AppData\Local\Programs\upwork\Upwork.exe [146990640 2023-10-17] (Upwork Global Inc. -> Upwork, Inc.)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [EpicGamesLauncher] => E:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [Hubstaff] => C:\Program Files\Hubstaff\HubstaffClient.exe [16505224 2024-01-12] (Netsoft Holdings, LLC -> Netsoft Holdings, LLC.)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [com.messenger] => "C:\Users\USER\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2730600 2024-02-28] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [RingCentral] => C:\Users\USER\AppData\Local\Programs\RingCentral\RingCentral.exe [152260768 2024-01-26] (RingCentral, Inc. -> RingCentral)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Run: [Battle.net] => E:\Battle.net\Battle.net.exe [981640 2024-03-06] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.exe [18464 2024-03-19] (Microsoft Corporation -> ) <==== ATTENTION
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.129\Installer\chrmstp.exe [2024-03-15] (Google LLC -> Google LLC)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dialpad.lnk [2024-03-19]
ShortcutTarget: Dialpad.lnk -> C:\Users\USER\AppData\Local\dialpad\Dialpad.exe (Dialpad, Inc. -> Dialpad)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3115D632-7651-4B0E-BC59-46D41D7E48A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {B247961E-FA64-42ED-95E8-4D2D337BEB9D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {505A43FC-88F9-4DA7-9EB8-E92A19BFB86B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "b34c5064-f561-449d-9596-5d0aea7176f2" --version "6.22.10977" --silent
Task: {E73A54EF-691D-4203-8F2F-F69B062EE241} - System32\Tasks\CCleanerSkipUAC - USER => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9446C10E-40D4-40F4-B94D-F10EC9ABA2A1} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6359.0{C6FBD39D-7AF5-4D24-BB33-0DF8BB890526} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
Task: {DD939FF8-49D2-40DE-857F-01C0EA4B34E1} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1267275601-2810351459-2975703654-1001 => C:\Users\USER\AppData\Local\Programs\Messenger\MessengerHelper.exe [2169080 2024-03-13] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {64A40EC9-2487-4F8B-A538-70D483F82619} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {76F766E8-0227-465E-96AD-F228E8F3E964} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AA07EFF-013D-4B2D-A2E5-8D354F65EE0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A37E9BD3-B777-4043-828F-A387E8D7EB17} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CB473F85-CF16-4BE6-A576-4BE6DC5057A1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F869650-F767-4215-8205-D83070D28289} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {414D3FA0-26A2-42D6-B001-157046736B86} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DF3F78AD-D122-4106-8D93-F4E1B51E02C2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {779A9E24-7FB0-4BF5-8592-729020A9BF02} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3987422C-6C7D-4F1D-A908-97EBF428A281} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1E648C0-85EA-4572-8F7E-0E54533B94CF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3C5E8286-EA05-4703-A8BF-482AD0C30F99} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6814EE90-E8C3-4D37-80F4-12C75057DCE0} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {5930B991-C992-4809-A431-059FC7DCA555} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1927392 2024-03-05] (Smadsoft) [File not signed]
Task: {34D4076B-4478-4BCE-BB1F-619DF159880C} - System32\Tasks\SmadavSecondaryUpdater => C:\Program Files (x86)\Smadav\SmadavSecondaryUpdater.exe [124128 2023-05-04] (Zainuddin Nafarin -> Smadav Software (Smadsoft))

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 121.54.70.157 121.54.70.165
Tcpip\..\Interfaces\{2fbf61e9-3303-4fd6-a250-208ff5dc5d8a}: [DhcpNameServer] 121.54.70.157 121.54.70.165
Tcpip\..\Interfaces\{2fbf61e9-3303-4fd6-a250-208ff5dc5d8a}\05C4444584F4D4546494242515B446A663: [DhcpNameServer] 121.54.70.157 121.54.70.165
Tcpip\..\Interfaces\{2fbf61e9-3303-4fd6-a250-208ff5dc5d8a}\4454354525F495542513: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2fbf61e9-3303-4fd6-a250-208ff5dc5d8a}\859616F6D69602132302C4964756: [DhcpNameServer] 192.168.129.198
Tcpip\..\Interfaces\{be6ab92f-013a-47c7-8e5e-0794222f4342}: [DhcpNameServer] 121.54.70.157 121.54.70.165

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\USER\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-06]
Edge Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-06]
Edge Extension: (Edge relevant text changes) - C:\Users\USER\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-19]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2024-03-19]
CHR Notifications: Default -> hxxps://app.callrail.com; hxxps://meet.google.com; hxxps://www.messenger.com
CHR Extension: (Google Translate) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-08-20]
CHR Extension: (Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2023-08-20]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2023-08-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-23]
CHR Extension: (Stay secure with CyberGhost VPN Free Proxy) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbkglfijbcbgblgflchnbphjdllaogb [2023-09-21]
CHR Extension: (Gmail Conversation Thread Reversal by cloudHQ) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkplphcelnmocakmefjmpnohnfgkibkk [2023-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-27]
CHR Extension: (Volume Master) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-20]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2023-08-20]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-03-05]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-03-17]
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR DefaultSearchURL: Profile 1 -> hxxps://www.protectedsearchs.com/search/?category=web&s=pdpr&vert=private&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> Secured Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://sug.protectedsearchs.com/v1/sug/?yid=pdpr&vert=private&q={searchTerms}
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (Google Translate) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-08-25]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
CHR Extension: (Secured Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icnjpkhpomnemcocnffjejhflchgniih [2023-08-25]
CHR Extension: (Momentum) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2024-03-16]
CHR Extension: (PowerPoint Online) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2023-08-25]
CHR Extension: (YouTube Party) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngmncgebkdchkdokiecifpmodajbaopj [2023-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-25]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 10 [2024-03-10]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-24]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 11 [2024-03-18]
CHR Notifications: Profile 11 -> hxxps://www.facebook.com
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-08]
CHR Extension: (Loom – Screen Recorder & Screen Capture) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2024-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-01-03]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-03-19]
CHR Notifications: Profile 3 -> hxxps://www.instagram.com
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-26]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9 [2024-03-19]
CHR Notifications: Profile 9 -> hxxps://calendar.google.com; hxxps://dialpad.com; hxxps://drive.google.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://web.skype.com
CHR Extension: (Authenticator) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2024-02-21]
CHR Extension: (Hiver - Gmail-based customer service solution) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fcinnggknmdfkilogcndkgpojpfojeem [2024-02-15]
CHR Extension: (Gmail Conversation Thread Reversal by cloudHQ) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\fkplphcelnmocakmefjmpnohnfgkibkk [2023-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-29]
CHR Extension: (ChatGPT for Google by cloudHQ) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\hbnpppemeehgdkepgiemjkaolkijcilj [2024-02-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-11-26]
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile [2024-03-19]
CHR HKU\S-1-5-21-1267275601-2810351459-2975703654-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2562696 2024-03-19] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-12-16] (BattlEye Innovations e.K. -> )
R3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 DAUpdaterSvc; E:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2023-12-31] (BioWare -> BioWare)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12096104 2024-02-28] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2024-03-19] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S2 GoogleUpdaterInternalService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
S2 GoogleUpdaterService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9423680 2024-03-14] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-14] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvsmi.inf_amd64_0dc81fb0ef77b5d4\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-03-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5066280 2023-12-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12410208 2023-12-16] (KRAFTON, Inc. -> KRAFTON, Inc)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iaLPSS2_GPIO2; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_skl.inf_amd64_2a35efc43f1a612e\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_skl.inf_amd64_363c7132639e12a6\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-03-19] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 SamsungEventController; C:\Windows\System32\drivers\SamsungEventController.sys [28456 2019-06-13] (WDKTestCert dotol,132048634660548123 -> Samsung)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [20928 2024-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [603416 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [179112 2023-12-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-19 23:24 - 2024-03-19 23:26 - 000027201 _____ C:\Users\USER\Downloads\FRST.txt
2024-03-19 23:24 - 2024-03-19 23:25 - 000000000 ____D C:\FRST
2024-03-19 23:22 - 2024-03-19 23:24 - 002390528 _____ (Farbar) C:\Users\USER\Downloads\FRST64 (1).exe
2024-03-19 23:22 - 2024-03-19 23:22 - 002390528 _____ (Farbar) C:\Users\USER\Downloads\Unconfirmed 751274.crdownload
2024-03-19 23:17 - 2024-03-19 23:18 - 000000000 ____D C:\AdwCleaner
2024-03-19 23:17 - 2024-03-19 23:17 - 008790880 _____ (Malwarebytes) C:\Users\USER\Downloads\adwcleaner.exe
2024-03-19 23:01 - 2024-03-19 23:01 - 000000000 ____D C:\Users\USER\Desktop\Malware List
2024-03-19 22:54 - 2024-03-19 22:54 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-03-19 22:51 - 2024-03-19 22:51 - 000000000 ____D C:\ProgramData\Norton
2024-03-14 04:00 - 2024-03-19 23:24 - 000000000 ____D C:\Users\USER\AppData\Local\Malwarebytes
2024-03-14 04:00 - 2024-03-14 04:00 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-03-14 04:00 - 2024-03-14 04:00 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-03-14 03:59 - 2024-03-14 03:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-03-14 03:59 - 2024-03-14 03:59 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-14 03:58 - 2024-03-14 03:58 - 002585496 _____ (Malwarebytes) C:\Users\USER\Downloads\MBSetup.exe
2024-03-13 23:45 - 2024-03-13 23:45 - 000019530 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-13 23:44 - 2024-03-13 23:44 - 000019530 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-03-13 23:34 - 2024-03-13 23:34 - 000000000 ___HD C:\$WinREAgent
2024-03-13 03:50 - 2024-03-13 03:50 - 000000000 ____D C:\Users\USER\AppData\Local\BANDAI NAMCO Entertainment
2024-03-13 03:24 - 2024-03-13 03:24 - 000000222 _____ C:\Users\USER\Desktop\Tales of Vesperia Definitive Edition.url
2024-03-13 02:24 - 2024-03-13 02:24 - 000000222 _____ C:\Users\USER\Desktop\Tales of Symphonia.url
2024-03-06 23:10 - 2024-03-06 23:10 - 000717681 _____ C:\Users\USER\Desktop\Turning-fear-into-faith-Katrina-Owned-by-Love.pdf
2024-03-06 03:26 - 2024-03-03 00:03 - 002031360 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-03-06 03:26 - 2024-03-03 00:03 - 002031360 _____ C:\Windows\system32\vulkaninfo.exe
2024-03-06 03:26 - 2024-03-03 00:03 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-03-06 03:26 - 2024-03-03 00:03 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-03-06 03:26 - 2024-03-03 00:03 - 001487904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-03-06 03:26 - 2024-03-03 00:03 - 001445120 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-03-06 03:26 - 2024-03-03 00:03 - 001445120 _____ C:\Windows\system32\vulkan-1.dll
2024-03-06 03:26 - 2024-03-03 00:03 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-03-06 03:26 - 2024-03-03 00:03 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-03-06 03:26 - 2024-03-03 00:03 - 001226760 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-03-06 03:26 - 2024-03-03 00:00 - 001045520 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-03-06 03:26 - 2024-03-03 00:00 - 000669704 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-03-06 03:26 - 2024-03-03 00:00 - 000505360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 002173560 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 001625736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 001541648 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 001199752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 001024032 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-03-06 03:26 - 2024-03-02 23:59 - 000841840 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-03-06 03:26 - 2024-03-02 23:59 - 000786952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 016033824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 012928032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 006780960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 005772808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 003721752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-03-06 03:25 - 2024-03-02 23:58 - 000459808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-03-06 03:25 - 2024-03-02 23:57 - 005913096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-03-06 03:25 - 2024-03-02 23:57 - 000853640 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-03-06 03:25 - 2024-03-02 23:56 - 006031080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-03-06 03:25 - 2024-03-02 07:04 - 000119419 _____ C:\Windows\system32\nvinfo.pb
2024-03-06 01:11 - 2024-03-06 01:13 - 000000000 ____D C:\Users\USER\AppData\Roaming\Battle.net
2024-03-06 01:10 - 2024-03-06 01:10 - 000000453 _____ C:\Users\Public\Desktop\Battle.net.lnk
2024-03-06 01:05 - 2024-03-06 01:05 - 004925568 _____ (Blizzard Entertainment) C:\Users\USER\Downloads\Battle.net-Setup.exe
2024-03-06 01:00 - 2024-03-06 01:00 - 000000000 ____D C:\Users\USER\AppData\Roaming\BitTorrent Web
2024-03-05 16:18 - 2024-03-05 16:18 - 000003300 _____ C:\Windows\system32\Tasks\SmadavSecondaryUpdater
2024-03-04 17:51 - 2024-03-04 17:51 - 000000000 _____ C:\Users\USER\Desktop\Key minions hearthstone.txt
2024-03-03 13:57 - 2024-03-03 13:57 - 000019336 _____ C:\Users\USER\Desktop\cc_20240303_135738.reg
2024-03-02 04:32 - 2024-03-05 23:08 - 000000000 ____D C:\Users\USER\AppData\Local\BitTorrentHelper
2024-02-25 14:11 - 2024-03-14 07:45 - 000007604 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2024-02-21 04:34 - 2024-02-21 04:34 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2024-02-18 19:46 - 2024-02-18 19:46 - 000000000 ____D C:\ProgramData\Battle.net_components

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-19 23:24 - 2019-12-07 17:13 - 000000000 ____D C:\Windows\INF
2024-03-19 23:23 - 2024-02-05 12:24 - 000000000 ____D C:\Users\USER\AppData\Roaming\RingCentral
2024-03-19 23:21 - 2023-08-21 05:33 - 000000000 ____D C:\Users\USER\AppData\Roaming\discord
2024-03-19 23:21 - 2023-08-21 05:33 - 000000000 ____D C:\Users\USER\AppData\Local\Discord
2024-03-19 23:19 - 2019-12-11 11:07 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-19 23:18 - 2023-12-21 05:54 - 000000000 ____D C:\Users\USER\AppData\Roaming\Messenger
2024-03-19 23:18 - 2023-12-21 05:54 - 000000000 ____D C:\Users\USER\AppData\Local\Messenger
2024-03-19 23:16 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-19 23:10 - 2023-08-20 15:14 - 000000000 ____D C:\Users\USER\AppData\Local\Battle.net
2024-03-19 23:08 - 2023-12-03 09:40 - 000000000 ____D C:\Users\USER\AppData\Local\CrashDumps
2024-03-19 22:54 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\AppReadiness
2024-03-19 22:53 - 2023-11-26 21:32 - 000000000 ____D C:\Users\USER\AppData\Roaming\Hubstaff
2024-03-19 22:52 - 2024-01-03 17:57 - 000000000 ____D C:\Program Files\CCleaner
2024-03-19 22:51 - 2024-01-03 17:57 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2024-03-19 22:51 - 2024-01-03 17:57 - 000003382 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2024-03-19 22:51 - 2024-01-03 17:57 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2024-03-19 13:26 - 2019-12-11 11:10 - 000000000 ____D C:\Users\USER\AppData\Roaming\Smadav
2024-03-19 13:25 - 2019-12-11 11:04 - 000000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2024-03-19 10:42 - 2023-08-21 05:21 - 000000000 ____D C:\Program Files (x86)\Steam
2024-03-19 09:45 - 2023-11-28 14:52 - 000000000 ____D C:\Users\USER\AppData\Roaming\EasyAntiCheat
2024-03-19 09:44 - 2023-11-26 21:45 - 000000000 ____D C:\Users\USER\AppData\Roaming\Dialpad
2024-03-19 08:35 - 2019-12-11 11:10 - 000000000 __SHD C:\[Smad-Cage]
2024-03-19 07:09 - 2023-08-20 15:07 - 000000000 ____D C:\Users\USER\AppData\Local\D3DSCache
2024-03-19 07:08 - 2023-11-26 21:44 - 000000000 ____D C:\Users\USER\AppData\Local\dialpad
2024-03-19 07:07 - 2023-11-26 21:45 - 000002250 _____ C:\Users\USER\Desktop\Dialpad.lnk
2024-03-19 07:07 - 2023-11-26 21:45 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dialpad
2024-03-19 06:27 - 2019-12-07 15:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-19 04:46 - 2023-11-28 14:52 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2024-03-18 11:49 - 2023-08-23 07:55 - 000000000 ____D C:\Windows\SystemTemp
2024-03-18 05:23 - 2019-12-07 15:07 - 000841126 _____ C:\Windows\system32\PerfStringBackup.INI
2024-03-18 05:15 - 2019-12-11 11:04 - 000000000 ____D C:\Intel
2024-03-18 05:15 - 2019-12-07 15:01 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-18 05:15 - 2019-12-07 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-03-18 05:14 - 2019-12-07 17:03 - 000786432 _____ C:\Windows\system32\config\BBI
2024-03-17 15:22 - 2023-10-10 16:40 - 000000000 ____D C:\Users\USER\AppData\Roaming\com.adobe.dunamis
2024-03-17 08:31 - 2023-12-28 17:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-03-17 08:31 - 2023-12-28 17:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-03-17 08:31 - 2023-09-25 03:47 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-03-17 05:08 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-17 05:07 - 2019-12-07 15:01 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-16 12:12 - 2019-12-12 15:29 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1267275601-2810351459-2975703654-1001
2024-03-16 12:12 - 2019-12-07 15:07 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1267275601-2810351459-2975703654-1001
2024-03-16 12:12 - 2019-12-07 15:04 - 000002380 _____ C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-16 07:31 - 2023-08-21 09:26 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2024-03-15 23:17 - 2023-08-22 06:03 - 000000000 ____D C:\Windows\system32\MRT
2024-03-15 23:06 - 2024-02-17 02:07 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_4.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 002709096 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 000706152 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 000218728 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 000206440 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2024-03-15 23:06 - 2024-02-06 04:49 - 000108136 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2024-03-15 23:06 - 2024-02-06 04:49 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2024-03-15 22:58 - 2023-08-22 06:03 - 190470136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-03-15 09:10 - 2019-12-11 10:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-15 09:10 - 2019-12-11 10:59 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-15 02:30 - 2019-12-07 15:01 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-15 00:21 - 2023-08-20 15:07 - 000000000 ____D C:\Users\USER\AppData\Local\NVIDIA
2024-03-14 10:09 - 2019-12-07 15:01 - 000446616 _____ C:\Windows\system32\FNTCACHE.DAT
2024-03-14 10:07 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\SystemResources
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\oobe
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\system32\Dism
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-03-14 10:07 - 2019-12-07 17:14 - 000000000 ____D C:\Windows\bcastdvr
2024-03-14 10:07 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\servicing
2024-03-14 03:59 - 2019-12-07 17:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-03-14 03:42 - 2023-12-21 05:54 - 000002324 _____ C:\Users\USER\Desktop\Messenger.lnk
2024-03-14 03:05 - 2023-08-21 05:33 - 000002226 _____ C:\Users\USER\Desktop\Discord.lnk
2024-03-13 23:49 - 2019-12-07 17:03 - 000000000 ____D C:\Windows\CbsTemp
2024-03-13 23:44 - 2019-12-07 15:05 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-03-13 00:25 - 2023-11-28 13:05 - 000000000 ____D C:\Users\USER\AppData\Local\NVIDIA Corporation
2024-03-11 03:41 - 2019-12-07 15:04 - 000000000 ____D C:\Users\USER\AppData\Local\Packages
2024-03-11 03:41 - 2019-12-07 15:04 - 000000000 ____D C:\ProgramData\Packages
2024-03-11 03:40 - 2023-08-20 15:04 - 000000000 ____D C:\Users\USER\AppData\Local\PlaceholderTileLogoFolder
2024-03-10 13:25 - 2023-12-09 17:47 - 000001394 _____ C:\Users\USER\Desktop\Roblox Player.lnk
2024-03-10 13:25 - 2023-12-09 17:47 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2024-03-10 13:25 - 2023-08-20 15:28 - 000000000 ____D C:\Users\USER\AppData\Local\Roblox
2024-03-07 06:48 - 2023-08-25 04:07 - 000000000 ____D C:\Program Files\RUXIM
2024-03-06 03:36 - 2023-11-07 05:55 - 000000000 ____D C:\Users\USER\AppData\Local\Athena
2024-03-06 03:20 - 2019-12-07 15:01 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-06 03:20 - 2019-12-07 15:01 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-06 00:45 - 2023-08-20 15:11 - 000000000 ____D C:\ProgramData\Battle.net
2024-03-06 00:34 - 2019-12-07 15:04 - 000000000 ___SD C:\Users\USER\AppData\Roaming\Microsoft\Credentials
2024-03-05 16:17 - 2019-12-11 11:10 - 000000734 _____ C:\Users\Public\Desktop\SMADΔV.lnk
2024-03-05 16:17 - 2019-12-11 11:10 - 000000000 ____D C:\Program Files (x86)\SMADAV
2024-03-04 21:15 - 2019-12-11 11:00 - 000000000 ____D C:\Users\USER\AppData\Roaming\vlc
2024-03-02 23:56 - 2019-12-11 11:04 - 006943440 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-02-28 05:12 - 2024-01-01 18:25 - 000000000 ____D C:\ProgramData\EA Desktop
2024-02-24 02:54 - 2024-02-09 02:33 - 000000000 ____D C:\Users\USER\AppData\Roaming\projectascension
2024-02-24 00:24 - 2019-12-11 11:14 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\MMC
2024-02-23 20:32 - 2024-02-05 12:25 - 000000000 ____D C:\Users\USER\AppData\Local\ringcentral-updater
2024-02-21 04:34 - 2019-12-11 10:59 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-19 16:34 - 2023-08-20 15:16 - 000000000 ____D C:\Program Files (x86)\World of Warcraft

==================== Files in the root of some directories ========

2024-01-03 19:45 - 2024-01-03 19:45 - 000000015 _____ () C:\Users\USER\AppData\Roaming\obs-virtualcam.txt
2024-02-25 14:11 - 2024-03-14 07:45 - 000007604 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @JxTwidget

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.