PDA

View Full Version : Virus / Malware Detected Google Chrome and Defender PopUp



felhet
2021-02-03, 04:12
Hello! It has been a while since I posted here, but my daughter's computer just had a warning pop up with Google Chrome and Defender indicating multiple viruses. I cannot tell if it is a real alert or what, but it is popping up multiple times now so I know it is something.

I ran the Reg Backup
I ran FRST and will post the logs below
I tried to run aswMBR but it crashed a few seconds in and made the computer restart. I tried it twice and it restarted twice.

I appreciate your help!

felhet
2021-02-03, 04:13
Addition TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by audre (02-02-2021 21:01:14)
Running from C:\Users\audre\Desktop
Windows 10 Pro Version 20H2 19042.746 (X64) (2020-10-31 19:54:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4201280554-2823466389-1122749580-500 - Administrator - Disabled)
audre (S-1-5-21-4201280554-2823466389-1122749580-1002 - Administrator - Enabled) => C:\Users\audre
DefaultAccount (S-1-5-21-4201280554-2823466389-1122749580-503 - Limited - Disabled)
Guest (S-1-5-21-4201280554-2823466389-1122749580-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4201280554-2823466389-1122749580-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{5D15C874-3E6B-4F55-AFB2-E73560F2F44F}) (Version: 1.07.07.0725 - Advanced Micro Devices, Inc.) Hidden
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
IntelliJ IDEA Community Edition 2020.3.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2020.3.1) (Version: 203.6682.168 - JetBrains s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.16 (HKLM\...\{8979282D-1F43-4810-B819-AA1B06F2C085}) (Version: 6.1.16 - Oracle Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Python 3.9.1 (64-bit) (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0130.011816 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Roblox Player for audre (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for audre (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\roblox-studio) (Version: - Roblox Corporation)
Star Stable Online 2.7.0 (HKLM-x32\...\8c663ade-0de5-52b6-812d-f5cd25f943ac) (Version: 2.7.0 - Star Stable Entertainment AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinSCP 5.17.9 (HKLM-x32\...\winscp3_is1) (Version: 5.17.9 - Martin Prikryl)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Zoom (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2021-01-26] (Sling TV LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-29] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4201280554-2823466389-1122749580-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag

==================== Loaded Modules (Whitelisted) =============

2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 001230336 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoFoundation.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 000207872 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoJSON.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 000810496 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNet.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 000238592 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNetSSLWin.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 000335360 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoUtil.dll
2020-10-28 21:26 - 2020-10-28 21:26 - 000455168 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoXML.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=NMTE
HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=NMTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 216.68.4.10 - 216.68.5.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5A4E813-0A2F-4B04-9C43-5C2834516AE0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F42D118-86FF-4EB2-9EF5-EFA8526DDA4E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B55AEBE-6D94-4709-B37A-5ABC59368EC9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8B576C2-8999-4DE6-9406-FE6CFC21705A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3BD374D2-C65D-401B-9B5D-52BA44FB6E2D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{364488EA-D454-4D09-83C3-70C9E45B35C2}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{5C88B101-4C99-4105-85ED-F8BAE82A394E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{35BC83AE-08EC-4695-9921-C4D4EB2358CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{704342CB-8B46-4A58-BA4B-42E4426CEF99}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C8C238A-368D-497B-A1A1-0EBAEF8A2396}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{298BFF69-32C4-4EA8-B579-3B4DE6048CCA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{83A7843C-637E-4811-99E3-8ED86BD14B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{39C75FE1-EB76-4C45-8B1A-1028BE72D8CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{AD64F1DB-7C42-42AD-837C-213DE65BEA2B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C822C2B0-8B6A-4326-9DF6-7EA7A31E5846}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A216B78B-9EBC-4F5A-8691-4BA60A7C1C4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B30DBB90-7BA2-4952-AB6B-3E2A1D821B9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FE74666-9F79-4CEE-AE4F-5F82C3673F4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{403E19C7-2610-476E-B3BB-F8BF8F57B102}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00C5506D-1BE4-415A-AFF3-E966612D28FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F98CE6F9-A1D0-4AAC-8B80-EEA8E6F9CA42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{33073324-4D94-4490-A3E4-91859FE6F8EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{81ED1ED8-A3F7-4621-A9F3-A758427D3DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E7E720B3-7444-47C6-B604-FB9FEF3FF818}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7C11FED-8E0C-4FFC-ABDC-5B3C402CFB90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CAB98668-4AE1-44DD-A7AD-8E79592D3055}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

28-01-2021 18:45:16 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/14/2021 10:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/14/2021 10:00:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/08/2021 10:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015
Exception code: 0xc0000409
Fault offset: 0x000000000010bd5c
Faulting process id: 0x372c
Faulting application start time: 0x01d6e636d49edfa4
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 62e08075-2f29-424c-9e4d-4e99ef73f690
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (01/08/2021 01:19:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog

Details:
The content index service was stopped. (HRESULT : 0x80041812) (0x80041812)

Error: (01/05/2021 11:15:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 7704A892
Stack:

Error: (12/30/2020 12:43:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 87.0.4280.88, time stamp: 0x5fc6dfae
Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.662, time stamp: 0xa897f0cc
Exception code: 0xc0000005
Fault offset: 0x00000000002a7e49
Faulting process id: 0x2f48
Faulting application start time: 0x01d6ded35317715a
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: SHELL32.dll
Report Id: bf51cdd3-c692-4f11-bd5a-3b5c2288bdc8
Faulting package full name:
Faulting package-relative application ID:

Error: (12/29/2020 05:12:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Razer Synapse Service Process.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 75C9A892
Stack:

Error: (12/28/2020 12:43:43 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe


System errors:
=============
Error: (02/02/2021 07:54:08 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (02/02/2021 05:25:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/02/2021 03:27:09 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (02/02/2021 01:49:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/02/2021 11:33:59 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (02/01/2021 11:31:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (02/01/2021 04:16:31 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (02/01/2021 10:23:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2021-02-02 12:25:06.7820000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {36CE4DFF-8AF4-457C-AEBE-6ED3EAC36D21}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-01 17:54:35.4140000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {21C83784-D943-43FB-BD66-6BC887A7C88B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-31 16:13:22.7630000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {613E460C-01DA-4CA2-BA54-8B1212908F8C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-30 21:26:21.7590000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {6E445C8E-9FC1-4488-8DCC-833FE8181C15}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-25 12:31:38.7130000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {8FF1EB79-2890-43AE-B951-2EFC3983E4D6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2021-01-26 22:56:57.0660000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-26 22:56:51.7000000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.30 08/31/2020
Motherboard: Micro-Star International Co., Ltd. MPG B550 GAMING PLUS (MS-7C56)
Processor: AMD Ryzen 5 3600XT 6-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 16310.25 MB
Available physical RAM: 9940.99 MB
Total Virtual: 18742.25 MB
Available Virtual: 8074.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:465.06 GB) (Free:339.27 GB) NTFS

\\?\Volume{d34876cb-cef9-4504-a1a9-08058eae253f}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.18 GB) NTFS
\\?\Volume{5acaeaf6-20f7-4f23-bdc0-730e420ea060}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 91D35D48)

Partition: GPT.

==================== End of Addition.txt =======================

felhet
2021-02-03, 04:14
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by audre (administrator) on DESKTOP-F6KEIFL (Micro-Star International Co., Ltd. MS-7C56) (02-02-2021 20:59:26)
Running from C:\Users\audre\Desktop
Loaded Profiles: audre
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\audre\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-27] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-12-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21CAE002-07C8-448B-AD4B-1506A2EE1388} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {3111CE65-14F0-4887-A53F-CFC87644DFE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {313FEA0C-42F6-4DEF-B473-CF8D8E0BC6E8} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {341C4BEE-CE0A-4678-893B-5A81D7C13719} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {396BECE4-00B2-4306-9CEC-8A417D39198B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {47E35976-DD80-49DD-9459-64C4118FC251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-26] (Google LLC -> Google LLC)
Task: {4DAEC4A8-7E80-45D2-9688-84C7A3705796} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EEFAB0E-D684-4C89-954E-28A3A70C7833} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4FEBB83E-A38F-4EF0-AF68-CAB29A5C465E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {57C9BE29-78E2-4D97-B98D-B20096965412} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63D8D29D-ECF9-46A7-B8B2-7BE109A64B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AECE0BA-8104-460D-A3AA-47CAC9CF8D99} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6FE7CADA-7C7A-41A8-B144-CE9883F636DC} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {797CAED3-FDB4-4DE8-AD4E-C6BCE79CAD9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98A1FAAC-1C5C-4DC1-9926-AC9DA5EBE69F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE429076-2062-40C6-9BEF-7C30D00D9EF1} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D1D0087C-12C9-4221-87AE-A2038681BF93} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0E50CE7-7A56-459B-AE66-928C30F38BAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {F709BC52-54B5-4663-B9D5-5ED27DAA194A} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {F9AF239E-0A1E-4CFF-9D1D-9B77AF4AFA0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-26] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.68.4.10 216.68.5.10
Tcpip\..\Interfaces\{123d8508-7c49-475c-945e-f69273e2cdde}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{d8158555-1d58-4f7a-a53c-f6d563a39424}: [DhcpNameServer] 216.68.4.10 216.68.5.10

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\audre\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default [2021-02-02]
CHR Notifications: Default -> hxxps://pushwelcome.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-26]
CHR Extension: (Docs) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-26]
CHR Extension: (Google Drive) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-26]
CHR Extension: (YouTube) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-26]
CHR Extension: (Google Classroom) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjfdainlhllipmmlagcfpdmcckiehng [2020-12-26]
CHR Extension: (Kami for Google Chrome™) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2021-01-18]
CHR Extension: (Sheets) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-26]
CHR Extension: (Co:Writer) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifajfiofeifbbhbionejdliodenmecna [2020-12-26]
CHR Extension: (Teaching Textbooks) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfcnbbcemapfbhojlfbifhipbmhleggj [2020-12-26]
CHR Extension: (Co:Writer Universal (App)) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahlmdogjpblkonckkgbljegkiijjbag [2020-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Spelling City) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\oddpjjlpijcdlekhlignfcbghdjoagbm [2020-12-26]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-03]
CHR Extension: (Amazon.com : 12x10 Inch Collection Ma...) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheobmijlkijfhgccinpkicehfhmpkhl [2020-12-26]
CHR Extension: (Gmail) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-12-25] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-12-25] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1110104 2020-11-20] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [320088 2020-11-17] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294240 2021-01-15] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_006c; C:\Windows\System32\drivers\RzDev_006c.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0c02; C:\Windows\System32\drivers\RzDev_0c02.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-26] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-02 20:59 - 2021-02-02 20:59 - 000019828 _____ C:\Users\audre\Desktop\FRST.txt
2021-02-02 20:58 - 2021-02-02 20:59 - 000000000 ____D C:\FRST
2021-02-02 20:56 - 2021-02-02 20:56 - 002297856 _____ (Farbar) C:\Users\audre\Downloads\FRST64.exe
2021-02-02 20:56 - 2021-02-02 20:56 - 002297856 _____ (Farbar) C:\Users\audre\Desktop\FRST64.exe
2021-02-02 20:54 - 2021-02-02 20:54 - 000017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2021-02-02 20:54 - 2021-02-02 20:54 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2021-02-02 20:54 - 2021-02-02 20:54 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-F6KEIFL-Windows-10-Pro-(64-bit).dat
2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\RegBackup
2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-02-02 20:53 - 2021-02-02 20:53 - 005766144 _____ (Tweaking.com) C:\Users\audre\Downloads\tweaking.com_registry_backup_setup.exe
2021-02-02 20:53 - 2021-02-02 20:53 - 005766144 _____ (Tweaking.com) C:\Users\audre\Desktop\tweaking.com_registry_backup_setup.exe
2021-01-30 20:31 - 2021-01-30 20:31 - 000000000 ____D C:\Users\audre\AppData\Local\OneDrive
2021-01-27 15:31 - 2021-01-27 15:32 - 098478687 _____ C:\Users\audre\Downloads\Kellourpack-3.3 (1).zip
2021-01-27 15:29 - 2021-01-27 15:30 - 000000000 ____D C:\Program Files\WinRAR
2021-01-27 15:29 - 2021-01-27 15:29 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-01-27 15:29 - 2021-01-27 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-01-27 15:28 - 2021-01-27 15:29 - 004204328 _____ (Alexander Roshal) C:\Users\audre\Downloads\winrar-x64-600.exe
2021-01-27 14:39 - 2021-01-27 14:40 - 098478687 _____ C:\Users\audre\Downloads\Kellourpack-3.3.zip
2021-01-24 15:52 - 2021-01-24 15:52 - 004399364 _____ C:\Users\audre\Downloads\worldedit-bukkit-7.2.2-dist.jar
2021-01-24 15:45 - 2021-01-24 19:45 - 000000128 _____ C:\Users\audre\AppData\Roaming\winscp.rnd
2021-01-24 15:45 - 2021-01-24 15:45 - 011163216 _____ (Martin Prikryl ) C:\Users\audre\Downloads\WinSCP-5.17.9-Setup.exe
2021-01-24 15:45 - 2021-01-24 15:45 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-01-24 15:45 - 2021-01-24 15:45 - 000001141 _____ C:\Users\Public\Desktop\WinSCP.lnk
2021-01-24 15:45 - 2021-01-24 15:45 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-01-17 19:56 - 2021-01-17 19:56 - 000000000 ____D C:\Users\audre\AppData\Local\Star Stable Online
2021-01-16 16:11 - 2021-01-16 16:11 - 000000000 ____D C:\Users\audre\AppData\LocalLow\Innersloth
2021-01-16 16:10 - 2021-01-16 16:10 - 000000222 _____ C:\Users\audre\Desktop\Among Us.url
2021-01-16 16:10 - 2021-01-16 16:10 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-14 18:16 - 2021-01-14 18:16 - 000000000 ____D C:\Users\audre\AppData\Roaming\EasyAntiCheat
2021-01-14 11:53 - 2021-01-14 11:53 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-14 11:53 - 2021-01-14 11:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-14 11:53 - 2021-01-14 11:53 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-14 11:53 - 2021-01-14 11:53 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-14 11:53 - 2021-01-14 11:53 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-01-14 11:53 - 2021-01-14 11:53 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-01-14 11:53 - 2021-01-14 11:53 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-14 11:53 - 2021-01-14 11:53 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-01-14 11:53 - 2021-01-14 11:53 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-14 11:53 - 2021-01-14 11:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-14 11:52 - 2021-01-14 11:52 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-14 11:52 - 2021-01-14 11:52 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-14 11:52 - 2021-01-14 11:52 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-14 11:52 - 2021-01-14 11:52 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-14 11:52 - 2021-01-14 11:52 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-14 11:52 - 2021-01-14 11:52 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-14 11:52 - 2021-01-14 11:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-14 11:52 - 2021-01-14 11:52 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-14 11:52 - 2021-01-14 11:52 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-14 11:52 - 2021-01-14 11:52 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-14 11:52 - 2021-01-14 11:52 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-14 11:51 - 2021-01-14 11:51 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-14 11:51 - 2021-01-14 11:51 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-14 11:51 - 2021-01-14 11:51 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-14 11:51 - 2021-01-14 11:51 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-14 11:51 - 2021-01-14 11:51 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-14 11:51 - 2021-01-14 11:51 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-14 11:51 - 2021-01-14 11:51 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-14 11:51 - 2021-01-14 11:51 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-07 20:09 - 2021-01-07 20:09 - 000028831 _____ C:\Users\audre\Documents\Baseplate.rbxl
2021-01-06 21:11 - 2021-01-06 21:11 - 001891342 _____ C:\Users\audre\Downloads\16DE808E-6B32-4871-B5C9-EC7763EA57A1.jpeg
2021-01-06 21:11 - 2021-01-06 21:11 - 001439794 _____ C:\Users\audre\Downloads\FFC36838-0D04-4D3C-A965-D60431975DB0.jpeg
2021-01-06 21:10 - 2021-01-06 21:10 - 000290182 _____ C:\Users\audre\Downloads\IMG_6377.jpeg
2021-01-06 11:56 - 2021-01-06 11:56 - 000000000 ____D C:\Users\audre\Documents\Zoom
2021-01-05 12:26 - 2021-01-05 12:44 - 000000000 ____D C:\Users\audre\AppData\Roaming\Zoom
2021-01-05 12:26 - 2021-01-05 12:26 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-05 12:25 - 2021-01-05 12:25 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\audre\Downloads\Zoom_cm_ds_mB94fPckxEwjfwtHt6KqRKT4ekfikPqfj6cSr@JcorgUu-1aJnnYuk_kdf1542670768ab18_.exe
2021-01-03 18:36 - 2021-01-03 18:36 - 000000000 ____D C:\Users\audre\Documents\ROBLOX

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-02 20:53 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-02 20:40 - 2020-12-26 01:47 - 000000000 ____D C:\Users\audre\AppData\Local\D3DSCache
2021-02-02 19:54 - 2020-12-26 01:51 - 000000000 ___RD C:\Users\audre\OneDrive
2021-02-02 19:54 - 2020-12-25 12:05 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2021-02-02 19:54 - 2020-12-25 12:04 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-02-02 16:59 - 2020-09-27 09:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-02 16:23 - 2020-12-26 01:51 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4201280554-2823466389-1122749580-1002
2021-02-02 16:23 - 2020-12-26 01:47 - 000002374 _____ C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-02 12:50 - 2020-10-15 13:17 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-02 12:50 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
2021-02-02 12:25 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-02 12:25 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-02 11:35 - 2020-12-26 01:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-02-01 16:42 - 2020-10-15 13:38 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-31 19:26 - 2020-12-28 00:43 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-31 16:00 - 2020-12-25 12:08 - 000000000 ____D C:\Users\audre\AppData\Roaming\.minecraft
2021-01-30 14:22 - 2020-09-27 09:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-29 17:01 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-01-29 13:56 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-29 13:56 - 2020-09-27 09:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-29 13:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-29 13:56 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-28 23:05 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-28 14:46 - 2020-12-26 01:50 - 000000000 ____D C:\Users\audre\AppData\Local\Packages
2021-01-27 17:35 - 2020-12-26 02:00 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-27 17:35 - 2020-12-26 02:00 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-27 13:23 - 2020-12-25 14:48 - 000001432 _____ C:\Users\audre\Desktop\Roblox Player.lnk
2021-01-27 13:23 - 2020-12-25 14:48 - 000001255 _____ C:\Users\audre\Desktop\Roblox Studio.lnk
2021-01-27 13:23 - 2020-12-25 14:48 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-01-26 22:43 - 2020-12-26 01:52 - 000000000 ____D C:\Users\audre\AppData\Local\PlaceholderTileLogoFolder
2021-01-25 17:27 - 2020-12-25 15:04 - 000000000 ____D C:\Users\audre\AppData\Roaming\Star Stable Online
2021-01-23 14:11 - 2020-12-30 12:39 - 000000000 ____D C:\Users\audre\.VirtualBox
2021-01-23 14:01 - 2020-12-30 12:39 - 000000000 ____D C:\ProgramData\VirtualBox
2021-01-22 12:29 - 2020-12-25 11:59 - 000000000 ____D C:\Users\audre\AppData\Local\AMD_Common
2021-01-22 12:14 - 2020-12-26 02:18 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-19 13:01 - 2020-09-27 09:53 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-19 13:01 - 2020-09-27 09:53 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 19:57 - 2020-12-25 15:04 - 000002256 _____ C:\Users\Public\Desktop\Star Stable Online.lnk
2021-01-17 19:57 - 2020-12-25 15:04 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2021-01-16 19:45 - 2020-12-25 14:48 - 000000250 _____ C:\Users\audre\AppData\LocalLow\rbxcsettings.rbx
2021-01-14 22:00 - 2020-09-27 09:50 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-14 21:59 - 2020-12-26 02:14 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-14 21:59 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 21:59 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\IME
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-14 18:16 - 2020-12-25 19:16 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-01-14 11:51 - 2020-09-27 09:53 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-14 11:48 - 2020-12-26 02:17 - 000000000 ____D C:\Windows\system32\MRT
2021-01-14 11:47 - 2020-12-26 02:17 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-08 22:23 - 2020-12-30 12:43 - 000000000 ____D C:\Users\audre\AppData\Local\CrashDumps
2021-01-08 13:19 - 2020-10-15 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-05 21:55 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-01-05 12:40 - 2020-12-25 14:48 - 000000000 ____D C:\Users\audre\AppData\Local\Roblox

==================== Files in the root of some directories ========

2021-01-24 15:45 - 2021-01-24 19:45 - 000000128 _____ () C:\Users\audre\AppData\Roaming\winscp.rnd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

felhet
2021-02-03, 04:27
13265

Juliet
2021-02-03, 15:02
Don't click on the alert, we'll get rid of it.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag
AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]
CHR Notifications: Default -> hxxps://pushwelcome.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.


run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

=======================

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard


~~~~~
Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Malwarebytes Anti-Malware
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

felhet
2021-02-03, 19:51
Thank you for your quick reply! I ran the programs. One note, I saw this notice about a trojan before I ran them. Please see the attached image. Also, AdwCleaner found no threats as did the Malwarebytes program.

13266

Logs are in separate posts below. Thanks again!

felhet
2021-02-03, 19:51
FIX Log

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021
Ran by audre (03-02-2021 12:27:08) Run:1
Running from C:\Users\audre\Desktop
Loaded Profiles: audre
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag
AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]
CHR Notifications: Default -> hxxps://pushwelcome.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk => Shortcut argument removed successfully
C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk => Shortcut argument removed successfully
C:\desktop.ini => ":CachedTiles" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"Chrome Notifications" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\System\CurrentControlSet\Services\Futuremark SystemInfo Service => removed successfully
Futuremark SystemInfo Service => service removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\catalog.json => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1231.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1234.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1234a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1237.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1242.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1252.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1344.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1357.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1556.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1710.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1745.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1931.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2023.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2036.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2053.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2235.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2323.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-0010.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-0018.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1325.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1328.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1328a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1335.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1344.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1355.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1446.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1518.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1614.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1619.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1626.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2030.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2038.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2045.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2220.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2253.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1356.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1357.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1402.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1405.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1406.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1430.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1443.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1508.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1513.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1628.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1648.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2006.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2109.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2147.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1421.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1424.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1424a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1426.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2035.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2126.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2130.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2138.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2224.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2232.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2329.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0025.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0044.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0056.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0126.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1413.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1413a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1416.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1424.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1552.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1613.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1639.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1727.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1853.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-2056.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-2359.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0831.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0833.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0849.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0901.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0908.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0923.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0942.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1616.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1621.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1622.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1642.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1642a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1643.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1754.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1810.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1816.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1824.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2054.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2215.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2226.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1134.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1137.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1139.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1225.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1325.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1532.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1543.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1649.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1649a.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1959.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2008.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2013.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2019.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2104.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2105.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2110.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2134.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2209.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2223.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2257.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1037.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1040.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1042.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1209.log => moved successfully
C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1226.log => moved successfully
Could not move "C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1227.log" => Scheduled to move on reboot.
C:\Windows\Temp\mat-debug-11536.log => moved successfully
C:\Windows\Temp\mat-debug-12196.log => moved successfully
C:\Windows\Temp\mat-debug-12396.log => moved successfully
C:\Windows\Temp\mat-debug-2536.log => moved successfully
C:\Windows\Temp\mat-debug-2552.log => moved successfully
C:\Windows\Temp\mat-debug-5356.log => moved successfully
C:\Windows\Temp\mat-debug-8440.log => moved successfully
C:\Windows\Temp\mat-debug-9660.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210127123147FCC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20210128132507FA8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020116423023D4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020221041510B4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020221053310C0).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202102031227082738).log" => Scheduled to move on reboot.
C:\Windows\Temp\TS_4FA6.tmp => moved successfully
C:\Windows\Temp\{078D8299-4C23-447A-AC70-3AE899D87358} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{07BF6676-6FDC-489D-9339-549284463843} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{087D2CC1-42BE-4F19-A1ED-5713671FFA50} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{489B5446-1D2A-4A62-B458-5067CDF9F935} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{55E68767-B17D-4DF1-95AF-8B526A65512B} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{5A58042A-E02D-4400-9C03-8D7ECEB7E404} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{7BCE8E92-87CC-4840-96F0-561D799BD27F} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{A04ACEC1-ECAC-465C-8943-1A2685E5556B} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{A2C05120-061E-4A73-BAB1-BC4581E8D73C} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{AC9573FD-FBB9-40D3-B106-46E5FA13FBC7} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{BE193A17-0A2B-462E-BD87-6F542957CA75} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{C5840D39-9B70-4B18-B114-76558A9F098D} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{D4F2D68F-0C0D-4F4E-8777-EE3BE29CF0BF} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{F23206E4-A212-4E6E-9A2E-AB13C480401E} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{FF8BC3BF-3F5F-4BB1-8B2C-9F617320BEDA} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55574551 B
Java, Flash, Steam htmlcache => 12721835 B
Windows/system/drivers => 18343742 B
Edge => 0 B
Chrome => 803869841 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 89300 B
audre => 305831637 B

RecycleBin => 13309735867 B
EmptyTemp: => 13.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-02-2021 12:29:37)

C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1227.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202102031227082738).log => Is moved successfully

==== End of Fixlog 12:29:37 ====

felhet
2021-02-03, 19:52
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-03-2021
# Duration: 00:00:17
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1405 octets] - [03/02/2021 12:32:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

felhet
2021-02-03, 19:52
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/3/21
Scan Time: 12:41 PM
Log File: 0ad4a13a-6647-11eb-b63e-2cf05d94db41.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36671
License: Trial

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: DESKTOP-F6KEIFL\audre

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 279941
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Juliet
2021-02-04, 02:06
One note, I saw this notice about a trojan before I ran them
Have you since?

I think it would be a good idea to download and install an AdBlocker for Google Chrome, it's free.
https://chrome.google.com/webstore/detail/adblock-plus-free-ad-bloc/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
What we can do now if you think you need to is to do an online scan.

ESET Online Scanner

Download and save it to your desktop.

https://www.eset.com/us/home/online-scanner/


Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------

I need to see if anything was picked up and can you please comment on how the computer is now?

felhet
2021-02-04, 05:04
OK - thank you! So far the computer has been good after the scan this morning. I do not see the threats pop up anymore. Also, I noticed before the scan that a new instance or new tab in Chrome was being redirected. Now it is back to normal.

I ran the ESET online and below is the log. I saw no threats. I also added the Chrome Adblocker - thank you!

One question, I was wondering if there was a specific malware/virus/security software I should run or should I run one at all? I ask as I just bought this computer for my daughter. It is the nicest one I have ever bought :). She is 11 and is very interested in coding, games, etc and is learning more and taking several coding classes (python, css, html, etc.). I suspect she will continue to expand and practice and from my experience these things can happen with viruses and malware from time to time. Any suggestions for a budding computer programmer?

Also, does it look to you like the computer is back to normal now?

felhet
2021-02-04, 05:04
ESET Scanner:

2/3/2021 21:45:06 PM
Files scanned: 326189
Detected files: 0
Cleaned files: 0
Total scan time: 00:21:22
Scan status: Finished

Juliet
2021-02-04, 14:58
One question, I was wondering if there was a specific malware/virus/security software I should run or should I run one at all? I ask as I just bought this computer for my daughter. It is the nicest one I have ever bought . She is 11 and is very interested in coding, games, etc and is learning more and taking several coding classes (python, css, html, etc.). I suspect she will continue to expand and practice and from my experience these things can happen with viruses and malware from time to time. Any suggestions for a budding computer programmer?

Also, does it look to you like the computer is back to normal now?
When you bought the machine it was pre-loaded with Windows Defender, a product from Microsoft.
This is an antivirus app, that is sufficient with normal use. Now, you have a young daughter who in time will probably enjoy meeting and sharing messages with her friends, this is normal but this is also where trouble can start.
Not that she communicates but rather they share links and they like to 'click' on links to see what was sent. Really doesn't matter which platform was used as in Facebook, messenger app, game apps, other types of message apps, the point is, don't click on links or suspicious downloads.
The worse methods of infections, downloads, malicious links, malicious embedded urls.

Something I suggest is, continue to use MalwareBytes as an anti-malware scanner which also includes a browser guard. After the trial period is over from this app, just keep it and update it daily.

What we've removed off the computer was easy, but, it could had been much, much worse.

I'm going to have you remove the tools and folders we used and then I'm going to post a few tips on how to keep the new computer secure.

Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools
- Delete now

Click the "Run" button.



When the tool has finished, it will create and open a log report and delete itself.


~~~~~~~~~~~~~~~~~~~~~~~~~~~``


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.


For those interested in how to make a backup of your computer
https://forums.malwarebytes.com/topic/136226-backup-software/

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

http://i.imgur.com/nWhGEI3.png VirusTotal (https://www.virustotal.com/#file) (File & URL)
http://i.imgur.com/MJUfyKX.png Jotti's Malware Scan (http://virusscan.jotti.org/en-gb) (File)

felhet
2021-02-08, 05:39
Sounds good! Thank you for the help. I try to teach her to not click on anything unless she is absolutely sure it is safe. She is pretty good and notified me as soon as she saw that warning, but I agree, the more you use, explore, game, etc can increase the chances. Here is the log report for the cleanup:

# Run at 2/7/2021 10:33:29 PM
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by audre from C:\Users\audre\Desktop
# Computer Name: DESKTOP-F6KEIFL
# OS: Windows 10 X64 (19042)
# Number of passes: 1

- Checked options -

~ Delete Tools
~ Delete Quarantines

- Delete Tools -


## AdwCleaner
[OK] C:\Users\audre\Desktop\adwcleaner_8.0.9.1.exe deleted
[OK] C:\Users\audre\Downloads\adwcleaner_8.0.9.1.exe deleted
[OK] C:\AdwCleaner deleted

## AswMBR
[OK] C:\Users\audre\Downloads\aswMBR.exe deleted

## ESET Online Scanner
[OK] C:\Users\audre\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\audre\Desktop\esetonlinescanner.exe deleted
[OK] C:\Users\audre\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\audre\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\audre\Desktop\Addition.txt deleted
[OK] C:\Users\audre\Desktop\Fixlog.txt deleted
[OK] C:\Users\audre\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\audre\Desktop\FRST.txt deleted
[OK] C:\Users\audre\Desktop\FRST64.exe deleted
[OK] C:\Users\audre\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

-- KPRM finished in 2.59s --

Juliet
2021-02-09, 13:09
Your good to go, safe surfing.

Juliet
2021-02-12, 17:58
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.