Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Virus / Malware Detected Google Chrome and Defender PopUp

  1. #1
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default Virus / Malware Detected Google Chrome and Defender PopUp

    Hello! It has been a while since I posted here, but my daughter's computer just had a warning pop up with Google Chrome and Defender indicating multiple viruses. I cannot tell if it is a real alert or what, but it is popping up multiple times now so I know it is something.

    I ran the Reg Backup
    I ran FRST and will post the logs below
    I tried to run aswMBR but it crashed a few seconds in and made the computer restart. I tried it twice and it restarted twice.

    I appreciate your help!

  2. #2
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    Addition TXT

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
    Ran by audre (02-02-2021 21:01:14)
    Running from C:\Users\audre\Desktop
    Windows 10 Pro Version 20H2 19042.746 (X64) (2020-10-31 19:54:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4201280554-2823466389-1122749580-500 - Administrator - Disabled)
    audre (S-1-5-21-4201280554-2823466389-1122749580-1002 - Administrator - Enabled) => C:\Users\audre
    DefaultAccount (S-1-5-21-4201280554-2823466389-1122749580-503 - Limited - Disabled)
    Guest (S-1-5-21-4201280554-2823466389-1122749580-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-4201280554-2823466389-1122749580-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
    AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
    AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
    AMD_Chipset_Drivers (HKLM-x32\...\{5D15C874-3E6B-4F55-AFB2-E73560F2F44F}) (Version: 1.07.07.0725 - Advanced Micro Devices, Inc.) Hidden
    Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
    Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
    IntelliJ IDEA Community Edition 2020.3.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2020.3.1) (Version: 203.6682.168 - JetBrains s.r.o.)
    Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13628.20274 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
    Microsoft OneDrive (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
    Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.13628.20274 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
    Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
    Oracle VM VirtualBox 6.1.16 (HKLM\...\{8979282D-1F43-4810-B819-AA1B06F2C085}) (Version: 6.1.16 - Oracle Corporation)
    Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
    Python 3.9.1 (64-bit) (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
    Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
    Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0130.011816 - Razer Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
    Roblox Player for audre (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\roblox-player) (Version: - Roblox Corporation)
    Roblox Studio for audre (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\roblox-studio) (Version: - Roblox Corporation)
    Star Stable Online 2.7.0 (HKLM-x32\...\8c663ade-0de5-52b6-812d-f5cd25f943ac) (Version: 2.7.0 - Star Stable Entertainment AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
    WinSCP 5.17.9 (HKLM-x32\...\winscp3_is1) (Version: 5.17.9 - Martin Prikryl)
    WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
    Zoom (HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-25] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-25] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
    Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2021-01-26] (Sling TV LLC)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-29] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4201280554-2823466389-1122749580-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag

    ==================== Loaded Modules (Whitelisted) =============

    2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2020-11-13 14:48 - 2020-11-13 14:48 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 001230336 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoFoundation.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 000207872 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoJSON.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 000810496 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNet.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 000238592 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNetSSLWin.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 000335360 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoUtil.dll
    2020-10-28 21:26 - 2020-10-28 21:26 - 000455168 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoXML.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
    2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
    2020-07-27 14:15 - 2020-07-27 14:15 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2020-11-13 15:00 - 2020-11-13 15:00 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=NMTE
    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=NMTE
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 216.68.4.10 - 216.68.5.10
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    Network Binding:
    =============
    Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
    VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\StartupApproved\Run: => "Steam"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{C5A4E813-0A2F-4B04-9C43-5C2834516AE0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{9F42D118-86FF-4EB2-9EF5-EFA8526DDA4E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{2B55AEBE-6D94-4709-B37A-5ABC59368EC9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{B8B576C2-8999-4DE6-9406-FE6CFC21705A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3BD374D2-C65D-401B-9B5D-52BA44FB6E2D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
    FirewallRules: [UDP Query User{364488EA-D454-4D09-83C3-70C9E45B35C2}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
    FirewallRules: [{5C88B101-4C99-4105-85ED-F8BAE82A394E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{35BC83AE-08EC-4695-9921-C4D4EB2358CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
    FirewallRules: [{704342CB-8B46-4A58-BA4B-42E4426CEF99}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{0C8C238A-368D-497B-A1A1-0EBAEF8A2396}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{298BFF69-32C4-4EA8-B579-3B4DE6048CCA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
    FirewallRules: [{83A7843C-637E-4811-99E3-8ED86BD14B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
    FirewallRules: [{39C75FE1-EB76-4C45-8B1A-1028BE72D8CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
    FirewallRules: [{AD64F1DB-7C42-42AD-837C-213DE65BEA2B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{C822C2B0-8B6A-4326-9DF6-7EA7A31E5846}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A216B78B-9EBC-4F5A-8691-4BA60A7C1C4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{B30DBB90-7BA2-4952-AB6B-3E2A1D821B9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8FE74666-9F79-4CEE-AE4F-5F82C3673F4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{403E19C7-2610-476E-B3BB-F8BF8F57B102}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{00C5506D-1BE4-415A-AFF3-E966612D28FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F98CE6F9-A1D0-4AAC-8B80-EEA8E6F9CA42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{33073324-4D94-4490-A3E4-91859FE6F8EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{81ED1ED8-A3F7-4621-A9F3-A758427D3DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E7E720B3-7444-47C6-B604-FB9FEF3FF818}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B7C11FED-8E0C-4FFC-ABDC-5B3C402CFB90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{CAB98668-4AE1-44DD-A7AD-8E79592D3055}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

    ==================== Restore Points =========================

    28-01-2021 18:45:16 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (01/14/2021 10:00:28 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (01/14/2021 10:00:28 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (01/08/2021 10:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
    Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015
    Exception code: 0xc0000409
    Fault offset: 0x000000000010bd5c
    Faulting process id: 0x372c
    Faulting application start time: 0x01d6e636d49edfa4
    Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    Faulting module path: C:\Windows\System32\KERNELBASE.dll
    Report Id: 62e08075-2f29-424c-9e4d-4e99ef73f690
    Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: App

    Error: (01/08/2021 01:19:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
    Description: A document ID cannot be allocated.

    Context: Application, SystemIndex Catalog

    Details:
    The content index service was stopped. (HRESULT : 0x80041812) (0x80041812)

    Error: (01/05/2021 11:15:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Razer Synapse Service Process.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0020001, exception address 7704A892
    Stack:

    Error: (12/30/2020 12:43:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 87.0.4280.88, time stamp: 0x5fc6dfae
    Faulting module name: SHELL32.dll_unloaded, version: 10.0.19041.662, time stamp: 0xa897f0cc
    Exception code: 0xc0000005
    Fault offset: 0x00000000002a7e49
    Faulting process id: 0x2f48
    Faulting application start time: 0x01d6ded35317715a
    Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
    Faulting module path: SHELL32.dll
    Report Id: bf51cdd3-c692-4f11-bd5a-3b5c2288bdc8
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/29/2020 05:12:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Razer Synapse Service Process.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0020001, exception address 75C9A892
    Stack:

    Error: (12/28/2020 12:43:43 AM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe


    System errors:
    =============
    Error: (02/02/2021 07:54:08 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (02/02/2021 05:25:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
    Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

    Error: (02/02/2021 03:27:09 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (02/02/2021 01:49:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
    Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

    Error: (02/02/2021 11:33:59 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (02/01/2021 11:31:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
    Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

    Error: (02/01/2021 04:16:31 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
    Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

    Error: (02/01/2021 10:23:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F6KEIFL)
    Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2021-02-02 12:25:06.7820000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {36CE4DFF-8AF4-457C-AEBE-6ED3EAC36D21}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-01 17:54:35.4140000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {21C83784-D943-43FB-BD66-6BC887A7C88B}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-01-31 16:13:22.7630000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {613E460C-01DA-4CA2-BA54-8B1212908F8C}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-01-30 21:26:21.7590000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {6E445C8E-9FC1-4488-8DCC-833FE8181C15}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-01-25 12:31:38.7130000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {8FF1EB79-2890-43AE-B951-2EFC3983E4D6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2021-01-26 22:56:57.0660000Z
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

    Date: 2021-01-26 22:56:51.7000000Z
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 1.30 08/31/2020
    Motherboard: Micro-Star International Co., Ltd. MPG B550 GAMING PLUS (MS-7C56)
    Processor: AMD Ryzen 5 3600XT 6-Core Processor
    Percentage of memory in use: 39%
    Total physical RAM: 16310.25 MB
    Available physical RAM: 9940.99 MB
    Total Virtual: 18742.25 MB
    Available Virtual: 8074.18 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:465.06 GB) (Free:339.27 GB) NTFS

    \\?\Volume{d34876cb-cef9-4504-a1a9-08058eae253f}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.18 GB) NTFS
    \\?\Volume{5acaeaf6-20f7-4f23-bdc0-730e420ea060}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 91D35D48)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  3. #3
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
    Ran by audre (administrator) on DESKTOP-F6KEIFL (Micro-Star International Co., Ltd. MS-7C56) (02-02-2021 20:59:26)
    Running from C:\Users\audre\Desktop
    Loaded Profiles: audre
    Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
    (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
    (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
    (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
    (Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
    (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
    (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\audre\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
    (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
    (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
    (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
    (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
    HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-09-25] (Corel Corporation -> WinZip Computing, S.L.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
    HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
    HKU\S-1-5-21-4201280554-2823466389-1122749580-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
    HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3514720 2021-01-18] (Razer USA Ltd. -> Razer Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-27] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-12-28]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {21CAE002-07C8-448B-AD4B-1506A2EE1388} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
    Task: {3111CE65-14F0-4887-A53F-CFC87644DFE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {313FEA0C-42F6-4DEF-B473-CF8D8E0BC6E8} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {341C4BEE-CE0A-4678-893B-5A81D7C13719} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {396BECE4-00B2-4306-9CEC-8A417D39198B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {47E35976-DD80-49DD-9459-64C4118FC251} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-26] (Google LLC -> Google LLC)
    Task: {4DAEC4A8-7E80-45D2-9688-84C7A3705796} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4EEFAB0E-D684-4C89-954E-28A3A70C7833} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {4FEBB83E-A38F-4EF0-AF68-CAB29A5C465E} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {57C9BE29-78E2-4D97-B98D-B20096965412} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {63D8D29D-ECF9-46A7-B8B2-7BE109A64B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {6AECE0BA-8104-460D-A3AA-47CAC9CF8D99} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {6FE7CADA-7C7A-41A8-B144-CE9883F636DC} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
    Task: {797CAED3-FDB4-4DE8-AD4E-C6BCE79CAD9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {98A1FAAC-1C5C-4DC1-9926-AC9DA5EBE69F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BE429076-2062-40C6-9BEF-7C30D00D9EF1} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    Task: {D1D0087C-12C9-4221-87AE-A2038681BF93} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F0E50CE7-7A56-459B-AE66-928C30F38BAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
    Task: {F709BC52-54B5-4663-B9D5-5ED27DAA194A} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
    Task: {F9AF239E-0A1E-4CFF-9D1D-9B77AF4AFA0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-26] (Google LLC -> Google LLC)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 216.68.4.10 216.68.5.10
    Tcpip\..\Interfaces\{123d8508-7c49-475c-945e-f69273e2cdde}: [DhcpNameServer] 192.168.200.1
    Tcpip\..\Interfaces\{d8158555-1d58-4f7a-a53c-f6d563a39424}: [DhcpNameServer] 216.68.4.10 216.68.5.10

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\audre\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]

    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-01] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR Profile: C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default [2021-02-02]
    CHR Notifications: Default -> hxxps://pushwelcome.com
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
    CHR Extension: (Slides) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-26]
    CHR Extension: (Docs) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-26]
    CHR Extension: (Google Drive) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-26]
    CHR Extension: (YouTube) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-26]
    CHR Extension: (Google Classroom) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjfdainlhllipmmlagcfpdmcckiehng [2020-12-26]
    CHR Extension: (Kami for Google Chrome™) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2021-01-18]
    CHR Extension: (Sheets) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-26]
    CHR Extension: (Google Docs Offline) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-26]
    CHR Extension: (Co:Writer) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifajfiofeifbbhbionejdliodenmecna [2020-12-26]
    CHR Extension: (Teaching Textbooks) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfcnbbcemapfbhojlfbifhipbmhleggj [2020-12-26]
    CHR Extension: (Co:Writer Universal (App)) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahlmdogjpblkonckkgbljegkiijjbag [2020-12-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
    CHR Extension: (Spelling City) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\oddpjjlpijcdlekhlignfcbghdjoagbm [2020-12-26]
    CHR Extension: (Netflix Party is now Teleparty) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-01-03]
    CHR Extension: (Amazon.com : 12x10 Inch Collection Ma...) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheobmijlkijfhgccinpkicehfhmpkhl [2020-12-26]
    CHR Extension: (Gmail) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-26]
    CHR Extension: (Chrome Media Router) - C:\Users\audre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-27]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-12-25] (BattlEye Innovations e.K. -> )
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-12-25] (EasyAntiCheat Oy -> Epic Games, Inc)
    R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1110104 2020-11-20] (Razer USA Ltd. -> Razer Inc.)
    R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [320088 2020-11-17] (Razer USA Ltd. -> Razer Inc.)
    R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
    R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294240 2021-01-15] (Razer USA Ltd. -> Razer Inc.)
    R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533376 2020-12-08] (Razer USA Ltd. -> Razer Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
    R3 RzDev_006c; C:\Windows\System32\drivers\RzDev_006c.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
    R3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
    R3 RzDev_0c02; C:\Windows\System32\drivers\RzDev_0c02.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
    R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
    U5 vsock; C:\Windows\System32\Drivers\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
    S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-26] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-26] (Microsoft Windows -> Microsoft Corporation)
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-02 20:59 - 2021-02-02 20:59 - 000019828 _____ C:\Users\audre\Desktop\FRST.txt
    2021-02-02 20:58 - 2021-02-02 20:59 - 000000000 ____D C:\FRST
    2021-02-02 20:56 - 2021-02-02 20:56 - 002297856 _____ (Farbar) C:\Users\audre\Downloads\FRST64.exe
    2021-02-02 20:56 - 2021-02-02 20:56 - 002297856 _____ (Farbar) C:\Users\audre\Desktop\FRST64.exe
    2021-02-02 20:54 - 2021-02-02 20:54 - 000017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2021-02-02 20:54 - 2021-02-02 20:54 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2021-02-02 20:54 - 2021-02-02 20:54 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-F6KEIFL-Windows-10-Pro-(64-bit).dat
    2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\RegBackup
    2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2021-02-02 20:54 - 2021-02-02 20:54 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2021-02-02 20:53 - 2021-02-02 20:53 - 005766144 _____ (Tweaking.com) C:\Users\audre\Downloads\tweaking.com_registry_backup_setup.exe
    2021-02-02 20:53 - 2021-02-02 20:53 - 005766144 _____ (Tweaking.com) C:\Users\audre\Desktop\tweaking.com_registry_backup_setup.exe
    2021-01-30 20:31 - 2021-01-30 20:31 - 000000000 ____D C:\Users\audre\AppData\Local\OneDrive
    2021-01-27 15:31 - 2021-01-27 15:32 - 098478687 _____ C:\Users\audre\Downloads\Kellourpack-3.3 (1).zip
    2021-01-27 15:29 - 2021-01-27 15:30 - 000000000 ____D C:\Program Files\WinRAR
    2021-01-27 15:29 - 2021-01-27 15:29 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2021-01-27 15:29 - 2021-01-27 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2021-01-27 15:28 - 2021-01-27 15:29 - 004204328 _____ (Alexander Roshal) C:\Users\audre\Downloads\winrar-x64-600.exe
    2021-01-27 14:39 - 2021-01-27 14:40 - 098478687 _____ C:\Users\audre\Downloads\Kellourpack-3.3.zip
    2021-01-24 15:52 - 2021-01-24 15:52 - 004399364 _____ C:\Users\audre\Downloads\worldedit-bukkit-7.2.2-dist.jar
    2021-01-24 15:45 - 2021-01-24 19:45 - 000000128 _____ C:\Users\audre\AppData\Roaming\winscp.rnd
    2021-01-24 15:45 - 2021-01-24 15:45 - 011163216 _____ (Martin Prikryl ) C:\Users\audre\Downloads\WinSCP-5.17.9-Setup.exe
    2021-01-24 15:45 - 2021-01-24 15:45 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2021-01-24 15:45 - 2021-01-24 15:45 - 000001141 _____ C:\Users\Public\Desktop\WinSCP.lnk
    2021-01-24 15:45 - 2021-01-24 15:45 - 000000000 ____D C:\Program Files (x86)\WinSCP
    2021-01-17 19:56 - 2021-01-17 19:56 - 000000000 ____D C:\Users\audre\AppData\Local\Star Stable Online
    2021-01-16 16:11 - 2021-01-16 16:11 - 000000000 ____D C:\Users\audre\AppData\LocalLow\Innersloth
    2021-01-16 16:10 - 2021-01-16 16:10 - 000000222 _____ C:\Users\audre\Desktop\Among Us.url
    2021-01-16 16:10 - 2021-01-16 16:10 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2021-01-14 18:16 - 2021-01-14 18:16 - 000000000 ____D C:\Users\audre\AppData\Roaming\EasyAntiCheat
    2021-01-14 11:53 - 2021-01-14 11:53 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
    2021-01-14 11:53 - 2021-01-14 11:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
    2021-01-14 11:53 - 2021-01-14 11:53 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
    2021-01-14 11:53 - 2021-01-14 11:53 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2021-01-14 11:53 - 2021-01-14 11:53 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
    2021-01-14 11:53 - 2021-01-14 11:53 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
    2021-01-14 11:53 - 2021-01-14 11:53 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
    2021-01-14 11:53 - 2021-01-14 11:53 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
    2021-01-14 11:53 - 2021-01-14 11:53 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
    2021-01-14 11:53 - 2021-01-14 11:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 002254336 _____ C:\Windows\system32\dwmscene.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
    2021-01-14 11:52 - 2021-01-14 11:52 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
    2021-01-14 11:52 - 2021-01-14 11:52 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
    2021-01-14 11:52 - 2021-01-14 11:52 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2021-01-14 11:52 - 2021-01-14 11:52 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2021-01-14 11:52 - 2021-01-14 11:52 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
    2021-01-14 11:52 - 2021-01-14 11:52 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
    2021-01-14 11:52 - 2021-01-14 11:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2021-01-14 11:52 - 2021-01-14 11:52 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
    2021-01-14 11:52 - 2021-01-14 11:52 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2021-01-14 11:52 - 2021-01-14 11:52 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
    2021-01-14 11:52 - 2021-01-14 11:52 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
    2021-01-14 11:51 - 2021-01-14 11:51 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
    2021-01-14 11:51 - 2021-01-14 11:51 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
    2021-01-14 11:51 - 2021-01-14 11:51 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2021-01-14 11:51 - 2021-01-14 11:51 - 000455168 _____ C:\Windows\system32\ssdm.dll
    2021-01-14 11:51 - 2021-01-14 11:51 - 000306688 _____ C:\Windows\system32\HeatCore.dll
    2021-01-14 11:51 - 2021-01-14 11:51 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2021-01-14 11:51 - 2021-01-14 11:51 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
    2021-01-14 11:51 - 2021-01-14 11:51 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
    2021-01-07 20:09 - 2021-01-07 20:09 - 000028831 _____ C:\Users\audre\Documents\Baseplate.rbxl
    2021-01-06 21:11 - 2021-01-06 21:11 - 001891342 _____ C:\Users\audre\Downloads\16DE808E-6B32-4871-B5C9-EC7763EA57A1.jpeg
    2021-01-06 21:11 - 2021-01-06 21:11 - 001439794 _____ C:\Users\audre\Downloads\FFC36838-0D04-4D3C-A965-D60431975DB0.jpeg
    2021-01-06 21:10 - 2021-01-06 21:10 - 000290182 _____ C:\Users\audre\Downloads\IMG_6377.jpeg
    2021-01-06 11:56 - 2021-01-06 11:56 - 000000000 ____D C:\Users\audre\Documents\Zoom
    2021-01-05 12:26 - 2021-01-05 12:44 - 000000000 ____D C:\Users\audre\AppData\Roaming\Zoom
    2021-01-05 12:26 - 2021-01-05 12:26 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
    2021-01-05 12:25 - 2021-01-05 12:25 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\audre\Downloads\Zoom_cm_ds_mB94fPckxEwjfwtHt6KqRKT4ekfikPqfj6cSr@JcorgUu-1aJnnYuk_kdf1542670768ab18_.exe
    2021-01-03 18:36 - 2021-01-03 18:36 - 000000000 ____D C:\Users\audre\Documents\ROBLOX

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-02 20:53 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-02-02 20:40 - 2020-12-26 01:47 - 000000000 ____D C:\Users\audre\AppData\Local\D3DSCache
    2021-02-02 19:54 - 2020-12-26 01:51 - 000000000 ___RD C:\Users\audre\OneDrive
    2021-02-02 19:54 - 2020-12-25 12:05 - 000003126 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
    2021-02-02 19:54 - 2020-12-25 12:04 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
    2021-02-02 16:59 - 2020-09-27 09:50 - 000000000 ____D C:\Windows\system32\SleepStudy
    2021-02-02 16:23 - 2020-12-26 01:51 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4201280554-2823466389-1122749580-1002
    2021-02-02 16:23 - 2020-12-26 01:47 - 000002374 _____ C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-02-02 12:50 - 2020-10-15 13:17 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
    2021-02-02 12:50 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF
    2021-02-02 12:25 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-02-02 12:25 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness
    2021-02-02 11:35 - 2020-12-26 01:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
    2021-02-01 16:42 - 2020-10-15 13:38 - 000000000 ____D C:\Program Files\Microsoft Office
    2021-01-31 19:26 - 2020-12-28 00:43 - 000000000 ____D C:\Program Files (x86)\Steam
    2021-01-31 16:00 - 2020-12-25 12:08 - 000000000 ____D C:\Users\audre\AppData\Roaming\.minecraft
    2021-01-30 14:22 - 2020-09-27 09:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-01-29 17:01 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports
    2021-01-29 13:56 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-01-29 13:56 - 2020-09-27 09:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2021-01-29 13:56 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState
    2021-01-29 13:56 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI
    2021-01-28 23:05 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp
    2021-01-28 14:46 - 2020-12-26 01:50 - 000000000 ____D C:\Users\audre\AppData\Local\Packages
    2021-01-27 17:35 - 2020-12-26 02:00 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-01-27 17:35 - 2020-12-26 02:00 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-01-27 13:23 - 2020-12-25 14:48 - 000001432 _____ C:\Users\audre\Desktop\Roblox Player.lnk
    2021-01-27 13:23 - 2020-12-25 14:48 - 000001255 _____ C:\Users\audre\Desktop\Roblox Studio.lnk
    2021-01-27 13:23 - 2020-12-25 14:48 - 000000000 ____D C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2021-01-26 22:43 - 2020-12-26 01:52 - 000000000 ____D C:\Users\audre\AppData\Local\PlaceholderTileLogoFolder
    2021-01-25 17:27 - 2020-12-25 15:04 - 000000000 ____D C:\Users\audre\AppData\Roaming\Star Stable Online
    2021-01-23 14:11 - 2020-12-30 12:39 - 000000000 ____D C:\Users\audre\.VirtualBox
    2021-01-23 14:01 - 2020-12-30 12:39 - 000000000 ____D C:\ProgramData\VirtualBox
    2021-01-22 12:29 - 2020-12-25 11:59 - 000000000 ____D C:\Users\audre\AppData\Local\AMD_Common
    2021-01-22 12:14 - 2020-12-26 02:18 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2021-01-19 13:01 - 2020-09-27 09:53 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-01-19 13:01 - 2020-09-27 09:53 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-01-17 19:57 - 2020-12-25 15:04 - 000002256 _____ C:\Users\Public\Desktop\Star Stable Online.lnk
    2021-01-17 19:57 - 2020-12-25 15:04 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
    2021-01-16 19:45 - 2020-12-25 14:48 - 000000250 _____ C:\Users\audre\AppData\LocalLow\rbxcsettings.rbx
    2021-01-14 22:00 - 2020-09-27 09:50 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
    2021-01-14 21:59 - 2020-12-26 02:14 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2021-01-14 21:59 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2021-01-14 21:59 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\F12
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Com
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Sysprep
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Com
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Provisioning
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\IME
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr
    2021-01-14 21:59 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
    2021-01-14 18:16 - 2020-12-25 19:16 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
    2021-01-14 11:51 - 2020-09-27 09:53 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2021-01-14 11:48 - 2020-12-26 02:17 - 000000000 ____D C:\Windows\system32\MRT
    2021-01-14 11:47 - 2020-12-26 02:17 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2021-01-08 22:23 - 2020-12-30 12:43 - 000000000 ____D C:\Users\audre\AppData\Local\CrashDumps
    2021-01-08 13:19 - 2020-10-15 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2021-01-05 21:55 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
    2021-01-05 12:40 - 2020-12-25 14:48 - 000000000 ____D C:\Users\audre\AppData\Local\Roblox

    ==================== Files in the root of some directories ========

    2021-01-24 15:45 - 2021-01-24 19:45 - 000000128 _____ () C:\Users\audre\AppData\Roaming\winscp.rnd

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  4. #4
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't click on the alert, we'll get rid of it.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag
    AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]
    CHR Notifications: Default -> hxxps://pushwelcome.com
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
    S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Download AdwCleaner from here and save it to your desktop.

    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please attach the content of the log to your next reply.

    =======================

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard


    ~~~~~
    Logs to include with the next post:

    Fixlog.txt
    AdwCleaner log
    Malwarebytes Anti-Malware

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    Thank you for your quick reply! I ran the programs. One note, I saw this notice about a trojan before I ran them. Please see the attached image. Also, AdwCleaner found no threats as did the Malwarebytes program.

    IMG_3721.jpg

    Logs are in separate posts below. Thanks again!

  7. #7
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    FIX Log

    Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021
    Ran by audre (03-02-2021 12:27:08) Run:1
    Running from C:\Users\audre\Desktop
    Loaded Profiles: audre
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> microsoft-edge:hxxps://www.ibuypower.com/review
    ShortcutWithArgument: C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lahlmdogjpblkonckkgbljegkiijjbag
    AlternateDataStreams: C:\desktop.ini:CachedTiles [7368]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9520]
    CHR Notifications: Default -> hxxps://pushwelcome.com
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1214G0&p={searchTerms}
    CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
    S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBUYPOWER.lnk => Shortcut argument removed successfully
    C:\Users\audre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk => Shortcut argument removed successfully
    C:\desktop.ini => ":CachedTiles" ADS removed successfully
    C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
    "Chrome Notifications" => removed successfully
    "Chrome DefaultSearchURL" => removed successfully
    "Chrome DefaultSuggestURL" => removed successfully
    HKLM\System\CurrentControlSet\Services\Futuremark SystemInfo Service => removed successfully
    Futuremark SystemInfo Service => service removed successfully
    HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
    ALSysIO => service removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\catalog.json => moved successfully
    C:\Windows\Temp\chrome_installer.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1231.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1234.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1234a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1237.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1242.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1252.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1344.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1357.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1556.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1710.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1745.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-1931.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2023.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2036.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2053.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2235.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210127-2323.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-0010.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-0018.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1325.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1328.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1328a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1335.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1344.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1355.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1446.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1518.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1614.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1619.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-1626.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2030.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2038.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2045.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2220.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210128-2253.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1356.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1357.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1402.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1405.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1406.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1430.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1443.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1508.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1513.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1628.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-1648.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2006.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2109.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210129-2147.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1421.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1424.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1424a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-1426.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2035.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2126.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2130.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2138.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2224.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2232.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210130-2329.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0025.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0044.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0056.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-0126.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1413.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1413a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1416.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1424.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1552.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1613.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1639.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1727.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-1853.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-2056.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210131-2359.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0831.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0833.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0849.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0901.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0908.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0923.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-0942.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1616.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1621.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1622.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1642.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1642a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1643.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1754.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1810.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1816.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-1824.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2054.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2215.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210201-2226.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1134.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1137.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1139.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1225.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1325.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1532.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1543.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1649.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1649a.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-1959.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2008.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2013.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2019.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2104.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2105.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2110.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2134.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2209.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2223.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210202-2257.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1037.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1040.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1042.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1209.log => moved successfully
    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1226.log => moved successfully
    Could not move "C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1227.log" => Scheduled to move on reboot.
    C:\Windows\Temp\mat-debug-11536.log => moved successfully
    C:\Windows\Temp\mat-debug-12196.log => moved successfully
    C:\Windows\Temp\mat-debug-12396.log => moved successfully
    C:\Windows\Temp\mat-debug-2536.log => moved successfully
    C:\Windows\Temp\mat-debug-2552.log => moved successfully
    C:\Windows\Temp\mat-debug-5356.log => moved successfully
    C:\Windows\Temp\mat-debug-8440.log => moved successfully
    C:\Windows\Temp\mat-debug-9660.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\msedge_installer.log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20210127123147FCC).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20210128132507FA8).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020116423023D4).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020221041510B4).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2021020221053310C0).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202102031227082738).log" => Scheduled to move on reboot.
    C:\Windows\Temp\TS_4FA6.tmp => moved successfully
    C:\Windows\Temp\{078D8299-4C23-447A-AC70-3AE899D87358} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{07BF6676-6FDC-489D-9339-549284463843} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{087D2CC1-42BE-4F19-A1ED-5713671FFA50} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{489B5446-1D2A-4A62-B458-5067CDF9F935} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{55E68767-B17D-4DF1-95AF-8B526A65512B} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{5A58042A-E02D-4400-9C03-8D7ECEB7E404} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{7BCE8E92-87CC-4840-96F0-561D799BD27F} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{A04ACEC1-ECAC-465C-8943-1A2685E5556B} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{A2C05120-061E-4A73-BAB1-BC4581E8D73C} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{AC9573FD-FBB9-40D3-B106-46E5FA13FBC7} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{BE193A17-0A2B-462E-BD87-6F542957CA75} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{C5840D39-9B70-4B18-B114-76558A9F098D} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{D4F2D68F-0C0D-4F4E-8777-EE3BE29CF0BF} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{F23206E4-A212-4E6E-9A2E-AB13C480401E} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{FF8BC3BF-3F5F-4BB1-8B2C-9F617320BEDA} - OProcSessId.dat => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 7626752 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55574551 B
    Java, Flash, Steam htmlcache => 12721835 B
    Windows/system/drivers => 18343742 B
    Edge => 0 B
    Chrome => 803869841 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 89300 B
    audre => 305831637 B

    RecycleBin => 13309735867 B
    EmptyTemp: => 13.5 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-02-2021 12:29:37)

    C:\Windows\Temp\DESKTOP-F6KEIFL-20210203-1227.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(202102031227082738).log => Is moved successfully

    ==== End of Fixlog 12:29:37 ====

  8. #8
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.9.1
    # -------------------------------
    # Build: 01-20-2021
    # Database: 2021-01-26.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-03-2021
    # Duration: 00:00:17
    # OS: Windows 10 Pro
    # Scanned: 31956
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.


    AdwCleaner[S00].txt - [1405 octets] - [03/02/2021 12:32:25]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

  9. #9
    Senior Member
    Join Date
    Nov 2009
    Posts
    109

    Default

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/3/21
    Scan Time: 12:41 PM
    Log File: 0ad4a13a-6647-11eb-b63e-2cf05d94db41.json

    -Software Information-
    Version: 4.3.0.98
    Components Version: 1.0.1157
    Update Package Version: 1.0.36671
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19041.746)
    CPU: x64
    File System: NTFS
    User: DESKTOP-F6KEIFL\audre

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 279941
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 0 min, 43 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    One note, I saw this notice about a trojan before I ran them
    Have you since?

    I think it would be a good idea to download and install an AdBlocker for Google Chrome, it's free.
    https://chrome.google.com/webstore/d...ifddb?hl=en-US


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
    What we can do now if you think you need to is to do an online scan.

    ESET Online Scanner

    Download and save it to your desktop.

    https://www.eset.com/us/home/online-scanner/

    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    ---------------------------

    I need to see if anything was picked up and can you please comment on how the computer is now?
    Last edited by Juliet; 2021-02-04 at 02:29.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •