Solved Malware \ProductData + possibly more, on two devices

C

carodee

Hi! I need help. Please.
I was video editing on my PC last night and my program was running slow so I restarted. Got notification that a program called escalated privileges file operation daemon was preventing restart. Looked it up and results seemed like this was not a good thing. From here started trying to clean up files and found C:\ProgramData\ProductData that will not uninstall. Noticed the same on my laptop (they were connected through network and chrome browser, other computers on the home network don't have this, chrome sync disabled now). Been reading similar issues on some forums attempting to fix but nothing is working. PC also has new file C:\ProgramData\boost_interprocess (8kb) which I am unsure what it is. Ran FRST and think I may need fix file.
I ran a few programs based on other forums and will post txt log files
1. Junkware removal took - JRT which removed ProductData but it just reappears after a few minutes.
2. Rogue Killer - rk - found only Honey PuP, removed
3. Malwarebytes (updated), nothing detected, restarted pc
4. Adw cleaner - nothing found, ran basic repair, restarted.
5. FRST 64
Similar results on laptop but this is only for my PC right now to keep things simple

Thank you,
Caro

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Caro (Administrator) on 2020-12-06 at 10:36:33.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\productdata (Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2020-12-06 at 10:41:08.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller Anti-Malware V14.8.0.0 (x64) [Nov 17 2020] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : Caro [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200213_081045, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/12/06 12:33:46 (Duration : 00:14:24)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen0 (Potentially Malicious)] Honey -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Deleted


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/6/20
Scan Time: 12:38 PM
Log File: d1b08580-37e9-11eb-938b-e0d55e6ea072.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33973
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: DESKTOP-PSDRESQ\Caro

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323869
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-06-2020
# Duration: 00:00:54
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1609 octets] - [05/12/2020 11:23:46]
AdwCleaner[C00].txt - [1803 octets] - [05/12/2020 12:35:17]
AdwCleaner[S01].txt - [1615 octets] - [06/12/2020 11:25:31]
AdwCleaner[C01].txt - [1765 octets] - [06/12/2020 11:31:03]
AdwCleaner_Debug.log - [68 octets] - [06/12/2020 12:47:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########


# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-06-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1609 octets] - [05/12/2020 11:23:46]
AdwCleaner[C00].txt - [1803 octets] - [05/12/2020 12:35:17]
AdwCleaner[S01].txt - [1615 octets] - [06/12/2020 11:25:31]
AdwCleaner[C01].txt - [1765 octets] - [06/12/2020 11:31:03]
AdwCleaner_Debug.log - [68 octets] - [06/12/2020 12:47:30]
AdwCleaner[S02].txt - [1709 octets] - [06/12/2020 12:48:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by Caro (administrator) on DESKTOP-PSDRESQ (Gigabyte Technology Co., Ltd. AB350N-Gaming WIFI) (06-12-2020 12:55:13)
Running from C:\Users\Caro\Desktop\FRST
Loaded Profiles: Caro
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0326224.inf_amd64_54f142d34a8acc18\B323593\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0326224.inf_amd64_54f142d34a8acc18\B323593\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Caro\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\AuthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1190_none_1716e3ef2a15f08c\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5ad622f7ea43f50a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-06] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-07] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-12-05] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [677512 2020-11-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-11-18] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5491248 2020-11-18] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\MountPoints2: {1f0fef9e-5a4b-11e8-b960-8ca982ff9587} - "D:\UI.exe"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2020-10-22] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP CC11 Status Monitor: C:\WINDOWS\system32\hpinkstsCC11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP CE11 Status Monitor: C:\WINDOWS\system32\hpinkstsCE11LM.dll [393352 2017-03-20] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {053BCB64-EFFD-4B0C-A6E3-9D1C548AC083} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-08] (Google Inc -> Google Inc.)
Task: {07F19A41-BE43-4770-B475-E38F8829A46C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0C83218A-5CD6-43A8-B91F-0814E107F087} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1568A3F6-6BE0-442A-97AE-2593521EF59F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D7656BB-B74B-4696-89AC-4C0584167F3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DE0D252-113B-41F0-980D-EA87D56FCCF7} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3F054FBB-58BA-4CE3-8FD6-7D05A2D181AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {4BAFFEE6-1486-4602-9918-0A8A21AB118F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F5550B4-38B3-4333-8590-CF77EB07B263} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {72C85641-E1E2-47E5-9DA4-AD3D3C6A26B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-08] (Google Inc -> Google Inc.)
Task: {776AE28A-F40F-4187-8BD7-FE2D70CA14F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {8E968E6C-4203-493C-B5CB-FB1322EC7234} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12793856 2019-07-05] (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {9BCE3AC9-79F7-4DA4-8674-4F728E086F93} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A3BE0BBE-AE80-4A91-AAC2-13A2D1423744} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B7796DE6-1063-4B5E-AF53-3214A12C8E01} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C66E2AFB-AC70-41A5-B9D5-FA6611E9387C} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [431160 2020-10-06] (Adobe Inc. -> Adobe Inc.)
Task: {CCDE8FB7-C13F-4DD0-8EE3-7E88A6067F05} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4CCE032-2C87-40C1-AA19-4C2A52E4C9B4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DE759EB7-9336-411E-8861-09A2E83819D6} - System32\Tasks\Power_a17007 => C:\Program Files\Cold Turkey\CTServiceInstaller.exe
Task: {E21283F0-32D4-4199-8BDF-CB77AAF073AE} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-PSDRESQ-Caro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F8115776-354B-447F-B009-B2DE90048CA5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FAAE8DA3-E857-4521-8C0C-43A56FC953AE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{fa7b2c5c-fd19-4705-aba8-17553d47644d}: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF DefaultProfile: rc7p17am.default
FF ProfilePath: C:\Users\Caro\AppData\Roaming\Zotero\Zotero\Profiles\rc7p17am.default [2019-04-22]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\zoteroOpenOfficeIntegration@zotero.org [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Zotero\extensions\zoteroWinWordIntegration@zotero.org [not found]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-07-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-11-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://ca.search.yahoo.com/sugg/gossip/gossip-ca-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-08]
CHR Extension: (Docs) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-08]
CHR Extension: (Google Drive) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-21]
CHR Extension: (Zotero Connector) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2020-10-28]
CHR Extension: (Sheets) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
CHR Extension: (Google Calendar) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2020-06-11]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2020-12-05]
CHR Extension: (Norton Safe Search as default for Chrome) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2020-08-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-23]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-23]
CHR Profile: C:\Users\Caro\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-12-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [384000 2019-03-22] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052944 2020-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5ad622f7ea43f50a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5ad622f7ea43f50a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
S3 gdrv; C:\Windows\gdrv.sys [26192 2018-05-17] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2019-01-22] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-05] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 12:42 - 2020-12-06 12:52 - 000000000 ___DC C:\Users\Caro\Desktop\PC Scan Reports
2020-12-06 12:11 - 2020-12-06 12:22 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-06 12:11 - 2020-12-06 12:11 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-12-06 12:11 - 2020-12-06 12:11 - 000000899 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-12-06 12:11 - 2020-12-06 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-12-06 12:11 - 2020-12-06 12:11 - 000000000 ____D C:\Program Files\RogueKiller
2020-12-06 12:08 - 2020-12-06 12:08 - 040473968 _____ (Adlice Software ) C:\Users\Caro\Downloads\setup.exe
2020-12-06 11:31 - 2020-12-06 11:31 - 000000000 ____D C:\WINDOWS\Panther
2020-12-06 11:08 - 2020-12-06 12:55 - 000000000 ____D C:\FRST
2020-12-06 11:07 - 2020-12-06 11:13 - 000000000 ___DC C:\Users\Caro\Desktop\FRST
2020-12-06 11:03 - 2020-12-06 11:06 - 002288640 _____ (Farbar) C:\Users\Caro\Downloads\FRST64.exe
2020-12-06 10:41 - 2020-12-06 10:41 - 000000744 ____C C:\Users\Caro\Desktop\JRT.txt
2020-12-06 10:36 - 2020-12-06 10:36 - 001790024 _____ (Malwarebytes) C:\Users\Caro\Downloads\JRT.exe
2020-12-05 14:24 - 2020-12-05 15:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-12-05 13:28 - 2020-12-05 13:28 - 000000000 ____D C:\Users\Caro\AppData\Local\MicrosoftEdge
2020-12-05 12:34 - 2020-12-05 12:34 - 000000000 ___DC C:\Users\Caro\AppData\LocalLow\IObit
2020-12-05 12:33 - 2020-12-05 12:33 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-05 12:32 - 2020-12-06 11:31 - 000000000 ____D C:\Users\Caro\AppData\Roaming\IObit
2020-12-05 12:32 - 2020-12-05 12:34 - 000000000 ____D C:\ProgramData\IObit
2020-12-05 12:32 - 2020-12-05 12:32 - 025230736 _____ (IObit ) C:\Users\Caro\Downloads\iobituninstaller.exe
2020-12-05 11:25 - 2020-12-05 11:25 - 000000000 ____D C:\Users\Caro\AppData\Local\ESET
2020-12-05 11:25 - 2020-12-05 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-05 11:25 - 2020-12-05 11:25 - 000000000 ____D C:\ProgramData\ESET
2020-12-05 11:25 - 2020-12-05 11:25 - 000000000 ____D C:\Program Files\ESET
2020-12-05 11:22 - 2020-12-05 12:35 - 000000000 ____D C:\AdwCleaner
2020-12-05 11:22 - 2020-12-05 11:22 - 008447152 _____ (Malwarebytes) C:\Users\Caro\Desktop\adwcleaner_8.0.8.exe
2020-12-05 11:22 - 2020-12-05 11:22 - 006341552 _____ (ESET) C:\Users\Caro\Downloads\eset_internet_security_live_installer.exe
2020-12-05 11:15 - 2020-12-05 11:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-05 11:15 - 2020-12-05 11:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-11-28 20:01 - 2020-11-28 20:01 - 000001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk
2020-11-28 19:53 - 2020-11-28 19:53 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2020-11-28 19:49 - 2020-11-28 19:49 - 000001085 ____C C:\Users\Caro\Desktop\Adobe Lightroom Classic.lnk
2020-11-28 19:49 - 2020-11-28 19:49 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2020-11-23 10:46 - 2020-12-03 18:32 - 000001456 _____ C:\Users\Caro\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-11-17 11:53 - 2020-11-17 11:53 - 001919470 _____ C:\Users\Caro\Downloads\Wedding Photography Contract - Sam & Mark 1.pdf
2020-11-15 12:29 - 2020-11-15 12:29 - 000000000 ___DC C:\Users\Caro\Documents\Zoom
2020-11-15 12:28 - 2020-12-05 12:44 - 000000000 ____D C:\Users\Caro\AppData\Roaming\Zoom
2020-11-10 23:51 - 2020-11-10 23:51 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-10 23:51 - 2020-11-10 23:51 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-10 23:51 - 2020-11-10 23:51 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-10 23:50 - 2020-11-10 23:50 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-10 23:50 - 2020-11-10 23:50 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-10 14:36 - 2020-11-10 14:36 - 000112759 _____ C:\Users\Caro\Downloads\Wedding Photography Contract (1).pdf
2020-11-10 14:35 - 2020-11-10 14:35 - 000112759 _____ C:\Users\Caro\Downloads\Wedding Photography Contract.pdf
2020-11-09 15:38 - 2020-11-09 15:38 - 000000000 ____D C:\Users\Caro\Downloads\Wedding-titles-v3-30607
2020-11-09 15:36 - 2020-11-09 15:36 - 022486391 _____ C:\Users\Caro\Downloads\Wedding-titles-v3-30607.zip
2020-11-08 12:27 - 2020-11-08 12:27 - 000353190 _____ C:\Users\Caro\Downloads\Carolyn_CRA_2019_summary.pdf
2020-11-06 12:06 - 2020-11-06 12:06 - 002222316 _____ C:\Users\Caro\Downloads\ImprovePhotographyContracts.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 12:53 - 2020-05-09 17:54 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-06 12:52 - 2018-05-09 09:01 - 000000000 ___RD C:\Users\Caro\Creative Cloud Files
2020-12-06 12:51 - 2020-05-09 17:56 - 000003092 _____ C:\WINDOWS\system32\Tasks\GPU Tweak II
2020-12-06 12:51 - 2020-04-06 14:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-06 12:50 - 2020-04-30 19:09 - 000012510 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-12-06 12:50 - 2020-04-30 19:09 - 000012312 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-12-06 12:50 - 2020-04-30 19:09 - 000006472 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-12-06 12:50 - 2020-04-06 17:46 - 000761886 _____ C:\WINDOWS\system32\prfh0416.dat
2020-12-06 12:50 - 2020-04-06 17:46 - 000148752 _____ C:\WINDOWS\system32\prfc0416.dat
2020-12-06 12:50 - 2020-04-06 14:14 - 001742324 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-06 12:50 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-06 12:50 - 2019-03-18 23:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-06 12:46 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-06 12:09 - 2018-07-01 10:42 - 000000000 ___DC C:\Users\Caro\AppData\Local\D3DSCache
2020-12-06 11:40 - 2018-05-09 11:08 - 000000000 ___RD C:\Users\Caro\OneDrive
2020-12-06 10:33 - 2020-04-06 14:17 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1140566A-E7E9-45BC-8379-45654BCF9F6C}
2020-12-06 10:30 - 2020-04-06 14:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-05 23:06 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-05 23:06 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-05 15:32 - 2020-04-30 19:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-12-05 14:24 - 2020-05-10 11:27 - 000000000 ____D C:\Users\Caro\AppData\Local\NVIDIA Corporation
2020-12-05 13:31 - 2018-05-09 11:07 - 000000000 ___DC C:\Users\Caro\AppData\Local\Packages
2020-12-05 11:42 - 2020-04-06 14:17 - 000003766 _____ C:\WINDOWS\system32\Tasks\Power_a17007
2020-12-05 11:25 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-05 11:15 - 2020-08-26 09:49 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-05 11:15 - 2019-08-18 13:32 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-05 11:15 - 2019-08-18 13:32 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-05 11:15 - 2018-05-25 17:38 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-12-05 11:14 - 2019-08-18 13:32 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-04 22:49 - 2019-10-03 13:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-12-04 22:49 - 2019-10-03 13:56 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-12-04 16:45 - 2018-05-08 20:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 18:47 - 2020-04-06 14:17 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 18:47 - 2020-04-06 14:17 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 17:35 - 2018-05-08 20:17 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 17:35 - 2018-05-08 20:17 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 17:35 - 2018-05-08 20:17 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-29 12:43 - 2018-05-09 08:30 - 000000000 ___DC C:\Users\Caro\AppData\Local\Adobe
2020-11-28 23:40 - 2018-05-09 09:12 - 000000000 ___DC C:\Users\Caro\Documents\Adobe
2020-11-28 20:01 - 2018-05-09 09:22 - 000000000 ____D C:\Users\Public\Documents\Adobe
2020-11-28 20:01 - 2018-05-09 09:22 - 000000000 ____D C:\ProgramData\Documents\Adobe
2020-11-28 20:01 - 2018-05-09 09:01 - 000000000 ____D C:\Program Files\Adobe
2020-11-28 19:54 - 2018-05-09 11:07 - 000000000 ___DC C:\Users\Caro\AppData\Roaming\Adobe
2020-11-28 16:44 - 2020-05-12 15:32 - 000000000 ____D C:\Users\Caro\AppData\Local\CrashDumps
2020-11-25 13:16 - 2018-05-09 09:02 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-11-25 13:16 - 2018-05-09 08:32 - 000000000 ____D C:\ProgramData\Adobe
2020-11-25 12:56 - 2020-04-06 14:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-25 12:56 - 2018-12-09 17:54 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-25 07:16 - 2020-08-21 09:10 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-11-25 07:16 - 2020-08-21 09:10 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-11-24 00:20 - 2019-04-27 08:54 - 000000000 ____D C:\Users\Caro\AppData\Roaming\vlc
2020-11-24 00:11 - 2019-04-27 08:53 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-11-24 00:11 - 2019-04-27 08:53 - 000001139 _____ C:\ProgramData\Desktop\VLC media player.lnk
2020-11-23 23:29 - 2020-04-06 14:17 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-881217815-4272472998-2328836942-1001
2020-11-23 23:29 - 2020-04-06 14:08 - 000002360 ____C C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-11-22 11:48 - 2018-11-25 15:08 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-11-20 13:01 - 2018-06-17 22:31 - 000002338 ____C C:\Users\Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (1).lnk
2020-11-19 21:17 - 2020-09-30 16:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-12 11:00 - 2020-03-22 20:35 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 16:09 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 01:28 - 2018-06-18 18:02 - 000000000 ___RD C:\Users\Caro\3D Objects
2020-11-11 01:28 - 2018-05-09 11:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-11 01:27 - 2020-04-06 14:04 - 000322760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-11 01:26 - 2019-03-19 01:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-11 01:26 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-10 23:57 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-10 23:50 - 2020-04-06 14:07 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-10 23:10 - 2018-05-08 20:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-10 23:06 - 2018-05-08 20:34 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2018-06-17 13:50 - 2018-06-17 13:50 - 000000033 ____C () C:\Users\Caro\AppData\Roaming\AdobeWLCMCache.dat
2020-11-23 10:46 - 2020-12-03 18:32 - 000001456 _____ () C:\Users\Caro\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-28 07:13 - 2018-09-28 07:13 - 000000000 ____C () C:\Users\Caro\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

  • 1. JRT.txt
    744 bytes · Views: 6
  • 2. rk report.txt
    1.3 KB · Views: 6
  • 3. mb report.txt
    1.2 KB · Views: 6
  • 3a. AdwCleaner[S02].txt
    1.7 KB · Views: 6
  • 3b. AdwCleaner[C02].txt
    1.9 KB · Views: 6
  • 4a. FRST.txt
    39.8 KB · Views: 6
  • 4b. Addition.txt
    36.2 KB · Views: 6
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by Caro (06-12-2020 12:57:21)
Running from C:\Users\Caro\Desktop\FRST
Windows 10 Pro Version 1909 18363.1198 (X64) (2020-04-06 19:18:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-881217815-4272472998-2328836942-500 - Administrator - Disabled)
Caro (S-1-5-21-881217815-4272472998-2328836942-1001 - Administrator - Enabled) => C:\Users\Caro
DefaultAccount (S-1-5-21-881217815-4272472998-2328836942-503 - Limited - Disabled)
Guest (S-1-5-21-881217815-4272472998-2328836942-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-881217815-4272472998-2328836942-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Disabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe Bridge 2020 (HKLM-x32\...\KBRG_10_0_3) (Version: 10.0.3 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe InDesign 2020 (HKLM-x32\...\IDSN_15_0_2) (Version: 15.0.2 - Adobe Inc.)
Adobe Lightroom (HKLM-x32\...\LRCC_3_4) (Version: 3.4 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_4) (Version: 14.4 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0_1) (Version: 22.0.1.73 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_6) (Version: 14.6 - Adobe Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FD52A2FF-4D16-49C4-A2CD-DAC752C18BA2}) (Version: 8.0 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9B061D60-4E2C-4987-BFFD-423E3D477660}) (Version: 8.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.0.3.1 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{54716EA9-F8B4-41E0-801B-9909164F2024}) (Version: 1.1.002 - ASUSTek Computer Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5293.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-881217815-4272472998-2328836942-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation)
NVIDIA Graphics Driver 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5293.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5293.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5293.1000 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
RogueKiller version 14.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.0.0 - Adlice Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
XSplit Broadcaster (HKLM-x32\...\{306BF455-B199-433A-9217-7E80CE1B7683}) (Version: 2.8.1607.1944 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-08-21] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-22] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-27] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-11-27] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-16] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-08-21] (Adobe Systems Incorporated)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-04] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-881217815-4272472998-2328836942-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5370604078F8} -> [Creative Cloud Files] => C:\Users\Caro\Creative Cloud Files [2018-05-09 09:01]
CustomCLSID: HKU\S-1-5-21-881217815-4272472998-2328836942-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-03] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5ad622f7ea43f50a\nvshext.dll [2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-11-03] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-881217815-4272472998-2328836942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-07-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-881217815-4272472998-2328836942-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-881217815-4272472998-2328836942-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-11-25] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-10-08 20:42 - 2020-10-08 20:42 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-881217815-4272472998-2328836942-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caro\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7FD90508-AE89-4CE1-964B-9CD1AF6153D3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{68A736E7-2ED6-4ADD-8283-C339D2B34FAC}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{A61FB0C7-8961-4C54-BA25-0346A30D0FB1}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe (SplitmediaLabs Limited -> SplitMediaLabs)
FirewallRules: [{2897C14D-72F5-40D0-99DE-003F3646FAF8}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{586D6570-C75A-43B5-A393-B88BD49AE859}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe (SplitmediaLabs Limited -> SplitMediaLabs)
FirewallRules: [{A1CD483E-DAB9-4D21-ADC3-10615D7A4EC9}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe => No File
FirewallRules: [UDP Query User{7A2570EA-6F17-437A-AA87-1B05E947C6AA}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{D11AC06A-2B11-4D71-8509-F36A2A931A1C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{626DE806-6728-4AEA-A3D1-9E7EAA00DCD7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{0FC63E56-3041-41DE-A074-DB807B5A7AD5}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe => No File
FirewallRules: [{A94C8C32-FFDD-4AFE-877B-A3A8669F44A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{55FFF59B-B1E7-4236-AC9F-54CFBF619219}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{051E29C1-F9B5-48E6-B04A-E0A069523DB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{7F0A854D-8ED3-4B6C-A0B8-48D37408506D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{5ED211AE-A696-4F9D-B709-25B679209A7C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{62145942-4FA0-4CA5-9183-7235C318D9A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{67E1613D-C91C-44CA-89FE-2B27060DAC80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F91B87C1-F2ED-4EA7-8A0A-28986E829118}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9CFAE30-5F44-45E9-B89F-7C4A6BC36625}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0BBDE99D-BB86-4CFA-83DD-404AA17B64E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5355BB45-7E56-484A-B419-C84D58C45C28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6434C784-BE0D-43AA-B2AC-4D50F6E70771}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3D682ED8-012F-40CE-B47A-481E503D43A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{458FDEFA-13A5-496C-A003-AAFBFEBFC67D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52B267FB-1059-48D2-8FAE-F6C58FF4B7CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B9F503DC-4495-4A41-8DAA-51FBF6857AF7}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1F3CE5E9-585A-4B64-929E-E411172089A6}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DAB91F23-B235-49F4-8F35-8A1C2AB156AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDAA1B67-5D75-4E12-81C1-0325A186DDAA}] => (Allow) C:\Users\Caro\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{C4FCDE94-F134-4B62-9ABF-01C62B8821D4}] => (Allow) C:\Users\Caro\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{32889D02-DF8A-4D83-9139-626ED194EEBE}] => (Allow) C:\Users\Caro\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D66948F6-E07D-4792-A15D-92DA3976E4D9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

05-12-2020 11:45:13 Removed Bonjour
05-12-2020 12:34:30 AdwCleaner_BeforeCleaning_05/12/2020_12:34:30
06-12-2020 10:36:37 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: AMD Radeon(TM) Vega 8 Graphics
Description: AMD Radeon(TM) Vega 8 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/06/2020 12:57:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6700,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:50:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6436,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:40:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12160,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:30:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14032,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:21:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7116,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 12:07:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 11:52:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15592,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/06/2020 11:38:04 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6636,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (12/06/2020 12:50:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (12/06/2020 12:50:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (12/06/2020 12:50:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (12/06/2020 12:50:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (12/06/2020 12:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2020 12:50:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/06/2020 12:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2020 12:50:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2020-12-05 11:25:47.228
Description:
Controlled Folder Access blocked C:\Program Files\ESET\ESET Security\ekrn.exe from making changes to memory.
Detection time: 2020-12-05T16:25:47.227Z
Path: \Device\HarddiskVolume3
Process Name: C:\Program Files\ESET\ESET Security\ekrn.exe
Security intelligence Version: 1.327.2118.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2011.6

Date: 2020-12-05 11:16:34.945
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E9602671-4A71-49D9-8EA9-129BD6388818}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-04 15:46:30.393
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {042D4A35-10F5-442D-B997-C20987CD2713}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-03 15:04:53.863
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CF9CF51D-99B9-457F-A8CE-C293ADD87820}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-02 13:00:56.830
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1D961B63-576B-4FA5-AD57-0CA845C94F1C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-25 12:18:26.082
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.1513.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-12-06 12:54:35.006
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:53:22.676
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:53:21.778
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:53:20.481
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:53:20.463
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:46:12.738
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:46:11.855
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-06 12:46:11.682
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F21 02/08/2018
Motherboard: Gigabyte Technology Co., Ltd. AB350N-Gaming WIFI-CF
Processor: AMD Ryzen 3 2200G with Radeon Vega Graphics
Percentage of memory in use: 25%
Total physical RAM: 15308.36 MB
Available physical RAM: 11417.88 MB
Total Virtual: 41932.36 MB
Available Virtual: 37058.61 MB

==================== Drives ================================

Drive a: (Internal0819) (Fixed) (Total:1863.01 GB) (Free:539.57 GB) NTFS
Drive c: () (Fixed) (Total:222.58 GB) (Free:93.9 GB) NTFS

\\?\Volume{28e36e17-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{28e36e17-0000-0000-0000-30c437000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: ED446FD9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 28E36E17)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=523 MB) - (Type=27)

==================== End of Addition.txt =======================
 
" From here started trying to clean up files and found C:\ProgramData\ProductData that will not uninstall. "
What exactly did you try to uninstall? What makes you think that there is something wrong with ProductData folder?

" PC also has new file C:\ProgramData\boost_interprocess (8kb) which I am unsure what it is "
None of the scans you ran finds boost_interprocess being malicious so I see no reason to drill on it. Your computer contains thousands of files and there is no way to investigate every one of them just because we're just not familiar with them.

That's why we have security tools we use to scan our computers and see if there is something malicious there.
So far those tools found nothing on your computer. You should be good to go.
 
Hi Broni thanks for your response.

" From here started trying to clean up files and found C:\ProgramData\ProductData that will not uninstall. "
What exactly did you try to uninstall?

I was uninstalling third party software I wasn't using, and remnants of previously uninstalled programs, and googling the filenames of anything I didn't know the function of (as I was concerned of infection after escalated privilege & also had a strange unknown device connect to my network).

What makes you think that there is something wrong with ProductData folder?

I think there is something wrong with ProductData because after googling ProductData, there were several threads on TechSpot and Bleeping Computer addressing this specific folder as malware and had steps to resolve it.
As well, after running JRT, it showed up as a one of the junk files that was successfully removed, but then would reappear soon after.

"None of the scans you ran finds boost_interprocess being malicious so I see no reason to drill on it. Your computer contains thousands of files and there is no way to investigate every one of them just because we're just not familiar with them."
Yes you're right. This folder had stood out to me as a potential concern as it was not present until about 3 hours after I started investigating this yesterday, at a time where I hadn't been using the computer.
--
After submitting my question here I went back to check if the ProductData file had reappeared again on my PC and it hadn't, and still hasn't!
So I ran the same set of programs on my laptop, and voila! It is no longer reappearing.
I believe the addition of RogueKiller was the program that was able to clear it. (it might not have showed up in these logs because I had ran that scan already not long before)

Anyways. If there is no indication of malware in the logs now, I am very relieved. Thank you for your time to go over the logs files for me. Much appreciated.
 
You're very welcome
file.php
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back