Hi,
It all started with me downloading an attached pdf from an spam email on my laptop. As soon as I realized that this was silly on my part I deleted the pdf and started looking to find clues what kind of damage it had done. I ran windows security scan& malware bytes scan and few more but they couldn't find anything.
However my laptop seemed sluggish. Then I noticed many suspicious looking services running like 'Udk User Service_339e4', 'Clipboard User Service_e39e4', 'MessagingService_e39e4' and many more like that.
I also noticed lot of security audit events in event viewer for 'Credential Manager credentials were read', 'Special privileges assigned to new logon', 'An account was successfully logged on'. It all looks very suspicious.
I have provided logs from running 'Farbar Recovery Scan Tool (FRST) ' below. I will be really grateful if experts here can take a look and provide their help.
==================FRST.txt==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Chanchal (administrator) on WINDOWS-CAFP9OV (Dell Inc. Latitude 7490) (02-01-2021 17:23:11)
Running from C:\AntiVirusTools\FRST
Loaded Profiles: Chanchal
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277944 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515000 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3315280 2019-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91701608 2020-07-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {171058E2-CA28-4471-A297-6BD484C13FBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33F6C3AA-E4CE-4E2F-8136-FEC160036721} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2020-12-04] (Dell Inc -> Dell Inc.)
Task: {3481E15F-AD76-4380-9AAF-14C7FE781888} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-10] (Microsoft Windows -> )
Task: {46D68B5E-AFB6-478D-9AB4-7866C7339416} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FA19EE8-78A1-4A07-9A36-BDAE2972788D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {60AE28DC-31F5-49F1-84CC-0C57E8AB7D57} - System32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6435F43C-D8EF-453F-A6C7-4457F727910C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {66108BF2-95D6-4330-BFED-0B78B024EE24} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F700FC2-3C94-4ED1-80FA-D0F852F82E93} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8792E7C4-AE86-43D3-9E80-370E8DFDECB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {9BE77F2B-F72A-441D-92D7-3E262BEC2F50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {A24F97A8-21C0-4089-8ED6-85B0D5489E7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3C9F80A-BA0D-41A7-A109-0F209F983F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {B48A52EE-EC07-416E-AC1F-AF7DF3657DB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0975E51-3E85-4E4B-9A04-868F776FBC50} - System32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {DD7BF700-B69F-4335-A94A-EDA400F77525} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {E98658FE-62CC-4DEC-A51A-615F78217F6D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC49720A-D531-40A4-BA32-CF02807E8221} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0CB0420-44C6-47B1-93EB-F2EA3A18DBA9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-17] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{7b735ff1-2cf6-4273-b6d9-192040ce4bdf}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c38504bf-ced2-4fdb-ad09-6bb6fb697456}: [DhcpNameServer] 192.168.1.1
Edge:
======
DownloadDir: C:\Users\Chanchal\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chanchal\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-02]
Edge DownloadDir: C:\Users\Chanchal\Downloads
FireFox:
========
FF DefaultProfile: eknl48xe.default
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\eknl48xe.default [2019-07-15]
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release [2021-01-02]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release\Extensions\support@lastpass.com.xpi [2020-12-14]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default [2021-01-02]
CHR Extension: (Slides) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-25]
CHR Extension: (Docs) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-25]
CHR Extension: (Google Drive) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-25]
CHR Extension: (Sheets) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Xpath Finder) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaobnmmgonppmablhldddpfmgpklbfh [2020-07-08]
CHR Extension: (ChroPath) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-25]
CHR Extension: (Gmail) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 ApHidMonitorService; C:\WINDOWS\system32\DellTPad\HidMonitorSvc.exe [894848 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
S4 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2020-12-11] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S4 ETActiveSteeringHelper; C:\WINDOWS\Ethertronics\EtactistaService.exe [401928 2017-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CloudBees, Inc.)
S4 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S4 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [43520 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2020-12-04] (Dell Inc -> Dell Inc.)
S4 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [260096 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ApHidfiltrService; C:\WINDOWS\System32\drivers\ApHidfiltrSW.sys [372384 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [46176 2017-09-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 ETActiveSteering; C:\WINDOWS\system32\DRIVERS\ETActiveSteering.sys [37560 2017-09-21] (WDKTestCert norikd,131383411497448652 -> Ethertronics I2C driver for ASA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 wbfcvusbdrv; C:\WINDOWS\System32\Drivers\wbfcvusbdrv.sys [20064 2017-09-26] (Broadcom Corporation -> Broadcom Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-02 14:40 - 2021-01-02 14:40 - 092274688 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-01-02 11:40 - 2021-01-02 11:40 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-02 11:18 - 2021-01-02 11:18 - 000000000 ____D C:\AdwCleaner
2021-01-02 11:15 - 2021-01-02 11:32 - 000000000 ____D C:\Users\Chanchal\Downloads\antiVirusResults
2021-01-02 11:04 - 2021-01-02 11:11 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-02 10:56 - 2021-01-02 17:23 - 000000000 ____D C:\FRST
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-01-02 09:25 - 2021-01-02 11:26 - 000000864 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 11:25 - 000000736 _____ C:\Users\Chanchal\Desktop\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-02 09:25 - 2021-01-02 09:25 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\mbam
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\ESET
2021-01-02 09:25 - 2021-01-02 09:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-02 09:25 - 2021-01-02 09:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-02 09:22 - 2021-01-02 11:23 - 000000000 ____D C:\AntiVirusTools
2021-01-02 06:04 - 2021-01-02 14:40 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-01 20:59 - 2021-01-01 20:59 - 020975616 _____ C:\Users\Chanchal\Downloads\windows_security_logs_1-1-2020-8_59_2020.evtx
2020-12-29 22:34 - 2020-12-29 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-27 11:30 - 2020-12-29 16:15 - 000000926 _____ C:\Users\Chanchal\Desktop\Notes.txt
2020-12-19 16:24 - 2020-12-19 16:24 - 000113083 _____ C:\Users\Chanchal\Downloads\Coding Blocks Junior Course access.pdf
2020-12-19 11:55 - 2020-12-19 11:55 - 000000110 _____ C:\Users\Chanchal\Desktop\BlockProgramming_zoom.url
2020-12-19 11:54 - 2020-12-19 11:54 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxJF3CJKyHmNERALXfTfok8cHmuzlxhdmyujb@Tc+Atv2Szb4-SVFb_kae195f3d47394530_.exe
2020-12-17 15:25 - 2021-01-01 20:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-13 11:56 - 2020-12-13 11:56 - 000000000 ____D C:\Users\Chanchal\Documents\Zoom
2020-12-13 11:54 - 2020-12-13 11:55 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_m2ibw9uR-hHyVszONOJmuSek0fNlt9BWWSdxq@T0epyFySFwpZ5HIf_k3795af8e400dbf76_.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 014694648 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\ZoomInstaller.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 001328392 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 001263104 _____ C:\WINDOWS\system32\FaceProcessor.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000512856 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000164168 _____ C:\WINDOWS\system32\cmdiag.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000103936 _____ C:\WINDOWS\system32\cmimageworker.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 15:55 - 2020-12-10 15:55 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 15:54 - 2020-12-10 15:54 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 15:54 - 2020-12-10 15:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Teams
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Local\SquirrelTemp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-02 17:08 - 2019-07-15 19:44 - 000000000 ____D C:\Users\Chanchal\AppData\LocalLow\Mozilla
2021-01-02 17:05 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-02 17:03 - 2020-07-23 20:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-02 14:54 - 2020-01-27 22:21 - 000000000 ____D C:\Users\Chanchal\.p2
2021-01-02 14:53 - 2020-01-27 22:31 - 000000000 ____D C:\Users\Chanchal\AppData\Local\Eclipse
2021-01-02 14:53 - 2020-01-27 22:28 - 000000000 ____D C:\eclipse
2021-01-02 14:09 - 2019-07-15 19:44 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-02 11:45 - 2020-07-23 20:39 - 000797598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-02 11:45 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-02 11:40 - 2020-07-23 20:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-02 11:40 - 2020-07-23 20:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-02 11:40 - 2020-07-23 20:35 - 000001591 _____ C:\WINDOWS\system32\config\VSMIDK
2021-01-02 11:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-02 11:37 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-02 09:25 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-02 03:01 - 2019-04-25 08:56 - 000000000 __SHD C:\Users\Chanchal\IntelGraphicsProfiles
2021-01-01 20:58 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\PCDr
2021-01-01 20:56 - 2020-01-27 20:57 - 000000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2020-01-27 20:57 - 000000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2019-07-15 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-01 20:56 - 2019-04-02 07:44 - 000000000 ____D C:\Intel
2021-01-01 20:56 - 2019-04-02 06:53 - 000059371 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2020-12-30 21:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-29 22:34 - 2019-07-15 19:44 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-29 22:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-25 14:47 - 2019-04-02 07:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-12-23 18:57 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-19 15:24 - 2020-07-23 20:28 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-12-19 11:50 - 2020-06-21 23:12 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-18 15:07 - 2020-07-23 20:39 - 000003860 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-07-23 20:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-01-27 20:57 - 000000000 ____D C:\Users\Chanchal\AppData\Local\GoToMeeting
2020-12-16 15:26 - 2020-07-23 20:39 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-16 15:26 - 2020-07-23 20:28 - 000002378 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 15:26 - 2019-04-25 08:58 - 000000000 ___RD C:\Users\Chanchal\OneDrive
2020-12-13 11:51 - 2020-07-06 18:37 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Zoom
2020-12-13 10:42 - 2019-08-31 10:30 - 000000000 ____D C:\Users\Chanchal\Documents\folder
2020-12-11 17:33 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-11 17:32 - 2020-01-05 22:08 - 000000000 ____D C:\ProgramData\Dell
2020-12-11 17:31 - 2020-07-23 20:39 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-12-11 17:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-11 17:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-11 17:21 - 2020-07-23 20:35 - 000294696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-11 17:20 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 15:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-09 17:27 - 2020-01-12 18:37 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-06 17:30 - 2019-04-25 15:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-06 17:23 - 2019-04-25 15:28 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-04 15:04 - 2019-04-02 08:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 19:45 - 2020-07-23 20:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 19:45 - 2020-07-23 20:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
------------------------------------------------------------------------------------------------------------------------------------------------
Addition.txt logs in next post.
It all started with me downloading an attached pdf from an spam email on my laptop. As soon as I realized that this was silly on my part I deleted the pdf and started looking to find clues what kind of damage it had done. I ran windows security scan& malware bytes scan and few more but they couldn't find anything.
However my laptop seemed sluggish. Then I noticed many suspicious looking services running like 'Udk User Service_339e4', 'Clipboard User Service_e39e4', 'MessagingService_e39e4' and many more like that.
I also noticed lot of security audit events in event viewer for 'Credential Manager credentials were read', 'Special privileges assigned to new logon', 'An account was successfully logged on'. It all looks very suspicious.
I have provided logs from running 'Farbar Recovery Scan Tool (FRST) ' below. I will be really grateful if experts here can take a look and provide their help.
==================FRST.txt==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Chanchal (administrator) on WINDOWS-CAFP9OV (Dell Inc. Latitude 7490) (02-01-2021 17:23:11)
Running from C:\AntiVirusTools\FRST
Loaded Profiles: Chanchal
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277944 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515000 2019-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3315280 2019-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1079059935-2040455010-3243201420-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91701608 2020-07-07] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {171058E2-CA28-4471-A297-6BD484C13FBD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {33F6C3AA-E4CE-4E2F-8136-FEC160036721} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2020-12-04] (Dell Inc -> Dell Inc.)
Task: {3481E15F-AD76-4380-9AAF-14C7FE781888} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-10] (Microsoft Windows -> )
Task: {46D68B5E-AFB6-478D-9AB4-7866C7339416} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FA19EE8-78A1-4A07-9A36-BDAE2972788D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {60AE28DC-31F5-49F1-84CC-0C57E8AB7D57} - System32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6435F43C-D8EF-453F-A6C7-4457F727910C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {66108BF2-95D6-4330-BFED-0B78B024EE24} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F700FC2-3C94-4ED1-80FA-D0F852F82E93} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8792E7C4-AE86-43D3-9E80-370E8DFDECB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {9BE77F2B-F72A-441D-92D7-3E262BEC2F50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {A24F97A8-21C0-4089-8ED6-85B0D5489E7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A3C9F80A-BA0D-41A7-A109-0F209F983F2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-25] (Google LLC -> Google LLC)
Task: {B48A52EE-EC07-416E-AC1F-AF7DF3657DB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0975E51-3E85-4E4B-9A04-868F776FBC50} - System32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002 => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {DD7BF700-B69F-4335-A94A-EDA400F77525} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {E98658FE-62CC-4DEC-A51A-615F78217F6D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC49720A-D531-40A4-BA32-CF02807E8221} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0CB0420-44C6-47B1-93EB-F2EA3A18DBA9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-17] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job => C:\Users\Chanchal\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{7b735ff1-2cf6-4273-b6d9-192040ce4bdf}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c38504bf-ced2-4fdb-ad09-6bb6fb697456}: [DhcpNameServer] 192.168.1.1
Edge:
======
DownloadDir: C:\Users\Chanchal\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chanchal\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-02]
Edge DownloadDir: C:\Users\Chanchal\Downloads
FireFox:
========
FF DefaultProfile: eknl48xe.default
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\eknl48xe.default [2019-07-15]
FF ProfilePath: C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release [2021-01-02]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Chanchal\AppData\Roaming\Mozilla\Firefox\Profiles\nj2i8x77.default-release\Extensions\support@lastpass.com.xpi [2020-12-14]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default [2021-01-02]
CHR Extension: (Slides) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-25]
CHR Extension: (Docs) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-25]
CHR Extension: (Google Drive) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-25]
CHR Extension: (Sheets) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Xpath Finder) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaobnmmgonppmablhldddpfmgpklbfh [2020-07-08]
CHR Extension: (ChroPath) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngjbnaijcbncmcnjfhigebomdlkcjo [2020-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-25]
CHR Extension: (Gmail) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Chanchal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S4 ApHidMonitorService; C:\WINDOWS\system32\DellTPad\HidMonitorSvc.exe [894848 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
S4 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
S4 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2020-12-11] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S4 ETActiveSteeringHelper; C:\WINDOWS\Ethertronics\EtactistaService.exe [401928 2017-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CloudBees, Inc.)
S4 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S4 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [43520 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2020-12-04] (Dell Inc -> Dell Inc.)
S4 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [260096 2017-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ApHidfiltrService; C:\WINDOWS\System32\drivers\ApHidfiltrSW.sys [372384 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [46176 2017-09-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 ETActiveSteering; C:\WINDOWS\system32\DRIVERS\ETActiveSteering.sys [37560 2017-09-21] (WDKTestCert norikd,131383411497448652 -> Ethertronics I2C driver for ASA)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 wbfcvusbdrv; C:\WINDOWS\System32\Drivers\wbfcvusbdrv.sys [20064 2017-09-26] (Broadcom Corporation -> Broadcom Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-02 14:40 - 2021-01-02 14:40 - 092274688 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-01-02 11:40 - 2021-01-02 11:40 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-02 11:18 - 2021-01-02 11:18 - 000000000 ____D C:\AdwCleaner
2021-01-02 11:15 - 2021-01-02 11:32 - 000000000 ____D C:\Users\Chanchal\Downloads\antiVirusResults
2021-01-02 11:04 - 2021-01-02 11:11 - 000000000 ____D C:\ProgramData\RogueKiller
2021-01-02 10:56 - 2021-01-02 17:23 - 000000000 ____D C:\FRST
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000002775 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-01-02 09:56 - 2021-01-02 09:56 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-01-02 09:25 - 2021-01-02 11:26 - 000000864 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 11:25 - 000000736 _____ C:\Users\Chanchal\Desktop\ESET Online Scanner.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-02 09:25 - 2021-01-02 09:25 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\mbam
2021-01-02 09:25 - 2021-01-02 09:25 - 000000000 ____D C:\Users\Chanchal\AppData\Local\ESET
2021-01-02 09:25 - 2021-01-02 09:24 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-02 09:25 - 2021-01-02 09:24 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-02 09:24 - 2021-01-02 09:24 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-02 09:22 - 2021-01-02 11:23 - 000000000 ____D C:\AntiVirusTools
2021-01-02 06:04 - 2021-01-02 14:40 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-01-01 20:59 - 2021-01-01 20:59 - 020975616 _____ C:\Users\Chanchal\Downloads\windows_security_logs_1-1-2020-8_59_2020.evtx
2020-12-29 22:34 - 2020-12-29 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-27 11:30 - 2020-12-29 16:15 - 000000926 _____ C:\Users\Chanchal\Desktop\Notes.txt
2020-12-19 16:24 - 2020-12-19 16:24 - 000113083 _____ C:\Users\Chanchal\Downloads\Coding Blocks Junior Course access.pdf
2020-12-19 11:55 - 2020-12-19 11:55 - 000000110 _____ C:\Users\Chanchal\Desktop\BlockProgramming_zoom.url
2020-12-19 11:54 - 2020-12-19 11:54 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxJF3CJKyHmNERALXfTfok8cHmuzlxhdmyujb@Tc+Atv2Szb4-SVFb_kae195f3d47394530_.exe
2020-12-17 15:25 - 2021-01-01 20:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-13 11:56 - 2020-12-13 11:56 - 000000000 ____D C:\Users\Chanchal\Documents\Zoom
2020-12-13 11:54 - 2020-12-13 11:55 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\Zoom_cm_fo42anktZ9vvrZo4_m2ibw9uR-hHyVszONOJmuSek0fNlt9BWWSdxq@T0epyFySFwpZ5HIf_k3795af8e400dbf76_.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 014694648 _____ (Zoom Video Communications, Inc.) C:\Users\Chanchal\Downloads\ZoomInstaller.exe
2020-12-13 11:51 - 2020-12-13 11:51 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 15:55 - 2020-12-10 15:55 - 001328392 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 001263104 _____ C:\WINDOWS\system32\FaceProcessor.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000512856 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000164168 _____ C:\WINDOWS\system32\cmdiag.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000103936 _____ C:\WINDOWS\system32\cmimageworker.exe
2020-12-10 15:55 - 2020-12-10 15:55 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 15:55 - 2020-12-10 15:55 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-12-10 15:55 - 2020-12-10 15:55 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 15:54 - 2020-12-10 15:54 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 15:54 - 2020-12-10 15:54 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 15:54 - 2020-12-10 15:54 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 15:54 - 2020-12-10 15:54 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 15:54 - 2020-12-10 15:54 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Teams
2020-12-10 15:49 - 2020-12-10 15:49 - 000000000 ____D C:\Users\Chanchal\AppData\Local\SquirrelTemp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-02 17:08 - 2019-07-15 19:44 - 000000000 ____D C:\Users\Chanchal\AppData\LocalLow\Mozilla
2021-01-02 17:05 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-02 17:03 - 2020-07-23 20:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-02 14:54 - 2020-01-27 22:21 - 000000000 ____D C:\Users\Chanchal\.p2
2021-01-02 14:53 - 2020-01-27 22:31 - 000000000 ____D C:\Users\Chanchal\AppData\Local\Eclipse
2021-01-02 14:53 - 2020-01-27 22:28 - 000000000 ____D C:\eclipse
2021-01-02 14:09 - 2019-07-15 19:44 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-02 11:45 - 2020-07-23 20:39 - 000797598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-02 11:45 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-02 11:40 - 2020-07-23 20:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-02 11:40 - 2020-07-23 20:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-02 11:40 - 2020-07-23 20:35 - 000001591 _____ C:\WINDOWS\system32\config\VSMIDK
2021-01-02 11:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-02 11:37 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-02 09:25 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-02 03:01 - 2019-04-25 08:56 - 000000000 __SHD C:\Users\Chanchal\IntelGraphicsProfiles
2021-01-01 20:58 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\PCDr
2021-01-01 20:56 - 2020-01-27 20:57 - 000000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2020-01-27 20:57 - 000000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002.job
2021-01-01 20:56 - 2019-07-15 19:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-01 20:56 - 2019-04-02 07:44 - 000000000 ____D C:\Intel
2021-01-01 20:56 - 2019-04-02 06:53 - 000059371 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2020-12-30 21:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-29 22:34 - 2019-07-15 19:44 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-29 22:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-25 14:47 - 2019-04-02 07:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-12-23 18:57 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-19 15:24 - 2020-07-23 20:28 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-12-19 11:50 - 2020-06-21 23:12 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-19 11:50 - 2020-06-21 23:12 - 000002261 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-18 15:07 - 2020-07-23 20:39 - 000003860 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-07-23 20:39 - 000003764 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-18 15:07 - 2020-01-27 20:57 - 000000000 ____D C:\Users\Chanchal\AppData\Local\GoToMeeting
2020-12-16 15:26 - 2020-07-23 20:39 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1079059935-2040455010-3243201420-1002
2020-12-16 15:26 - 2020-07-23 20:28 - 000002378 _____ C:\Users\Chanchal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-16 15:26 - 2019-04-25 08:58 - 000000000 ___RD C:\Users\Chanchal\OneDrive
2020-12-13 11:51 - 2020-07-06 18:37 - 000000000 ____D C:\Users\Chanchal\AppData\Roaming\Zoom
2020-12-13 10:42 - 2019-08-31 10:30 - 000000000 ____D C:\Users\Chanchal\Documents\folder
2020-12-11 17:33 - 2019-04-02 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-11 17:32 - 2020-01-05 22:08 - 000000000 ____D C:\ProgramData\Dell
2020-12-11 17:31 - 2020-07-23 20:39 - 000003916 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-12-11 17:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-11 17:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-11 17:21 - 2020-07-23 20:35 - 000294696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-11 17:20 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-11 17:20 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 15:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-09 17:27 - 2020-01-12 18:37 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-07 15:46 - 2020-02-25 19:55 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-06 17:30 - 2019-04-25 15:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-06 17:23 - 2019-04-25 15:28 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-04 15:04 - 2019-04-02 08:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 19:45 - 2020-07-23 20:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 19:45 - 2020-07-23 20:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
------------------------------------------------------------------------------------------------------------------------------------------------
Addition.txt logs in next post.