Inactive Think I'm infected, please help, thank you

Status
Not open for further replies.
Here are my log files....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2021
Ran by willi (administrator) on B-UNIT (ASUSTeK Computer Inc. K52F) (23-02-2021 10:18:53)
Running from C:\Users\willi\OneDrive\Desktop
Loaded Profiles: willi
Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2020-12-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1128013736-2862579630-230849842-1001\...\MountPoints2: {56e690d4-52bc-11eb-9bd5-e006e6a4f7ea} - "F:\OnePlus_setup.exe" /s
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-17] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0329F02B-0284-4575-B629-92D32A046E60} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {062DE161-6ECA-49B1-A645-ABA3E5932C0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-15] (Google LLC -> Google LLC)
Task: {09376EB4-2D85-4565-BEC3-EA41EA68D34B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2434424 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E1CB6BD-7A29-4D79-AAAC-12D65D8B9115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D8ABCCC-F045-40AC-B62C-7EF636915557} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [32624 2020-10-22] (Microsoft Corporation -> Microsoft)
Task: {3D9E326F-2A9A-48A2-8A88-52E4A6080412} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143672 2019-04-02] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {5FA780CB-5C4B-43C2-BCE8-7BDC9B5F03F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2311536 2020-10-22] (Microsoft Corporation -> Microsoft)
Task: {6A581CF9-0BF5-4554-B447-0C2D51A95AF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7415BF91-7CB6-489E-A90B-72CB6DC2F65D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2434424 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {78807741-4BAA-4ABF-A074-FC0E42F50858} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78D6C372-4C49-451C-893D-6487495CAE34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-15] (Google LLC -> Google LLC)
Task: {8C3674D4-C6F2-4A95-A644-96C55ABD477B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1910128 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {D94A860C-F48F-43CF-987A-FA026B1797ED} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1910128 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7f10a078-a1d4-4ab2-bce0-3c6ac909ee32}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{aca19fb2-5058-4021-9af9-60446f4b4e86}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (AVG Online Security) -> EdgeExtension_51CA791EAVGOnlineSecurity_s1d0xtrs8dx04 => C:\Program Files\WindowsApps\51CA791E.AVGOnlineSecurity_19.4.444.0_neutral__s1d0xtrs8dx04 [2020-12-04]
Edge DefaultProfile: Default
Edge Profile: C:\Users\willi\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-23]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default [2021-02-23]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.gstatic.com/youtube/media/ytm/images/applauncher/music_icon_48x48.png
CHR Extension: (Slides) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-15]
CHR Extension: (Docs) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-15]
CHR Extension: (Google Drive) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-15]
CHR Extension: (YouTube) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-15]
CHR Extension: (YouTube Music) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-12-26]
CHR Extension: (Sheets) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]
CHR Extension: (Gmail) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-08]
CHR Profile: C:\Users\willi\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-12-11]
CHR Profile: C:\Users\willi\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 NETJME; C:\WINDOWS\System32\drivers\NETJME.sys [137728 2019-12-07] (Microsoft Windows -> JMicron Technology Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-23 10:17 - 2021-02-23 10:20 - 000000000 ____D C:\FRST
2021-02-17 03:40 - 2021-02-17 03:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-02-16 21:30 - 2021-02-16 21:34 - 000000000 ____D C:\Users\willi\OneDrive\Documents\sm-a205u backup
2021-02-16 21:11 - 2020-11-19 19:53 - 082903228 ____N C:\Users\willi\Downloads\CSC_OMC_OYM_A205U1OYM7BTK1_CL19844280_QB35863963_REV00_user_low_ship.tar.md5
2021-02-16 21:11 - 2020-11-19 19:52 - 082882753 ____N C:\Users\willi\Downloads\HOME_CSC_OMC_OYM_A205U1OYM7BTK1_CL19844280_QB35863963_REV00_user_low_ship.tar.md5
2021-02-16 21:11 - 2020-11-19 19:52 - 030331070 ____N C:\Users\willi\Downloads\CP_A205U1UEU7BTK1_CP17421137_CL19844280_QB35863963_REV00_user_low_ship.tar.md5
2021-02-16 21:11 - 2020-11-19 19:49 - 002908338 ____N C:\Users\willi\Downloads\BL_A205U1UEU7BTK1_CL19844280_QB35863963_REV00_user_low_ship.tar.md5
2021-02-16 21:09 - 2020-11-19 19:49 - 3636459711 ____N C:\Users\willi\Downloads\AP_A205U1UEU7BTK1_CL19844280_QB35863963_REV00_user_low_ship_meta_OS10.tar.md5
2021-02-16 03:42 - 2021-02-16 03:42 - 000509288 _____ C:\Users\willi\Downloads\SM-A205U+Schematic.zip
2021-02-16 03:38 - 2021-02-16 03:56 - 3221962044 _____ C:\Users\willi\Downloads\[up_vnROM.net]_A205U1UEU7BTK1_A205U1OYM7BTK1_ACG_10.0.zip
2021-02-15 18:30 - 2021-02-17 14:36 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-15 18:30 - 2021-02-15 18:30 - 000000000 ____D C:\Program Files\Google
2021-02-15 18:29 - 2021-02-15 18:29 - 001304160 _____ (Google LLC) C:\Users\willi\Downloads\ChromeSetup (1).exe
2021-02-15 18:29 - 2021-02-15 18:29 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-12 04:54 - 2021-02-12 04:54 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 04:53 - 2021-02-12 04:53 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-08 23:56 - 2021-02-09 00:36 - 000195350 _____ C:\WINDOWS\ntbtlog.txt
2021-02-08 23:56 - 2021-02-08 23:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-02-08 18:52 - 2021-02-08 18:52 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-08 18:52 - 2021-02-08 18:52 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-08 18:52 - 2021-02-08 18:52 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-08 17:08 - 2021-02-08 17:08 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-02-08 17:08 - 2021-02-08 17:08 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-02-08 17:08 - 2021-02-08 17:08 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-02-08 17:08 - 2021-02-08 17:08 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-02-08 17:08 - 2021-02-08 17:08 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-02-08 17:08 - 2021-02-08 17:08 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-02-08 17:08 - 2021-02-08 17:08 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-02-08 17:08 - 2021-02-08 17:08 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-02-08 17:08 - 2021-02-08 17:08 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-02-08 17:08 - 2021-02-08 17:08 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-02-08 17:07 - 2021-02-08 17:07 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-02-08 17:07 - 2021-02-08 17:07 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-02-08 17:07 - 2021-02-08 17:07 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-02-08 17:07 - 2021-02-08 17:07 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-02-08 17:07 - 2021-02-08 17:07 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-08 17:07 - 2021-02-08 17:07 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-02-08 17:06 - 2021-02-08 17:06 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-02-08 17:06 - 2021-02-08 17:06 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-02-08 17:06 - 2021-02-08 17:06 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-02-08 17:06 - 2021-02-08 17:06 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-08 17:06 - 2021-02-08 17:06 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-02-08 17:05 - 2021-02-08 17:05 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-02-08 17:05 - 2021-02-08 17:05 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-02-08 17:04 - 2021-02-08 17:04 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-02-08 17:04 - 2021-02-08 17:04 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-02-08 17:04 - 2021-02-08 17:04 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-02-08 17:03 - 2021-02-08 17:03 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-02-08 17:03 - 2021-02-08 17:03 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-02-08 17:03 - 2021-02-08 17:03 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-02-08 17:03 - 2021-02-08 17:03 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-02-08 17:02 - 2021-02-08 17:02 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-02-08 17:02 - 2021-02-08 17:02 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-02-08 17:02 - 2021-02-08 17:02 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-02-08 17:02 - 2021-02-08 17:02 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-02-08 17:02 - 2021-02-08 17:02 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-02-08 17:01 - 2021-02-08 17:01 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-02-08 17:00 - 2021-02-08 17:00 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-02-08 17:00 - 2021-02-08 17:00 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-02-08 17:00 - 2021-02-08 17:00 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-02-08 16:59 - 2021-02-08 16:59 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-02-08 16:59 - 2021-02-08 16:59 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-02-08 16:59 - 2021-02-08 16:59 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-02-08 16:59 - 2021-02-08 16:59 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-02-08 10:45 - 2021-02-08 10:45 - 000009851 _____ C:\Users\willi\OneDrive\Documents\2021_02_08_10_43_33.htm
2021-02-08 10:29 - 2021-02-12 03:09 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6def0fd1e8afe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-23 09:24 - 2020-12-30 12:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-23 00:57 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-22 22:21 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-22 22:21 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-20 07:32 - 2020-12-04 04:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-19 12:16 - 2020-12-07 17:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 12:16 - 2020-12-07 17:41 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-19 09:37 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-19 08:23 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-17 14:36 - 2020-12-02 17:02 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 05:33 - 2020-12-30 13:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-17 05:33 - 2020-12-30 12:58 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-17 05:32 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-17 02:02 - 2020-12-02 16:45 - 000000000 ____D C:\Users\willi\AppData\Local\Packages
2021-02-17 01:51 - 2020-12-04 06:15 - 000000000 ____D C:\Users\willi\AppData\Local\PlaceholderTileLogoFolder
2021-02-16 21:33 - 2020-12-04 11:44 - 000000000 ____D C:\ProgramData\Samsung
2021-02-16 21:06 - 2020-12-08 00:09 - 000000000 ____D C:\Program Files (x86)\EasyVMS
2021-02-16 18:00 - 2020-12-12 04:16 - 000000000 ____D C:\RecordPlan
2021-02-15 18:29 - 2020-12-30 13:34 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-15 18:29 - 2020-12-30 13:34 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-15 18:18 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-14 22:00 - 2020-12-30 12:44 - 000000000 ____D C:\ProgramData\ssh
2021-02-12 05:17 - 2020-12-30 13:19 - 000972430 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 05:12 - 2020-12-30 12:58 - 000266280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 05:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 05:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 05:08 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 04:19 - 2020-12-02 18:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 04:08 - 2020-12-02 18:00 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-12 04:07 - 2020-12-04 09:36 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-12 04:05 - 2020-12-11 08:50 - 000000000 ____D C:\Users\Default\.dotnet
2021-02-12 04:03 - 2020-12-07 22:23 - 000000000 ____D C:\Program Files\dotnet
2021-02-12 03:09 - 2020-12-30 13:34 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-12 02:59 - 2020-12-03 04:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-08 22:32 - 2020-12-30 12:04 - 000000000 ___SD C:\WINDOWS\system32\containers
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-08 22:32 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-08 22:32 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-08 22:31 - 2020-12-30 12:04 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-02-08 22:31 - 2020-12-30 12:04 - 000000000 ____D C:\WINDOWS\ADAM
2021-02-08 22:31 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-02-08 22:31 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-02-08 22:31 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2021-02-08 22:31 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-02-08 16:58 - 2020-12-30 13:03 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-02-08 10:31 - 2020-12-02 18:06 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-02-05 20:04 - 2020-12-04 04:55 - 000734016 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:03 - 2020-12-04 04:55 - 000470848 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)
 
And heres the addition




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by willi (23-02-2021 10:40:47)
Running from C:\Users\willi\OneDrive\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2020-12-30 21:37:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1128013736-2862579630-230849842-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1128013736-2862579630-230849842-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-1128013736-2862579630-230849842-1005 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-1128013736-2862579630-230849842-501 - Limited - Disabled)
sshd (S-1-5-21-1128013736-2862579630-230849842-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1128013736-2862579630-230849842-504 - Limited - Disabled)
willi (S-1-5-21-1128013736-2862579630-230849842-1001 - Administrator - Enabled) => C:\Users\willi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
EasyVMS 2.4.1.7785 (HKLM-x32\...\EasyVMS) (Version: 2.4.1.7785 - )
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Microsoft .NET SDK 5.0.103 (x64) (HKLM-x32\...\{ef652463-9fab-47df-a3bd-caeec3c0dd92}) (Version: 5.1.321.7308 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 13.222.137.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20113.5 - Samsung Electronics Co., Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Windows Subsystem for Linux Update (HKLM\...\{8D646799-DB00-4000-AE7A-756A05A4F1D8}) (Version: 5.4.72 - Microsoft Corporation)

Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.48.0_x64__pwbj9vvecjh7j [2021-02-21] (Amazon Development Centre (London) Ltd)
AVG Online Security -> C:\Program Files\WindowsApps\51CA791E.AVGOnlineSecurity_19.4.444.0_neutral__s1d0xtrs8dx04 [2020-12-04] (AVAST Software)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.10.0_x64__xcg28tkrsnqww [2021-02-08] (Cool File Viewer)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.837.0_x64__v10z8vjag6ke6 [2021-02-22] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-12-04] (Hulu.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-12] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-12-03] (Microsoft Corporation) [MS Ad]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-02-12] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2020-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod

==================== Loaded Modules (Whitelisted) =============

2014-07-04 21:30 - 2014-07-04 21:30 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2014-07-04 21:30 - 2014-07-04 21:30 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2020-12-06 10:38 - 2019-02-21 08:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1128013736-2862579630-230849842-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D120420-A5AF4E3D53C&form=CONMHP&conlogo=CT3335878
SearchScopes: HKU\S-1-5-21-1128013736-2862579630-230849842-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COS2&ptag=D120420-N0700A5AF4E3D53C&form=CONBDF&conlogo=CT3335878&q={searchTerms}

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1128013736-2862579630-230849842-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1128013736-2862579630-230849842-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 03:04 - 2015-07-10 03:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1128013736-2862579630-230849842-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1128013736-2862579630-230849842-1005\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1128013736-2862579630-230849842-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [PlayTo-QWave-Out-TCP-PlayToScope] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Out-UDP] => (Block) C:\WINDOWS\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Out-TCP] => (Block) C:\WINDOWS\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{AF8DCDDE-53F7-4F66-ADFD-96D5B6850736}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{A11A9D9D-8463-445C-BBEE-75F0866881DB}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-02-2021 15:34:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/23/2021 09:57:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.19041.746, time stamp: 0x52055893
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae
Exception code: 0x00000000
Fault offset: 0x000000000002d759
Faulting process id: 0x11ac
Faulting application start time: 0x01d70a0d2621523d
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7b3ca828-af9c-4e3f-93bf-ba40119c4983
Faulting package full name:
Faulting package-relative application ID:

Error: (02/23/2021 09:25:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 640

Start Time: 01d709c1e9e18b94

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 805bea38-6d8b-44c9-a39f-d7cb354feba7

Faulting package full name: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Hang type: Cross-process

Error: (02/22/2021 07:18:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (02/18/2021 07:49:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/18/2021 07:33:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/17/2021 04:33:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.746 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1208

Start Time: 01d704a49640bbf1

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 1fc1a345-b1c3-4b80-9307-a6125fb0cd68

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (02/17/2021 04:07:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2030

Start Time: 01d7051f92b1ff80

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 3a8532de-5d17-4bf7-8f53-738687cea2f6

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Cross-process

Error: (02/15/2021 06:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome_pwa_launcher.exe, version: 88.0.4324.150, time stamp: 0x601b4071
Faulting module name: chrome_pwa_launcher.exe, version: 88.0.4324.150, time stamp: 0x601b4071
Exception code: 0x80000003
Fault offset: 0x000000000004363b
Faulting process id: 0x1c1c
Faulting application start time: 0x01d7040a5e623934
Faulting application path: C:\Program Files\Google\Chrome\Application\88.0.4324.150\chrome_pwa_launcher.exe
Faulting module path: C:\Program Files\Google\Chrome\Application\88.0.4324.150\chrome_pwa_launcher.exe
Report Id: d96eb89e-e942-41e5-964b-be5d1055f9f8
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/22/2021 09:39:22 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:39:22 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:28:48 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:28:48 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:21:57 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:21:57 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:05:54 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.

Error: (02/22/2021 09:05:54 AM) (Source: ACPI) (EventID: 10) (User: )
Description: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.


Windows Defender:
================
Date: 2021-02-22 19:35:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-21 09:18:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-20 06:22:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-19 03:33:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-17 03:10:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-08 23:56:22
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-02-08 10:44:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2075.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-02-08 10:38:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2075.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-02-08 10:38:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2075.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-01-23 01:43:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2075.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: American Megatrends Inc. K52F.212 11/01/2010
Motherboard: ASUSTeK Computer Inc. K52F
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 75%
Total physical RAM: 3884.46 MB
Available physical RAM: 965.37 MB
Total Virtual: 5063.73 MB
Available Virtual: 1391.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.58 GB) (Free:300.81 GB) NTFS
Drive d: () (Removable) (Total:14.48 GB) (Free:14.47 GB) FAT32

\\?\Volume{a4aecbfe-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{a4aecbfe-0000-0000-0000-d03a74000000}\ () (Fixed) (Total:0.84 GB) (Free:0.39 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A4AECBFE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=862 MB) - (Type=27)

==========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 72FDFF61)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ===============
 

Broni

Posts: 55,748   +502
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

What are the problems?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.