• Technology
  • Electrical equipment
  • Material Industry
  • Digital life
  • Privacy Policy
  • O name
Location: Home / Technology / HTML/Phish.RA!MTB infection not definitely removed

HTML/Phish.RA!MTB infection not definitely removed

techserving |
1895

Hi. I have a 64 bit Windows 10 laptop whose main AV is Defender.

Source of infection is SPAM. Defender identified the malware immediately when I touched the file in Thunderbird. I came to find that I was receiving multiple spams with a subject line beginning with an underscore (_) and each time the arrival of the email into my Inbox would alert Defender. Problem was that Defender would usually try to Remove or Quarantine but the final summary was this

trojan.JPG 57.7KB0 downloads

HTML/Phish.RA!MTB infection not definitely removed

I finally got it under control by logging into my web mail and deleting any messages with _subject from the providers server before I downloaded them to my laptop. I also used the providers spam tools to reject any subject beginning with an underscore. Not sure if that will cover it, but no _subjects so far today. I'm breathing again as this threat is described as a password collector. But it's an ugly makeshift solution and Defender leaves me with an unclear status Remediation Incomplete. Neither Housecall nor MBAM could see the virus when I scanned with them.

One other symptom was that after the first alert by Defender, I began to have difficulty seeing my Inbox emails (all blank) and was unable Empty Trash. System responded with the odd message "There is not enough disk space to download new messages." Didn't make a screen shot of it unfortunately and am not sure if it was a Thunderbird or Windows message.

Ultimately the only thing that got the red X removed from Defender was an Offline Scan. Thanks.

Well, here is FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2022 01Ran by cope (administrator) on LAPTOP-PV813QTR (LENOVO 80X4) (14-04-2022 21:04:50)Running from C:\Users\cope\DownloadsLoaded Profiles: copePlatform: Microsoft Windows 10 Home Version 21H2 19044.1645 (X64) Language: English (United States)Default browser: ChromeBoot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe(explorer.exe ->) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(explorer.exe ->) (SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxEM.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\ibtsiva.exe(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxCUIService.exe(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHDCPSvc.exe(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHeciSvc.exe(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-05-25] (LENOVO -> )HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677488 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321592 2019-03-11] (Intel® Rapid Storage Technology -> Intel Corporation)HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849928 2016-09-19] (Dolby Laboratories, Inc. -> )HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35888256 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-11] (Google LLC -> Google LLC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-11-20]ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )GroupPolicy: Restriction ? <==== ATTENTIONPolicies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01694321-4C2C-4B51-A741-C99F3943D56A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\469cb482-fd66-4cac-a870-9e68a5ff8e59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {0209A36C-E368-4F8F-96C7-809B70BCC558} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-313246963-3037881445-1802910-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)Task: {039F46E7-8402-4106-B901-FA84A1F9D5F3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)Task: {0427B744-2090-47A1-AA79-457E90E93D2A} - System32\Tasks\CCleanerSkipUAC - cope => C:\Program Files\CCleaner\CCleaner.exe [30053504 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)Task: {25B4348D-CED6-416E-9BEF-DF9A86294C99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Task: {3A8E30CB-3EF6-456E-B935-050089915D39} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerServiceTask: {3E5ECBD8-CAE4-4C32-9C17-DA2DD1F96B8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {435DDE76-E3F5-47C2-A1AC-BDEBD879376B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {570AABD4-1BC4-4217-9BF0-E338143FC28C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Task: {59C536E1-F8BA-46DE-BFCB-7EEAEB5E1998} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)Task: {5ED1416D-084D-46C2-BD02-71129D53B410} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-16] (Google Inc -> Google Inc.)Task: {61003686-87EA-4D45-B710-7488F4AFE5BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)Task: {6B7D48DC-91EE-42E0-B746-4130DA6A431B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {8788E93F-6B8D-4BE9-A8C2-BA338897109B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {89C093CF-4F70-4CBB-AC64-07D696629E0C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"Task: {91045D90-E7DA-4F50-BEEC-F7E8A471B5A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {98D2CD6D-7566-4F48-B962-899F38081515} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14db7110-c370-4e33-89b4-e4ffc69aa531 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {9DABA2BB-DF3F-4C0B-8FEB-C9D0E337A386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-16] (Google Inc -> Google Inc.)Task: {B1257E74-0889-4670-94E1-E4F70C559F07} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4c4b4016-eb07-4017-b034-a65ffb94f6de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {BDD1FDDA-B2AE-4028-AAC0-3518E7AE810D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1eb6cb73-2891-429f-837f-cdaf935c00d6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {C244C3C6-AFAD-41A6-B2A3-434EDF30FB4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Task: {C3278433-4829-48AB-A745-A0AC38150AC6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\88bf197c-fd62-4ae3-a5e9-4a2b348cce3e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Task: {C4AF5A87-C19F-47C1-8663-BEC7452AC4E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-03-10] (Piriform Software Ltd -> Piriform)Task: {EA22C148-B71A-46AF-AAD9-62DF4B7E65CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Task: {FE749972-32D7-49A7-8D15-71279A350F08} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{a324593e-2193-40e1-81d6-51cbd21b84a1}: [DhcpNameServer] 169.254.131.49Tcpip\..\Interfaces\{b3dfa0c7-b6eb-438c-bd53-91ce6540439c}: [DhcpNameServer] 192.168.1.254 Edge: =======Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]Edge Profile: C:\Users\cope\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-11]Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox:========FF DefaultProfile: f81ixan5.default-1602258033880FF ProfilePath: C:\Users\cope\AppData\Roaming\Mozilla\Firefox\Profiles\f81ixan5.default-1602258033880 [2022-04-13]FF Extension: (Video DownloadHelper) - C:\Users\cope\AppData\Roaming\Mozilla\Firefox\Profiles\f81ixan5.default-1602258033880\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-01-09]FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) Chrome: =======CHR Profile: C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default [2022-04-14]CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.newsbreak.comCHR HomePage: Default -> hxxp://www.google.com/CHR Session Restore: Default -> is enabled.CHR Extension: (Slides) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-16]CHR Extension: (Docs) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]CHR Extension: (Google Drive) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-05]CHR Extension: (YouTube) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]CHR Extension: (Sheets) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-16]CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\foklmnihmhdobgonljkdamiiohnobkff [2022-04-11]CHR Extension: (Google Docs Offline) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-23]CHR Extension: (Malwarebytes Browser Guard) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-11]CHR Extension: (Video DownloadHelper) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-07-09]CHR Extension: (Chrome Web Store Payments) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09]CHR Extension: (Gmail) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-05]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (LENOVO -> Lenovo)R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-11] (Malwarebytes Inc -> Malwarebytes)R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-02] (Malwarebytes Inc -> Malwarebytes)R3 MpKsl36c8f9ba; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4958C271-110F-4CB6-8B16-AEE8B0496171}\MpKslDrv.sys [139536 2022-04-14] (Microsoft Windows -> Microsoft Corporation)R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [937536 2017-04-09] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [828256 2019-12-10] (IDRIX SARL -> IDRIX)S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-07] (Microsoft Windows -> Microsoft Corporation)R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-14 21:04 - 2022-04-14 21:05 - 000024565 _____ C:\Users\cope\Downloads\FRST.txt2022-04-14 21:04 - 2022-04-14 21:04 - 000024755 _____ C:\Users\cope\Desktop\bleeping tutorial.odt2022-04-14 20:32 - 2022-04-14 20:32 - 002365952 _____ (Farbar) C:\Users\cope\Downloads\FRST64.exe2022-04-14 12:37 - 2022-04-14 12:37 - 000127653 _____ C:\Users\cope\AppData\Local\recently-used.xbel2022-04-13 23:33 - 2022-04-13 23:33 - 091226112 _____ C:\WINDOWS\system32\config\SOFTWARE2022-04-13 20:39 - 2022-04-13 20:39 - 000008646 _____ C:\WINDOWS\system32\AmspLogList.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000002222 _____ C:\WINDOWS\system32\AmspConfig.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000002016 _____ C:\WINDOWS\system32\AmspLogFilter.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000000127 _____ C:\WINDOWS\system32\trxhandler_log.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000000080 _____ C:\WINDOWS\system32\log.ini2022-04-13 20:38 - 2022-04-13 20:38 - 000000000 ____D C:\WINDOWS\system32\TmAMSI2022-04-13 20:37 - 2022-04-13 21:48 - 000000000 ____D C:\Users\cope\AppData\Local\Trend Micro2022-04-13 20:37 - 2022-04-13 21:47 - 000000000 ____D C:\ProgramData\Trend Micro2022-04-13 20:11 - 2022-04-13 20:11 - 000870562 _____ C:\Users\cope\AppData\Local\census.cache2022-04-13 20:09 - 2022-04-13 20:09 - 000387211 _____ C:\Users\cope\AppData\Local\ars.cache2022-04-13 19:58 - 2022-04-13 21:48 - 000000000 ____D C:\Program Files\Trend Micro2022-04-13 19:58 - 2022-04-13 20:40 - 000000036 _____ C:\Users\cope\AppData\Local\housecall.guid.cache2022-04-13 18:53 - 2022-04-13 18:53 - 000162883 _____ C:\Users\cope\Desktop\trojan.xcf2022-04-13 17:52 - 2022-04-14 20:29 - 001197879 _____ C:\Users\cope\Desktop\trash file sqlite-highlights.odt2022-04-13 15:39 - 2022-04-13 15:39 - 001196591 _____ C:\Users\cope\Desktop\trash file sqlite.odt2022-04-12 21:12 - 2022-04-12 21:12 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll2022-04-12 21:12 - 2022-04-12 21:12 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll2022-04-12 21:12 - 2022-04-12 21:12 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim2022-04-12 21:11 - 2022-04-12 21:11 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe2022-04-12 21:01 - 2022-04-12 21:01 - 000000000 ___HD C:\$WinREAgent2022-04-12 20:30 - 2022-04-12 21:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird2022-04-11 18:17 - 2022-04-13 23:32 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware2022-04-11 14:20 - 2022-04-11 14:20 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2022-04-11 13:58 - 2022-04-11 13:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla2022-03-30 12:14 - 2022-03-30 12:14 - 000125820 _____ C:\Users\cope\Downloads\1099DIV-2019.pdf2022-03-30 12:12 - 2022-03-30 12:12 - 000125347 _____ C:\Users\cope\Downloads\1099DIV-2021.pdf2022-03-29 12:34 - 2022-03-29 12:34 - 002004474 _____ C:\Users\cope\Downloads\EStatement-2021-12-15-41657.pdf2022-03-23 14:19 - 2022-03-23 14:19 - 000035924 _____ C:\Users\cope\Downloads\EnrollCode (1).pdf2022-03-23 14:18 - 2022-03-23 14:18 - 002004474 _____ C:\Users\cope\Downloads\EStatement-2021-12-15-47888.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-04-14 21:05 - 2019-08-02 12:41 - 000000000 ____D C:\FRST2022-04-14 21:04 - 2018-01-17 15:54 - 000000000 ____D C:\Users\cope\.gimp-2.82022-04-14 21:03 - 2018-06-22 12:22 - 000000000 ____D C:\Users\cope\AppData\LocalLow\Mozilla2022-04-14 20:46 - 2018-01-16 20:33 - 000000000 ____D C:\Program Files (x86)\Google2022-04-14 20:28 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2022-04-14 19:08 - 2020-08-10 22:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2022-04-14 12:37 - 2018-01-17 16:13 - 000000000 ____D C:\Users\cope\AppData\Local\gtk-2.02022-04-14 11:51 - 2018-01-31 09:49 - 000000000 ____D C:\Program Files\CCleaner2022-04-14 01:58 - 2019-10-02 09:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData2022-04-14 01:54 - 2022-01-14 14:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb382022-04-14 01:53 - 2018-01-16 17:06 - 000000000 __SHD C:\Users\cope\IntelGraphicsProfiles2022-04-13 21:48 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP2022-04-13 20:52 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps2022-04-13 20:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness2022-04-13 20:39 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM2022-04-13 20:38 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF2022-04-13 19:37 - 2020-08-10 22:18 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI2022-04-13 19:33 - 2020-08-10 22:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2022-04-13 19:33 - 2020-08-10 22:14 - 000008192 ___SH C:\DumpStack.log.tmp2022-04-13 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState2022-04-13 19:28 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI2022-04-13 13:02 - 2019-08-02 12:36 - 000000000 ____D C:\Users\cope\AppData\Local\mbam2022-04-12 21:21 - 2020-08-10 22:14 - 000330904 _____ C:\WINDOWS\system32\FNTCACHE.DAT2022-04-12 21:21 - 2018-01-16 20:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr2022-04-12 21:15 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp2022-04-12 21:00 - 2018-01-16 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT2022-04-12 20:58 - 2018-01-16 21:56 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2022-04-12 20:28 - 2020-08-10 22:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task2022-04-12 20:27 - 2021-11-19 12:44 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk2022-04-12 20:27 - 2021-11-19 12:44 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk2022-04-12 12:56 - 2020-07-06 20:42 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2022-04-11 19:39 - 2018-01-16 20:33 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2022-04-11 19:39 - 2018-01-16 20:33 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk2022-04-11 14:24 - 2021-02-11 13:06 - 000000000 ____D C:\Users\cope\AppData\Local\CrashDumps2022-04-11 14:18 - 2022-01-09 07:09 - 000000000 ____D C:\Program Files\Mozilla Firefox2022-04-11 13:58 - 2021-01-15 16:22 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2022-04-11 13:58 - 2020-05-21 18:15 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk2022-04-11 13:58 - 2019-01-01 22:16 - 000000000 ____D C:\ProgramData\Mozilla2022-04-11 13:58 - 2018-06-22 12:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2022-04-11 13:56 - 2019-08-02 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes2022-04-11 13:56 - 2019-08-02 12:36 - 000000000 ____D C:\Program Files\Malwarebytes2022-04-10 14:07 - 2018-01-29 16:40 - 000000000 ____D C:\Users\cope\AppData\Roaming\Canon2022-04-10 13:58 - 2020-08-10 22:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2022-04-10 13:58 - 2020-08-10 22:19 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore2022-04-08 05:45 - 2018-02-17 19:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd2022-04-07 16:45 - 2021-01-24 14:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools2022-04-07 10:30 - 2021-12-12 19:41 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-313246963-3037881445-1802910-10012022-04-07 10:30 - 2020-08-10 22:19 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-313246963-3037881445-1802910-10012022-04-07 10:30 - 2020-08-10 19:48 - 000002379 _____ C:\Users\cope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2022-04-05 13:55 - 2017-05-25 08:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office2022-04-04 14:02 - 2018-01-17 15:48 - 000000000 ____D C:\Users\cope\AppData\Roaming\vlc2022-03-23 21:13 - 2021-01-24 14:05 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll2022-03-23 21:12 - 2021-01-24 14:05 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll2022-03-22 18:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======== 2022-04-13 20:09 - 2022-04-13 20:09 - 000387211 _____ () C:\Users\cope\AppData\Local\ars.cache2022-04-13 20:11 - 2022-04-13 20:11 - 000870562 _____ () C:\Users\cope\AppData\Local\census.cache2022-04-13 19:58 - 2022-04-13 20:40 - 000000036 _____ () C:\Users\cope\AppData\Local\housecall.guid.cache2019-01-29 05:28 - 2019-01-29 05:28 - 000066717 _____ () C:\Users\cope\AppData\Local\logo.jpg2019-06-13 16:04 - 2019-06-13 16:04 - 000000410 _____ () C:\Users\cope\AppData\Local\oobelibMkey.log2018-01-18 20:41 - 2018-01-18 22:11 - 000000600 _____ () C:\Users\cope\AppData\Local\PUTTY.RND2022-04-14 12:37 - 2022-04-14 12:37 - 000127653 _____ () C:\Users\cope\AppData\Local\recently-used.xbel2019-07-29 20:42 - 2019-07-29 20:52 - 000007605 _____ () C:\Users\cope\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== And here is Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2022 01Ran by cope (14-04-2022 21:06:21)Running from C:\Users\cope\DownloadsMicrosoft Windows 10 Home Version 21H2 19044.1645 (X64) (2020-08-11 02:19:48)Boot Mode: Normal============================================================================== Accounts: =============================(If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-313246963-3037881445-1802910-500 - Administrator - Disabled)cope (S-1-5-21-313246963-3037881445-1802910-1001 - Administrator - Enabled) => C:\Users\copeDefaultAccount (S-1-5-21-313246963-3037881445-1802910-503 - Limited - Disabled)Guest (S-1-5-21-313246963-3037881445-1802910-501 - Limited - Disabled)WDAGUtilityAccount (S-1-5-21-313246963-3037881445-1802910-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe)Adobe Animate 2019 (HKLM-x32\...\FLPR_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated)Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated)Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Version: 4.0.0 - Rovio Entertainment Ltd.)balenaEtcher 1.5.114 (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.114 - Balena Inc.)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)CanoScan Toolbox Ver4.6 (HKLM-x32\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version:- )CCleaner (HKLM\...\CCleaner) (Version: 5.91 - Piriform)CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.)Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Version: 0.7.5.67 - Dolby Laboratories, Inc.)EZ Vinyl/Tape Converter by Ion Audio 11.7.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.7.0 - Ion Audio LLC)GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)Glary Undelete 5.0.1.19 (HKLM-x32\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) HiddenIntel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation) HiddenIntel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.6.1044 - Intel Corporation)IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)Jaxx Liberty 2.5.0 (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\5947781c-9863-579f-b9db-91554a22cc65) (Version: 2.5.0 - decentral.ca)LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) HiddenLenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation)Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.1 - Mozilla)Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 100.0 (x86 en-US)) (Version: 100.0 - Mozilla)MultiDoge 0.1.7 (HKLM-x32\...\MultiDoge 0.1.7) (Version: 0.1.7 - )Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) HiddenOpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)Puran File Recovery 1.2.1 (HKLM\...\Puran File Recovery_is1) (Version:- Puran Software)PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)Shotcut (HKLM-x32\...\Shotcut) (Version:- )Spotify (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\Spotify) (Version: 1.1.62.583.gdac868ed - Spotify AB)Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:- File Recovery Ltd.)Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) HiddenVdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:- DownloadHelper)VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Hotfix1 - IDRIX)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA}) (Version: 6.17.1113.31799 - RealVNC Ltd)Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) HiddenWindows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)Windows Migration Assistant (HKLM-x32\...\{96EAB2F7-9D1F-4426-BA58-9D9D101FDC2C}) (Version: 2.2.0.1 - Apple Inc.)Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)Zoom (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.) Packages:=========Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-22] (Adobe Systems Incorporated)Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.215.400.0_x64__kgqvnymyfvs32 [2022-04-07] (king.com)Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2018-01-16] (LENOVO INCORPORATED.)Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-08-10] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.18.1201.0_x64__8wekyb3d8bbwe [2022-02-17] (Microsoft Studios)Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-313246963-3037881445-1802910-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6DFA1F2F56A0} -> [Creative Cloud Files] => C:\Users\cope\Creative Cloud Files [2019-06-13 16:07]CustomCLSID: HKU\S-1-5-21-313246963-3037881445-1802910-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)ShellIconOverlayIdentifiers: [FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} =>-> No FileShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>-> No FileContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxDTCM.dll [2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2018-11-18 15:29 - 2018-04-30 08:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll2020-04-20 16:15 - 2020-04-20 16:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll2020-04-20 16:15 - 2020-04-20 16:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [246]AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [99]AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [98]AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9 [130]AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C [115] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-313246963-3037881445-1802910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTEHKU\S-1-5-21-313246963-3037881445-1802910-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTEHKU\S-1-5-21-313246963-3037881445-1802910-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.comSearchScopes: HKU\S-1-5-21-313246963-3037881445-1802910-1001 -> DefaultScope {2552A28A-33CC-4A93-99ED-6DD1722480C4} URL = SearchScopes: HKU\S-1-5-21-313246963-3037881445-1802910-1001 -> {2552A28A-33CC-4A93-99ED-6DD1722480C4} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM {CAFEEFAC-0018-0000-00281-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM-x32 {CAFEEFAC-0018-0000-00281-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabHandler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-313246963-3037881445-1802910-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpgDNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "LenovoUtility"HKLM\...\StartupApproved\Run: => "IAStorIcon"HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\StartupApproved\Run: => "CCXProcess"HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0EE6D0C8-5FE9-46D0-BFA7-01E4908FACCE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{3657F959-6729-4EE7-8353-A5BF881ABA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{5587DD7A-DD3C-4D87-A496-669895187FD1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)FirewallRules: [{CB1F87EF-CC4A-4C4A-9037-80E60BCC265D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)FirewallRules: [{1A173FB9-1ED7-46D4-953B-4D8A52F4AB97}] => (Allow) C:\Users\cope\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)FirewallRules: [{A7043DCB-CAD4-4FD5-AA87-D2B38D040A90}] => (Allow) C:\Users\cope\AppData\Roaming\Zoom\bin\airhost.exe => No FileFirewallRules: [{E7EFDF58-496A-4E00-B15B-F00235FE5D53}] => (Allow) C:\Users\cope\AppData\Roaming\Zoom\bin\airhost.exe => No FileFirewallRules: [TCP Query User{BAC8CBA3-1EB2-44DA-A8CE-0AFB3C7AD3F6}C:\users\cope\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cope\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [UDP Query User{D33A6DA1-156E-4125-8B05-A3D5C73B3F2F}C:\users\cope\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cope\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{1E681063-4801-4337-9508-650B76283440}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{189DBEFC-7BA4-4F00-BE42-9A5AB4374394}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{78390EFF-61E5-48E6-87D3-CF0E2788A042}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{B1C67094-F0BC-4EB2-8694-08615EA4C33F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{2CBAEA16-BE84-4B3A-BB72-8C74FB8DF0C7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{BC938E21-A3EA-40C8-99FC-7F02DB97AF9D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{3DD206E7-56FE-4C0E-8421-EF8B7A7989C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{75E75CBF-7B1A-4C25-9402-20D8C4D4AD20}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{AB3FF2BD-4046-49D7-B952-8D64A89412F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{7FEE010E-D9F4-48CA-BF22-1A7B4BB767BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{12D4D4EB-3E6D-4271-B14C-8D646F40C5E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ============================================= Faulty Device Manager Devices ================================ Event log errors: ======================== Application errors:==================Error: (04/14/2022 07:08:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Local Hostname LAPTOP-PV813QTR.local already in use; will try LAPTOP-PV813QTR-2.local instead Error: (04/14/2022 07:08:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister4 LAPTOP-PV813QTR.local. Addr 192.168.1.88 Error: (04/14/2022 07:08:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.88:5353 16 LAPTOP-PV813QTR.local. AAAA 2600:1700:EFF0:1BD0:0000:0000:0000:0047 Error: (04/14/2022 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Local Hostname LAPTOP-PV813QTR.local already in use; will try LAPTOP-PV813QTR-2.local instead Error: (04/14/2022 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister4 LAPTOP-PV813QTR.local. Addr 192.168.1.88 Error: (04/14/2022 05:21:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Received from 192.168.1.88:5353 16 LAPTOP-PV813QTR.local. AAAA 2600:1700:EFF0:1BD0:0000:0000:0000:0047 Error: (04/13/2022 07:33:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Local Hostname LAPTOP-PV813QTR.local already in use; will try LAPTOP-PV813QTR-2.local instead Error: (04/13/2022 07:33:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister4 LAPTOP-PV813QTR.local. Addr 192.168.1.88System errors:=============Error: (04/13/2022 08:39:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Platinum Host Service service. Error: (04/13/2022 08:39:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The TMUMH service failed to start due to the following error: The revision level is unknown. Error: (04/13/2022 08:39:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The TMUMH service failed to start due to the following error: The revision level is unknown. Error: (04/13/2022 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PV813QTR)Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (04/13/2022 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PV813QTR)Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (04/13/2022 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PV813QTR)Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (04/13/2022 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PV813QTR)Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (04/13/2022 07:28:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PV813QTR)Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.Windows Defender:================Date: 2022-04-13 21:48:59Description: Microsoft Defender Antivirus scan has been stopped before completion.Scan Type: AntimalwareScan Parameters: Quick Scan Date: 2022-04-13 19:26:13Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0Name: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\TrashDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Date: 2022-04-13 19:26:04Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0Name: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\InboxDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Date: 2022-04-13 18:34:46Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0Name: PUABundler:Win32/PiriformBundlerSeverity: LowCategory: Potentially Unwanted SoftwarePath: containerfile:_C:\downloads\scanners\ccsetup566.exe; containerfile:_C:\Users\cope\Documents\Frequent Backup\document files\RGC\VR\Shanahan\shanahan\ccsetup405.exe; file:_C:\downloads\scanners\ccsetup566.exe->(nsis-instdata); file:_C:\Users\cope\Documents\Frequent Backup\document files\RGC\VR\Shanahan\shanahan\ccsetup405.exe->(nsis-instdata)Detection Origin: Local machineDetection Type: ConcreteDetection Source: UserProcess Name: UnknownSecurity intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Date: 2022-04-13 15:11:37Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0Name: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\TrashDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity intelligence Version: AV: 1.363.323.0, AS: 1.363.323.0, NIS: 1.363.323.0Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5CodeIntegrity:===============Date: 2022-04-14 20:54:01Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2022-04-14 20:51:02Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.==================== Memory info ===========================BIOS: LENOVO 4QCN23WW(V1.04) 04/13/2017Motherboard: LENOVO Lenovo ideapad 320S-14IKBProcessor: Intel® Core™ i5-7200U CPU @ 2.50GHzPercentage of memory in use: 64%Total physical RAM: 8050.39 MBAvailable physical RAM: 2891.09 MBTotal Virtual: 13426.39 MBAvailable Virtual: 7512.41 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:26.75 GB) NTFSDrive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.47 GB) NTFS \\?\Volume{ac8a2942-1e08-4e42-ba35-57f084b86e93}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS\\?\Volume{1a4ec879-1c42-4b67-89f6-c2d3c35972bd}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ==========================================================Disk: 0 (Size: 238.5 GB) (Disk ID: 973C58E1) Partition: GPT. ==================== End of Addition.txt =======================