• About
  • Shop
  • Forum
  • Contact
No Result
View All Result
  • Login
My Webroot Login
  • Home
    • Home – Layout 1
    • Home – Layout 5
  • Troubleshooting
  • How To Fix
  • Virus Removal
  • Tutorial
  • Courses
  • Open Source
  • Plugins
  • Downloads
  • Home
    • Home – Layout 1
    • Home – Layout 5
  • Troubleshooting
  • How To Fix
  • Virus Removal
  • Tutorial
  • Courses
  • Open Source
  • Plugins
  • Downloads
No Result
View All Result
My Webroot Login
No Result
View All Result
Home Virus Removal

Spyware Activity Suspected – Virus, Trojan, Spyware, and Malware Removal Help

by admin
January 13, 2021
0
325
SHARES
2.5k
VIEWS
Share on FacebookShare on Twitter


Anyway listed below are the logs that you simply talked about:

Scan results of Farbar Restoration Scan Device (FRST) (x64) Model: 09-01-2021
Ran by konstantin (administrator) on DESKTOP-OI8V39O (HP HP ENVY x360 Convertible 15m-cn0xxx) (10-01-2021 13:32:38)
Operating from C:UserswinkoDocumentssoftware_tools
Loaded Profiles: konstantin
Platform: Home windows 10 House Model 1909 18363.1256 (X64) Language: English (United States)
Default browser: "C:Program Information (x86)BraveSoftwareBrave-BrowserApplicationbrave.exe" --single-argument %1
Boot Mode: Regular

==================== Processes (Whitelisted) =================

(If an entry is included within the fixlist, the method shall be closed. The file is not going to be moved.)

(Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(Aruba Networks, Inc. -> Aruba Networks) C:Program FilesAruba NetworksClearPassOnGuardarubanetsvc.exe
(Aruba Networks, Inc. -> Aruba Networks, Inc.) C:Program Information (x86)Aruba NetworksClearPassOnGuardClearPassAgentController.exe
(Aruba Networks, Inc. -> Aruba Networks, Inc.) C:Program FilesAruba NetworksClearPassOnGuardClearPassOnGuardAgentService.exe
(Courageous Software program, Inc. -> Courageous Software program, Inc.) C:Program Information (x86)BraveSoftwareBrave-BrowserApplicationbrave.exe <18>
(Conexant Techniques LLC -> Conexant Techniques LLC.) C:WindowsSystem32CxAudioSvc.exe
(Conexant Techniques LLC -> Synaptics Integrated.) C:WindowsSystem32SynAudSrv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:Program Information (x86)DropboxUpdateDropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:WindowsSystem32DbxSvc.exe
(HP Inc. -> HP Inc.) C:Program Information (x86)HPHP JumpStart BridgeHPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:Program Information (x86)HPHP JumpStart LaunchHPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:Program Information (x86)HPHP System EventHPMSGSVC.exe
(HP Inc. -> HP Inc.) C:Program Information (x86)HPHP System EventHPWMISVC.exe
(HP Inc. -> HP Inc.) C:Program Information (x86)HPHPAudioSwitchHPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:Program FilesHPCommRecoveryHPCommRecovery.exe
(HP Inc. -> HP Inc.) C:WindowsSystem32DriverStoreFileRepositoryhpanalyticscomp.inf_amd64_a7be790d73ea14ebx64TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:WindowsSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64AppHelperCap.exe
(HP Inc. -> HP Inc.) C:WindowsSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:WindowsSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64NetworkCap.exe
(HP Inc. -> HP Inc.) C:WindowsSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64SysInfoCap.exe
(HP Inc.) C:Program FilesWindowsAppsAD2F1837.HPThermalControl_1.7.18.0_x64__v10z8vjag6ke6HpSystemManagement.exe
(HP Inc.) C:Program FilesWindowsAppsAD2F1837.HPThermalControl_1.7.18.0_x64__v10z8vjag6ke6Win32ProcessHPCC.Bg.BackgroundApp.exe
(Intel Company -> Intel Company) C:WindowsSystem32IntelDPTFdptf_helper.exe
(Intel Company -> Intel Company) C:WindowsSystem32IntelDPTFesif_uf.exe
(Intel Company -> Intel(R) Company) C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
(Intel Company -> Intel(R) Company) C:Program FilesIntelWiFibinEvtEng.exe
(Intel Company -> IntelĀ® Company) C:Program FilesIntelWiFibinZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Company) C:Program Information (x86)IntelIntel(R) Administration Engine ComponentsDALjhi_service.exe
(Intel(R) pGFX -> Intel Company) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_1c41cc68747d972bigfxCUIService.exe
(Intel(R) pGFX -> Intel Company) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_1c41cc68747d972bigfxEM.exe
(Intel(R) pGFX -> Intel Company) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_1c41cc68747d972bIntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Company) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_1c41cc68747d972bIntelCpHeciSvc.exe
(Intel(R) Fast Storage Know-how -> Intel Company) C:Program FilesIntelIntel(R) Fast Storage TechnologyIAStorDataMgrSvc.exe
(Intel(R) Fast Storage Know-how -> Intel Company) C:Program FilesIntelIntel(R) Fast Storage TechnologyIAStorIcon.exe
(Intel(R) Software program Growth Merchandise -> Intel Company) C:Program Information (x86)IntelSWToolscompilers_and_libraries_2020.1.216windowsmpiintel64binhydra_service.exe
(Intel(R) Software program Growth Merchandise -> Intel Company) C:UserswinkoAppDataLocalIntel Corporationism_currentism2.exe
(Intel(R) Software program Growth Merchandise -> Intel Company) C:WindowsSystem32DriverStoreFileRepositorysgx_psw.inf_amd64_fafb1d329fdfe2c6aesm_service.exe
(Intel(R) Belief Companies -> Intel(R) Company) C:Program FilesIntelIntel(R) Administration Engine ComponentsiCLSSocketHeciServer.exe
(Intel(R) Wi-fi Connectivity Options -> Intel Company) C:WindowsSystem32ibtsiva.exe
(Logitech Inc -> ) C:Program FilesLogitechCollaborationServicesVideoRightSightAPIcrashpad_handler.exe
(Logitech Inc -> Logitech Europe S.A.) C:Program FilesLogitechCollaborationServicesVideoRightSightAPIRightSightService.exe
(Logitech Inc -> Logitech) C:Program FilesLogitechCollaborationServicesVideoServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Company -> Microsoft Company) C:Program Information (x86)Widespread FilesMicrosoft SharedPhone ToolsCoreCon11.0binIpOverUsbSvc.exe
(Microsoft Company -> Microsoft Company) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Company -> Microsoft Company) C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE
(Microsoft Company -> Microsoft Company) C:Program FilesMicrosoft OfficerootOffice16POWERPNT.EXE
(Microsoft Company -> Microsoft Company) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Company -> Sysinternals - www.sysinternals.com) C:UserswinkoAppDataLocalTempZoomIt64.exe
(Microsoft Company -> Sysinternals - www.sysinternals.com) C:UserswinkoDocumentssoftware_toolsZoomIt.exe
(Microsoft Company) C:Program FilesWindowsAppsMicrosoft.Workplace.OneNote_16001.13328.20478.0_x64__8wekyb3d8bbweonenoteim.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32dllhost.exe <2>
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32smartscreen.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32wlanext.exe
(Realtek Semiconductor Corp) C:Program FilesWindowsAppsRealtekSemiconductorCorp.HPAudioControl_1.7.194.0_x64__dt26b99r8h8gjHPAudioControl.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>
(Motive Software program Firm Inc. -> Motive Software program Firm Inc.) C:Program Information (x86)Uncheckybinunchecky_bg.exe
(Motive Software program Firm Inc. -> Motive Software program Firm Inc.) C:Program Information (x86)Uncheckybinunchecky_svc.exe
(Sophos Restricted -> Sophos Restricted) C:Program Information (x86)SophosSophos Virus Elimination ToolSVRTgui.exe
(Sound Analysis Company -> Sound Analysis, Corp.) C:WindowsSystem32SECOMN64.exe
(Synaptics Integrated -> Synaptics Integrated) C:WindowsSystem32SynTPEnh.exe
(Synaptics Integrated -> Synaptics Integrated) C:WindowsSystem32SynTPEnhService.exe
(VMware, Inc. -> ) C:Program Information (x86)VMwareVMware Workstationvmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:Program Information (x86)Widespread FilesVMwareUSBvmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:Program Information (x86)VMwareVMware Workstationvmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:Program Information (x86)VMwareVMware Workstationvmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:WindowsSysWOW64vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe
(XOREAX LTD -> IncrediBuild Software program Ltd.) [File not signed] C:Program Information (x86)IncrediBuildBuildService.exe
(XOREAX LTD -> IncrediBuild Software program Ltd.) [File not signed] C:Program Information (x86)IncrediBuildCoordService.exe
(Zemana Ltd. -> Zemana Ltd.) C:Program Information (x86)Zemana AntiLogger FreeAntiLogger Free.exe

==================== Registry (Whitelisted) ===================

(If an entry is included within the fixlist, the registry merchandise shall be restored to default or eliminated. The file is not going to be moved.)

HKLM...Run: [IAStorIcon] => C:Program FilesIntelIntel(R) Fast Storage TechnologyIAStorIcon.exe [320584 2018-02-13] (Intel(R) Fast Storage Know-how -> Intel Company)
HKLM...Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32...Run: [HPMessageService] => C:Program Information (x86)HPHP System EventHPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32...Run: [Dropbox] => C:Program Information (x86)DropboxClientDropbox.exe [7992832 2020-12-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32...Run: [ZALFree] => C:Program Information (x86)Zemana AntiLogger FreeAntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd. -> Zemana Ltd.)
HKLM-x32...Run: [IncrediBuild Agent Monitor] => C:Program Information (x86)IncrediBuildBuildTrayIcon.exe [189920 2018-09-02] (XOREAX LTD -> IncrediBuild Software program Ltd.) [File not signed]
HKLM-x32...Run: [SunJavaUpdateSched] => C:Program Information (x86)Widespread FilesJavaJava Updatejusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Company)
HKLM-x32...Run: [vmware-tray.exe] => C:Program Information (x86)VMwareVMware Workstationvmware-tray.exe [117680 2019-09-16] (VMware, Inc. -> VMware, Inc.)
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [McAfeeSafeConnect] => C:Program Information (x86)McAfee Secure ConnectMcAfee Secure Join.exe
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [f.lux] => C:UserswinkoAppDataLocalFluxSoftwareFluxflux.exe [1469968 2020-06-17] (F.lux Software program LLC -> f.lux Software program LLC)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [com.squirrel.Teams.Teams] => C:UserswinkoAppDataLocalMicrosoftTeamsUpdate.exe [1789552 2019-08-30] (Microsoft third Occasion Utility Element -> Microsoft Company)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [GoogleChromeAutoLaunch_3DB4EA53A0D60F379465252331304CA3] => C:Program Information (x86)BraveSoftwareBrave-BrowserApplicationbrave.exe [2150840 2021-01-07] (Courageous Software program, Inc. -> Courageous Software program, Inc.)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [Discord] => C:UserswinkoAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [com.squirrel.slack.slack] => C:UserswinkoAppDataLocalslackslack.exe [306672 2020-12-23] (Slack Applied sciences, Inc. -> Slack Applied sciences Inc.)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...Run: [ISM] => C:Program Information (x86)Widespread FilesIntelIntel Software program Managerism2.exe [446336 2019-04-19] (Intel(R) Software program Growth Merchandise -> Intel Company)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...RunOnce: [Application Restart #2] => C:Program Information (x86)Microsoft Visible Studio2017CommunityCommon7IDEdevenv.exe [726888 2020-09-16] (Microsoft Company -> Microsoft Company)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...RunOnce: [Application Restart #3] => C:Program Information (x86)BraveSoftwareBrave-BrowserApplicationbrave.exe [2150840 2021-01-07] (Courageous Software program, Inc. -> Courageous Software program, Inc.)
HKUS-1-5-21-3160669524-3685954079-2904429179-1001...RunOnce: [Application Restart #1] => C:Program Information (x86)BraveSoftwareBrave-BrowserApplicationbrave.exe [2150840 2021-01-07] (Courageous Software program, Inc. -> Courageous Software program, Inc.)
HKLMSoftwareMicrosoftActive SetupInstalled Parts: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Information (x86)GoogleChromeApplication87.0.4280.88Installerchrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLMSoftwareMicrosoftActive SetupInstalled Parts: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program Information (x86)BraveSoftwareBrave-BrowserApplication87.1.18.78Installerchrmstp.exe [2021-01-08] (Courageous Software program, Inc. -> Courageous Software program, Inc.)
AppInit_DLLs: C:PROGRA~2KEYCRY~1KEYCRY~4.DLL => C:Program Information (x86)KeyCryptSDKKeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd. -> Zemana Ltd.)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAruba ClearPass OnGuard.lnk [2019-05-04]
ShortcutTarget: Aruba ClearPass OnGuard.lnk -> C:Program FilesAruba NetworksClearPassOnGuardClearPassOnGuard.exe (Aruba Networks, Inc. -> Aruba Networks)
Startup: C:UserswinkoAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupRainmeter.lnk [2019-01-17]
ShortcutTarget: Rainmeter.lnk -> C:Program FilesRainmeterRainmeter.exe (Open Supply Developer, Birunthan Mohanathas -> Rainmeter)
Startup: C:UserswinkoAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2021-01-08]
ShortcutTarget: Ship to OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Company -> Microsoft Company)

==================== Scheduled Duties (Whitelisted) ============

(If an entry is included within the fixlist, it is going to be faraway from the registry. The file is not going to be moved except listed individually.)

Activity: {037B7BD2-CED7-48C1-B604-E7717D8336CB} - System32TasksHPCeeScheduleForkonstantin => C:Program Information (x86)Hewlett-PackardHP CeementHPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Activity: {065A4157-1FD6-4429-B122-A85430902650} - System32TasksHPJumpStartLaunch => C:Program Information (x86)HPHP JumpStart LaunchHPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Activity: {06B26C67-33C2-4112-809B-0A81FD5B7C44} - System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program Information (x86)BraveSoftwareUpdateBraveUpdate.exe [159368 2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
Activity: {09061DDE-0703-4AD9-BAFB-E56623460186} - System32TasksHewlett-PackardHP Assist AssistantHP Assist Assistant Replace Discover => C:Program Information (x86)HPHP Assist FrameworkResourcesBingPopupBingPopup.exe [553304 2020-11-02] (HP Inc. -> HP Inc.)
Activity: {11CFBEC5-6232-466A-9D17-9363BE9F8B86} - System32TasksGoogleUpdateTaskMachineCore => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [156968 2019-01-20] (Google Inc -> Google Inc.)
Activity: {12307BF5-CB37-47BF-B8A2-DC88C5AC5116} - System32TasksMicrosoftOfficeOffice Characteristic Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [143720 2020-12-25] (Microsoft Company -> Microsoft Company)
Activity: {22B51B80-7A0D-4265-A5D7-073D5BC9D10C} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Passport for Work alert created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {273F2855-9E53-4F07-A362-3ABE71FFE6A7} - System32TasksGoogleUpdateTaskMachineUA => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [156968 2019-01-20] (Google Inc -> Google Inc.)
Activity: {313C88B2-0295-4AE3-A56E-5ECA98087A33} - System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Company -> Microsoft Company)
Activity: {3E911914-BDF1-4637-A20C-DDB4913C3305} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Provisioning initiated session => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {4893E8A7-2EC4-4B2A-AB0F-44189CE7A59D} - System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program Information (x86)BraveSoftwareUpdateBraveUpdate.exe [159368 2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
Activity: {5574F4AC-8934-42BB-B816-97D81BA3C86C} - System32TasksMicrosoftOfficeOffice Subscription Upkeep => C:Program FilesMicrosoft OfficerootvfsProgramFilesCommonx64Microsoft SharedOffice16OLicenseHeartbeat.exe [1532312 2020-12-25] (Microsoft Company -> Microsoft Company)
Activity: {56D4A967-7548-46DE-B152-DC113AD3E76B} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule #1 created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {5890E2A4-DFFF-4ED2-AD24-3DC9868FDD3D} - System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [693216 2021-01-07] (Mozilla Company -> Mozilla Basis)
Activity: {639C5802-20B0-4F9C-9B4D-EB3153DEA0D6} - System32TasksDropboxUpdateTaskMachineCore => C:Program Information (x86)DropboxUpdateDropboxUpdate.exe [143144 2019-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Activity: {7164CF3C-AE47-48B9-9B05-A24E6796B3C4} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule #2 created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {7258984A-FE1D-40B9-8683-6215F558D238} - System32TasksHPAudioSwitch => C:Program Information (x86)HPHPAudioSwitchHPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Activity: {78A1E1BC-BDF6-4C92-B296-7CA1757A3D95} - System32TasksHPEA3JOBS => C:Program [Argument = FilesHPHP ePrinthpeprint.exe /CheckJobs]
Activity: {7CFFAB09-846A-4DAE-88F4-8F2B0CC03C53} - System32TasksMicrosoftOfficeOffice Characteristic Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [143720 2020-12-25] (Microsoft Company -> Microsoft Company)
Activity: {853E6108-1ECB-4A52-B755-5C76976F903E} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule created by enrollment shopper for renewal of certificates warning => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {8998E549-0FA3-4F4B-8158-9DE1C397A18B} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40PushUpgrade => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {9247C166-EEE4-4C79-BB9F-69CF9A491566} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40OS Version Improve occasion listener created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {9362A404-4DBA-4E64-8973-4E83502C8A21} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40PushRenewal => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {945DBF38-F0AD-45AA-8C14-43C1A99EDABC} - System32TasksMicrosoftOfficeOffice 15 Subscription Heartbeat => C:Program FilesCommon FilesMicrosoft SharedOffice15OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Company -> Microsoft Company)
Activity: {AA656A01-3FCE-4942-BC60-F9A1F5E04D24} - System32TasksMicrosoftVisualStudioUpdatesUpdateConfiguration_S-1-5-21-3160669524-3685954079-2904429179-1001 => C:Program Information (x86)Microsoft Visible StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXConfigurationUpdater.exe [26032 2020-06-01] (Microsoft Company -> Microsoft Company)
Activity: {AB6B2BEC-A76D-481E-A9A6-699A4C150A2A} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40PushLaunch => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {AC0074F0-2443-4DF6-BA0C-ECA92AA56449} - System32TasksAdobe Flash Participant Updater => C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Activity: {B16D3A0D-502C-47AE-8F14-61B99D1C8637} - System32TasksHewlett-PackardHP Assist AssistantWarrantyChecker => C:Program Information (x86)HPHP Assist FrameworkResourcesHPWarrantyCheckHPWarrantyChecker.exe [1137496 2020-11-02] (HP Inc. -> HP Inc.)
Activity: {C2CF7661-0ED3-4C8B-9F04-3762BC0C7B00} - System32TasksHewlett-PackardHP Assist AssistantWarrantyChecker_DeviceScan => C:Program Information (x86)HPHP Assist FrameworkResourcesHPWarrantyCheckHPWarrantyChecker.exe [1137496 2020-11-02] (HP Inc. -> HP Inc.)
Activity: {C7039251-FAA7-44F7-9D02-8686D7E75C1E} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule to run OMADMClient by server => C:WINDOWSsystem32omadmclient.exe [332800 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {CAE71F96-1FFB-47B2-86D7-7AC17CA13F94} - System32TasksMicrosoftOfficeOffice Computerized Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Company -> Microsoft Company)
Activity: {CEF99CE2-62B1-4AE1-AA47-6D8B5C0296C2} - System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5142960 2020-12-05] (Microsoft Company -> Microsoft Company)
Activity: {D1E61D5F-2C2C-4979-AEE4-5A419C7827FA} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule to run OMADMClient by shopper => C:WINDOWSsystem32omadmclient.exe [332800 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {D82C7973-7725-4A7C-BB68-2D9A8869F3F4} - System32TasksAdobe Flash Participant NPAPI Notifier => C:WINDOWSSysWOW64MacromedFlashFlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Activity: {E23D7966-3757-45D6-9EE3-2EE8DA3BF16F} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Schedule #3 created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {E48C2C3D-7F90-445C-B75E-9DD17BEFF6E8} - System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5142960 2020-12-05] (Microsoft Company -> Microsoft Company)
Activity: {E65D400B-5721-4C1D-9744-A13CDB6448A2} - System32TasksHewlett-PackardHP Assist AssistantHP Assist Options Framework Report => C:Program Information (x86)HPHP Assist FrameworkResourcesHPSFReport.exe [135000 2020-09-30] (HP Inc. -> HP Inc.)
Activity: {F02BB0A6-3076-4A21-9186-38D168DDF9BD} - System32TasksDropboxUpdateTaskMachineUA => C:Program Information (x86)DropboxUpdateDropboxUpdate.exe [143144 2019-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Activity: {F63B314B-8950-496E-BC19-CD41C62F3CB2} - System32TasksMicrosoftVisualStudioVSIX Auto Replace 15.9.3043 => C:Program Information (x86)Microsoft Visible StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXAutoUpdate.exe [206184 2020-06-01] (Microsoft Company -> )
Activity: {FDF6F015-D21F-4929-BF95-B6CD6F3390FA} - System32TasksMicrosoftWindowsEnterpriseMgmt394CFBA3-A395-4732-BD8C-19E483E74C40Win10 S Mode occasion listener created by enrollment shopper => C:WINDOWSsystem32deviceenroller.exe [551936 2020-12-09] (Microsoft Home windows -> Microsoft Company)
Activity: {FFE36594-486E-4451-B8AB-3E0099DB7373} - System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [862 2019-04-30] () [File not signed]

(If an entry is included within the fixlist, the duty (.job) file shall be moved. The file which is working by the duty is not going to be moved.)

Activity: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe
Activity: C:WINDOWSTasksDropboxUpdateTaskMachineCore.job => C:Program Information (x86)DropboxUpdateDropboxUpdate.exe
Activity: C:WINDOWSTasksDropboxUpdateTaskMachineUA.job => C:Program Information (x86)DropboxUpdateDropboxUpdate.exe
Activity: C:WINDOWSTasksHPCeeScheduleForkonstantin.job => C:Program Information (x86)Hewlett-PackardHP CeementHPCEE.exe

==================== Web (Whitelisted) ====================

(If an merchandise is included within the fixlist, if it's a registry merchandise it is going to be eliminated or restored to default.)

Winsock: Catalog9 15 C:WINDOWSSysWOW64vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:WINDOWSSysWOW64vsocklib.dll [42296 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:Windowssystem32vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:Windowssystem32vsocklib.dll [46392 2019-08-14] (VMware, Inc. -> VMware, Inc.)
Hosts: There are a couple of entry in Hosts. See Hosts part of Addition.txt
TcpipParameters: [DhcpNameServer] 192.168.1.254
Tcpip..Interfaces{204f16c1-10e1-4952-a143-c4e1778c5cae}: [NameServer] 132.241.82.200,132.241.82.201
Tcpip..Interfaces{ae8e4ddc-53a5-45fe-975c-133560601eef}: [DhcpNameServer] 172.168.0.7
Tcpip..Interfaces{ebaa44f1-1a87-451d-80c4-02c7adc085fd}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..Interfaces{ed7cadae-9c90-416b-a181-c9408233f0ef}: [DhcpNameServer] 192.168.1.254

Edge: 
======
DownloadDir: C:UserswinkoDownloads
Edge DefaultProfile: Default
Edge Profile: C:UserswinkoAppDataLocalMicrosoftEdgeUser DataDefault [2021-01-06]
Edge DownloadDir: C:UserswinkoDownloads
Edge Extension: (Malwarebytes Browser Guard) - C:UserswinkoAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2020-12-29]
Edge HKLM-x32...EdgeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: oi7kpxje.default-1548224327104
FF ProfilePath: C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104 [2021-01-10]
FF Extension: (Disconnect) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions2.0@disconnect.me.xpi [2020-10-07]
FF Extension: (AdBlocker Final) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensionsadblockultimate@adblockultimate.internet.xpi [2020-12-07]
FF Extension: (GitZip) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensionsgitzip-firefox-addons@gitzip.org.xpi [2020-10-21]
FF Extension: (HTTPS All over the place) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensionshttps-everywhere@eff.org.xpi [2020-11-17]
FF Extension: (Print Pleasant & PDF) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensionsjid0-YQz0l1jthOIz179ehuitYAOdBEs@jetpack.xpi [2019-12-20]
FF Extension: (Malwarebytes Browser Guard) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2020-12-15]
FF Extension: (PostureMinder) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions{616b3720-2344-4979-981d-28ea3e9941ed}.xpi [2019-04-17] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (NoScript) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-01-08]
FF Extension: (Straightforward Youtube Video Downloader Specific) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-12-07]
FF Extension: (Learn Aloud: A Textual content to Speech Voice Reader) - C:UserswinkoAppDataRoamingMozillaFirefoxProfilesoi7kpxje.default-1548224327104Extensions{ddc62400-f22d-4dd3-8b4a-05837de53c2e}.xpi [2021-01-04]
FF Plugin: @adobe.com/FlashPlayer -> C:WINDOWSsystem32MacromedFlashNPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,model=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2020-09-03] (Microsoft Company -> Microsoft Company)
FF Plugin: @videolan.org/vlc,model=3.0.7.1 -> C:Program FilesVideoLANVLCnpvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WINDOWSSysWOW64MacromedFlashNPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,model=11.251.2 -> C:Program Information (x86)Javajre1.8.0_251bindtpluginnpDeployJava1.dll [2020-05-04] (Oracle America, Inc. -> Oracle Company)
FF Plugin-x32: @java.com/JavaPlugin,model=11.251.2 -> C:Program Information (x86)Javajre1.8.0_251binplugin2npjp2.dll [2020-05-04] (Oracle America, Inc. -> Oracle Company)
FF Plugin-x32: @Microsoft.com/DownloadManager,model=1.1 -> C:WINDOWS [0000-00-00] ()
FF Plugin-x32: @microsoft.com/Lync,model=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2020-09-03] (Microsoft Company -> Microsoft Company)
FF Plugin-x32: @microsoft.com/SharePoint,model=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2020-09-03] (Microsoft Company -> Microsoft Company)
FF Plugin-x32: @instruments.courageous.com/BraveSoftware Replace;model=3 -> C:Program Information (x86)BraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @instruments.courageous.com/BraveSoftware Replace;model=9 -> C:Program Information (x86)BraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
FF Plugin HKUS-1-5-21-3160669524-3685954079-2904429179-1001: @zoom.us/ZoomVideoPlugin -> C:UserswinkoAppDataRoamingZoombin_00npzoomplugin.dll [2020-05-27] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKUS-1-5-21-3160669524-3685954079-2904429179-1001: SkypeForBusinessPlugin-16.2 -> C:UserswinkoAppDataLocalMicrosoftSkypeForBusinessPlugin16.2.0.511npGatewayNpapi.dll [2019-08-03] (Microsoft Company -> Microsoft Company)
FF Plugin HKUS-1-5-21-3160669524-3685954079-2904429179-1001: SkypeForBusinessPlugin64-16.2 -> C:UserswinkoAppDataLocalMicrosoftSkypeForBusinessPlugin16.2.0.511npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Company -> Microsoft Company)

Chrome: 
=======
CHR Profile: C:UserswinkoAppDataLocalGoogleChromeUser DataDefault [2021-01-09]
CHR Notifications: Default -> hxxps://go.proctoru.com
CHR Extension: (Slides) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-01-20]
CHR Extension: (Docs) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-01-22]
CHR Extension: (Google Drive) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-22]
CHR Extension: (Sheets) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-01-20]
CHR Extension: (Google Docs Offline) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Malwarebytes Browser Guard) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsihcjicgdanjaechkgeegckofjjedodee [2020-12-26]
CHR Extension: (Chrome Net Retailer Funds) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2019-10-31]
CHR Extension: (Gmail) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:UserswinkoAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18]
CHR HKLM-x32...ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Companies (Whitelisted) ===================

(If an entry is included within the fixlist, it is going to be faraway from the registry. The file is not going to be moved except listed individually.)

S3 AdobeFlashPlayerUpdateSvc; C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S2 courageous; C:Program Information (x86)BraveSoftwareUpdateBraveUpdate.exe [159368 2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
S3 bravem; C:Program Information (x86)BraveSoftwareUpdateBraveUpdate.exe [159368 2019-08-27] (Courageous Software program, Inc. -> BraveSoftware Inc.)
R2 ClearPass Agent Controller; C:Program Information (x86)Aruba NetworksClearPassOnGuardClearPassAgentController.exe [10072056 2017-09-22] (Aruba Networks, Inc. -> Aruba Networks, Inc.)
R2 ClearPass OnGuard Agent Service; C:Program FilesAruba NetworksClearPassOnGuardClearPassOnGuardAgentService.exe [6213112 2017-09-22] (Aruba Networks, Inc. -> Aruba Networks, Inc.)
R2 ClearPass VPN Service; C:Program FilesAruba NetworksClearPassOnGuardarubanetsvc.exe [413176 2017-09-22] (Aruba Networks, Inc. -> Aruba Networks)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Company -> Microsoft Company)
S2 dbupdate; C:Program Information (x86)DropboxUpdateDropboxUpdate.exe [143144 2019-01-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:Program Information (x86)DropboxUpdateDropboxUpdate.exe [143144 2019-01-16] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:WINDOWSsystem32DbxSvc.exe [44552 2020-12-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 HP Comm Get better; C:Program FilesHPCommRecoveryHPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:WINDOWSSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64AppHelperCap.exe [689912 2020-11-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:Program Information (x86)HPHP JumpStart BridgeHPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:WINDOWSSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64NetworkCap.exe [688888 2020-11-05] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:WINDOWSSystem32DriverStoreFileRepositoryhpcustomcapcomp.inf_amd64_3214041c94f8abcdx64SysInfoCap.exe [689400 2020-11-05] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:WINDOWSSystem32DriverStoreFileRepositoryhpanalyticscomp.inf_amd64_a7be790d73ea14ebx64TouchpointAnalyticsClientService.exe [476424 2020-11-04] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:Program Information (x86)HPHP System EventHPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:WINDOWSIAStorAfsServiceiaStorAfsService.exe [2593848 2018-05-06] (Intel(R) Fast Storage Know-how -> Intel Company)
R2 impi_hydra_2019_0_7; C:Program Information (x86)IntelSWToolscompilers_and_libraries_2020.1.216windowsmpiintel64binhydra_service.exe [228736 2020-03-12] (Intel(R) Software program Growth Merchandise -> Intel Company)
R2 IncrediBuild_Agent; C:Program Information (x86)IncrediBuildBuildService.exe [1358304 2018-09-02] (XOREAX LTD -> IncrediBuild Software program Ltd.) [File not signed]
R2 IncrediBuild_Coordinator; C:Program Information (x86)IncrediBuildCoordService.exe [3475936 2018-09-02] (XOREAX LTD -> IncrediBuild Software program Ltd.) [File not signed]
R2 IpOverUsbSvc; C:Program Information (x86)Widespread FilesMicrosoft SharedPhone ToolsCoreCon11.0binIpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Company -> Microsoft Company)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2020-12-14] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:Program FilesLogitechCollaborationServicesVideoServiceLayer.exe [4489352 2019-06-12] (Logitech Inc -> Logitech)
R2 Unchecky; C:Program Information (x86)Uncheckybinunchecky_svc.exe [297240 2019-01-16] (Motive Software program Firm Inc. -> Motive Software program Firm Inc.)
S3 VBoxSDS; C:Program FilesOracleVirtualBoxVBoxSDS.exe [692992 2019-04-16] (Oracle Company -> Oracle Company)
R2 VMwareHostd; C:Program Information (x86)VMwareVMware Workstationvmware-hostd.exe [15476144 2019-09-16] (VMware, Inc. -> )
S3 VSStandardCollectorService150; C:Program Information (x86)Microsoft Visible StudioSharedCommonDiagnosticsHub.Assortment.ServiceStandardCollector.Service.exe [157480 2018-08-02] (Microsoft Company -> Microsoft Company)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2011.6-0NisSrv.exe [2491880 2020-12-05] (Microsoft Home windows Writer -> Microsoft Company)
S3 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2011.6-0MsMpEng.exe [128376 2020-12-05] (Microsoft Home windows Writer -> Microsoft Company)

===================== Drivers (Whitelisted) ===================

(If an entry is included within the fixlist, it is going to be faraway from the registry. The file is not going to be moved except listed individually.)

S3 aftap0901; C:WINDOWSSystem32driversaftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Mission)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [231936 2019-12-26] (Microsoft Company) [File not signed]
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [153312 2020-12-14] (Malwarebytes Company -> Malwarebytes)
R3 HPCustomCapDriver; C:WINDOWSSystem32DriverStoreFileRepositoryhpcustomcapdriver.inf_amd64_1f5602eb8a12ac4cx64hpcustomcapdriver.sys [23952 2018-04-07] (HP Inc. -> HP Inc.)
R1 jnprns; C:WINDOWSsystem32DRIVERSjnprns.sys [507192 2018-01-05] (Juniper Networks, Inc. -> Juniper Networks)
R3 keycrypt; C:WINDOWSSystem32DRIVERSKeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd. -> Zemana Ltd.)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220160 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2020-12-14] (Microsoft Home windows Early Launch Anti-malware Writer -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [197792 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [77496 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248968 2020-12-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [139424 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [69744 2019-12-17] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 sepdal; C:WINDOWSSystem32Driverssepdal.sys [41056 2020-03-19] (Intel(R) Software program Growth Merchandise -> Intel Company)
R1 sepdrv5; C:WINDOWSSystem32Driverssepdrv5.sys [202848 2020-03-19] (Intel(R) Software program Growth Merchandise -> )
R1 socperf3; C:WINDOWSSystem32Driverssocperf3.sys [61536 2020-03-19] (Intel(R) Software program Growth Merchandise -> )
R3 t6sta; C:WINDOWSSystem32Driverst6sta.sys [161624 2020-06-17] (Magic Management Know-how Corp. -> Magic Management Know-how Company)
R1 VBoxNetLwf; C:WINDOWSsystem32DRIVERSVBoxNetLwf.sys [247952 2019-04-16] (Oracle Company -> Oracle Company)
R1 vmkbd3; C:WINDOWSsystem32DRIVERSvmkbd.sys [52288 2019-09-16] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:WINDOWSsystem32DRIVERSvmnetbridge.sys [66368 2019-09-16] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:WINDOWSSystem32DRIVERSvsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S3 VSScanner; C:WINDOWSSystem32DRIVERSvsscanner.sys [29752 2018-06-25] (Microsoft Home windows {Hardware} Compatibility Writer -> VoodooSoft, LLC)
R2 vstor2-mntapi20-shared; C:WindowsSysWow64driversvstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
R2 vtss; C:WINDOWSsystem32driversvtss.sys [136288 2020-03-19] (Intel(R) Software program Growth Merchandise -> )
S3 WdBoot; C:WINDOWSsystem32driverswdWdBoot.sys [48536 2020-12-05] (Microsoft Home windows Early Launch Anti-malware Writer -> Microsoft Company)
S3 WdFilter; C:WINDOWSsystem32driverswdWdFilter.sys [429296 2020-12-05] (Microsoft Home windows -> Microsoft Company)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [70896 2020-12-05] (Microsoft Home windows -> Microsoft Company)
R3 WirelessButtonDriver64; C:WINDOWSSystem32driversWirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U4 npcap_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included within the fixlist, it is going to be faraway from the registry. The file is not going to be moved except listed individually.)


==================== One month (created) (Whitelisted) =========

(If an entry is included within the fixlist, the file/folder shall be moved.)

2021-01-10 13:32 - 2021-01-10 13:32 - 000000000 ____D C:FRST
2021-01-08 11:16 - 2021-01-08 11:16 - 000272725 _____ C:UserswinkoDesktoptemp_vectors.zip
2021-01-08 11:11 - 2021-01-08 11:15 - 000000000 ____D C:UserswinkoDesktoptemp_vectors
2021-01-08 10:24 - 2021-01-08 10:24 - 000220160 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2021-01-08 10:24 - 2021-01-08 10:24 - 000197792 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2021-01-08 10:24 - 2021-01-08 10:24 - 000139424 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2021-01-08 10:24 - 2021-01-08 10:24 - 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2021-01-08 10:24 - 2021-01-08 10:24 - 000000000 ____D C:WINDOWSPanther
2021-01-08 10:16 - 2021-01-08 10:16 - 000106320 _____ C:UserswinkoDesktopIntroduction.one
2021-01-07 08:35 - 2021-01-07 08:35 - 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-01-06 12:39 - 2021-01-06 12:39 - 004465630 _____ C:UserswinkoDownloadsCreating_smart_contract_LLVM_Alan_Li.pdf
2021-01-06 12:31 - 2021-01-06 12:31 - 000268616 _____ C:UserswinkoDownloadsGenerating_stack_machine_code_using_LLVM.pdf
2021-01-06 08:43 - 2021-01-06 08:43 - 000000058 _____ C:Userswinko.gitconfig
2020-12-31 21:04 - 2020-12-31 21:04 - 006039508 _____ C:UserswinkoDownloadsFIRST2019_wasm_cryptominer_full_Patrick-Ventuzelo.pdf
2020-12-31 21:02 - 2020-12-31 21:02 - 000912308 _____ C:UserswinkoDownloadsaws-sdk-cpp-dg.pdf
2020-12-31 21:00 - 2020-12-31 21:01 - 029445680 _____ C:UserswinkoDownloadsMastering_Blockchain_2nd_Edition.pdf
2020-12-31 20:55 - 2020-12-31 20:55 - 000379565 _____ C:UserswinkoDownloads2020_Bookmatter_BlockchainEmpoweringSecureData.pdf
2020-12-27 09:09 - 2020-12-27 09:09 - 000000000 ____D C:ProgramDataSophos
2020-12-27 08:56 - 2020-12-27 08:56 - 000002775 _____ C:UsersPublicDesktopSophos Virus Elimination Device.lnk
2020-12-27 08:56 - 2020-12-27 08:56 - 000002775 _____ C:ProgramDataDesktopSophos Virus Elimination Device.lnk
2020-12-27 08:56 - 2020-12-27 08:56 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSophos
2020-12-27 08:56 - 2020-12-27 08:56 - 000000000 ____D C:Program Information (x86)Sophos
2020-12-17 18:18 - 2020-12-17 18:18 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDropbox
2020-12-16 09:11 - 2020-12-16 09:11 - 016085130 _____ C:UserswinkoDesktop2021_Book_DataParallelC.pdf
2020-12-15 13:09 - 2020-12-15 13:09 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-stable.sys
2020-12-15 13:09 - 2020-12-15 13:09 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-dev.sys
2020-12-15 13:09 - 2020-12-15 13:09 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-canary.sys
2020-12-15 13:09 - 2020-12-15 13:09 - 000044552 _____ (Dropbox, Inc.) C:WINDOWSsystem32DbxSvc.exe
2020-12-14 11:34 - 2020-12-14 11:34 - 000248968 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2020-12-14 11:34 - 2020-12-14 11:33 - 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

==================== One month (modified) ==================

(If an entry is included within the fixlist, the file/folder shall be moved.)

2021-01-10 13:32 - 2019-04-28 13:53 - 000000000 ____D C:UserswinkoDocumentssoftware_tools
2021-01-10 13:27 - 2019-12-24 20:10 - 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-01-10 12:51 - 2019-03-18 20:52 - 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-01-10 09:41 - 2020-06-19 08:30 - 000000000 ____D C:UserswinkoAppDataLocalLowIGDump
2021-01-10 09:37 - 2020-06-12 14:32 - 000000000 ____D C:UserswinkoDocumentsLLVM_Presentations
2021-01-09 22:39 - 2019-01-17 14:52 - 000000000 ____D C:Userswinko.atom
2021-01-09 22:39 - 2019-01-17 14:51 - 000000000 ____D C:UserswinkoAppDataRoamingAtom
2021-01-09 21:12 - 2019-01-29 20:26 - 000000000 ____D C:ProgramDataMozilla
2021-01-09 21:11 - 2019-01-16 21:31 - 000000000 ____D C:UserswinkoAppDataLocalLowMozilla
2021-01-09 12:35 - 2019-01-22 20:29 - 000000600 _____ C:UserswinkoAppDataRoamingwinscp.rnd
2021-01-09 07:56 - 2020-06-16 08:39 - 000002445 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-01-09 07:56 - 2020-06-16 08:39 - 000002283 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2021-01-09 07:56 - 2020-06-16 08:39 - 000002283 _____ C:ProgramDataDesktopMicrosoft Edge.lnk
2021-01-09 00:39 - 2020-03-27 08:16 - 000000000 ____D C:UserswinkoAppDataRoamingdiscord
2021-01-08 14:37 - 2019-08-27 21:39 - 000002425 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk
2021-01-08 14:37 - 2019-08-27 21:39 - 000002384 _____ C:UsersPublicDesktopBrave.lnk
2021-01-08 14:37 - 2019-08-27 21:39 - 000002384 _____ C:ProgramDataDesktopBrave.lnk
2021-01-08 10:29 - 2019-12-24 20:18 - 000941564 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-01-08 10:29 - 2019-03-18 20:50 - 000000000 ____D C:WINDOWSINF
2021-01-08 10:24 - 2020-11-09 11:47 - 000000000 ____D C:Program FilesMozilla Firefox
2021-01-08 10:24 - 2019-12-24 20:17 - 000000006 ____H C:WINDOWSTasksSA.DAT
2021-01-08 10:24 - 2019-03-09 19:26 - 000000384 _____ C:WINDOWSTasksHPCeeScheduleForkonstantin.job
2021-01-08 10:24 - 2019-01-23 22:07 - 000000000 ____D C:ProgramDataVMware
2021-01-08 10:24 - 2019-01-16 21:31 - 000000000 ____D C:Program Information (x86)Mozilla Upkeep Service
2021-01-08 10:23 - 2019-03-18 20:37 - 000524288 _____ C:WINDOWSsystem32configBBI
2021-01-07 11:33 - 2019-03-18 20:52 - 000000000 ___HD C:Program FilesWindowsApps
2021-01-07 11:33 - 2019-03-18 20:52 - 000000000 ____D C:WINDOWSAppReadiness
2021-01-07 08:41 - 2019-05-20 11:59 - 000000000 ____D C:UserswinkoAppDataLocalCrashDumps
2021-01-07 08:35 - 2019-01-16 21:31 - 000001012 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-01-06 17:37 - 2019-12-24 20:17 - 000003296 _____ C:WINDOWSsystem32TasksHPCeeScheduleForkonstantin
2021-01-06 08:43 - 2019-12-24 20:11 - 000000000 ____D C:Userswinko
2021-01-05 09:23 - 2020-05-22 22:14 - 000000000 ____D C:UserswinkoDocumentssherwood_apartments
2020-12-31 09:48 - 2019-01-16 20:09 - 000000000 ____D C:UserswinkoAppDataLocalD3DSCache
2020-12-28 22:42 - 2019-03-18 20:52 - 000000000 ____D C:WINDOWSLiveKernelReports
2020-12-27 22:38 - 2019-01-17 14:51 - 000002188 _____ C:UserswinkoDesktopAtom.lnk
2020-12-27 22:38 - 2019-01-17 14:51 - 000000000 ____D C:UserswinkoAppDataRoamingMicrosoftWindowsStart MenuProgramsGitHub, Inc
2020-12-27 22:38 - 2019-01-17 14:51 - 000000000 ____D C:UserswinkoAppDataLocalatom
2020-12-27 22:37 - 2019-01-17 14:51 - 000000000 ____D C:UserswinkoAppDataLocalSquirrelTemp
2020-12-27 09:10 - 2019-01-17 13:56 - 000000000 ____D C:UserswinkoDocumentsInstallers
2020-12-25 10:27 - 2019-08-30 09:33 - 000000000 ____D C:Program FilesMicrosoft Workplace
2020-12-24 02:06 - 2020-04-06 08:52 - 000000000 ____D C:UserswinkoAppDataRoamingSlack
2020-12-23 10:05 - 2020-04-06 08:52 - 000002210 _____ C:UserswinkoDesktopSlack.lnk
2020-12-23 10:05 - 2020-04-06 08:52 - 000000000 ____D C:UserswinkoAppDataRoamingMicrosoftWindowsStart MenuProgramsSlack Applied sciences Inc
2020-12-23 10:05 - 2020-04-06 08:51 - 000000000 ____D C:UserswinkoAppDataLocalslack
2020-12-22 13:28 - 2019-09-14 11:00 - 000000000 ____D C:UserswinkoDocumentsprofessional
2020-12-17 18:18 - 2019-01-16 15:09 - 000000000 ____D C:Program Information (x86)Dropbox
2020-12-14 11:34 - 2020-08-06 13:54 - 000002040 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2020-12-14 11:34 - 2019-08-31 13:18 - 000002028 _____ C:UsersPublicDesktopMalwarebytes.lnk
2020-12-14 11:34 - 2019-08-31 13:18 - 000002028 _____ C:ProgramDataDesktopMalwarebytes.lnk
2020-12-14 11:34 - 2019-03-18 20:52 - 000000000 ___HD C:WINDOWSELAMBKUP
2020-12-14 11:33 - 2019-08-31 13:18 - 000153312 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2020-12-12 19:34 - 2019-01-16 15:00 - 000000000 ____D C:UserswinkoAppDataLocalPackages
2020-12-11 21:38 - 2020-01-20 15:45 - 000000000 ____D C:UserswinkoDocumentsOrders

==================== Information within the root of some directories ========

2019-01-17 20:57 - 2019-01-17 20:57 - 000034507 _____ () C:Userswinkoa.exe
2019-01-22 20:29 - 2021-01-09 12:35 - 000000600 _____ () C:UserswinkoAppDataRoamingwinscp.rnd
2019-01-22 20:25 - 2019-01-27 18:31 - 000000600 _____ () C:UserswinkoAppDataLocalPUTTY.RND
2020-07-20 18:02 - 2020-07-20 18:02 - 000005623 _____ () C:UserswinkoAppDataLocalrecently-used.xbel

==================== SigCheck ============================

(There isn't a computerized repair for information that don't go verification.)

==================== Finish of FRST.txt ========================

Edited by BlueGalaxy, 10 January 2021 – 05:12 PM.





Source link

Previous Post

Global Open Source Intelligence Market Snapshot Analysis and Increasing Global Growth Demand by Forecast To 2025 ā€“ The Sentinel Newspaper

 Next Post

How to fix ā€˜remote desktop canā€™t connect to the remote computerā€™

admin

admin

Next Post
How to fix ā€˜remote desktop canā€™t connect to the remote computerā€™

How to fix ā€˜remote desktop canā€™t connect to the remote computerā€™

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Categories

  • Courses (2)
  • How To Fix (11)
  • Open Source (47)
  • Plugins (46)
  • Troubleshooting (3)
  • Uncategorized (1)
  • Virus Removal (47)

Recent.

NPCI creating open-source platform for UPI, says Nandan Nilekani

NPCI creating open-source platform for UPI, says Nandan Nilekani

January 22, 2021

WordPress sites receive update to security plugin after vulnerability discovered

January 22, 2021
Think my computer is infected

Help! Possible Virus – Virus, Trojan, Spyware, and Malware Removal Help

January 22, 2021

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2021 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 5
  • Troubleshooting
  • How To Fix
  • Virus Removal
  • Tutorial
  • Courses
  • Open Source
  • Plugins
  • Downloads

© 2021 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In