Solved I suspect a rootkit may be installed on my laptop

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
I am always very cautious when surfing the net and avoid suspicious downloads. I use Norton 360 security (with firewall) and all downloads are automatically scanned. However there is some evidence my OS is playing up, as well as other evidence I am being followed by cyberstalkers.

Here are the results of the FRST scan, two files:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by User (administrator) on USER-PC (LENOVO 2537VNK) (15-09-2021 14:49:08)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Windows 10 Pro Version 20H2 19042.1165 (X64) Language: English (United Kingdom)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(LENOVO -> Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(LENOVO -> Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2013-05-22] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [939976 2015-02-20] (LENOVO -> Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (LENOVO -> Lenovo Corporation)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44416 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\93.1.29.81\Installer\chrmstp.exe [2021-09-15] (Brave Software, Inc. -> Brave Software, Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02185DAB-EC7D-4771-93CA-7A13C373EB21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0716C9EF-E171-4474-B53C-D6D348C32DC9} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0CD05A3D-FEB9-4778-A869-65C65B05EE05} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {16F4058F-4395-4B04-AE73-3229C9242DC2} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )
Task: {1C9F1EBF-9EA4-4232-B4DD-1DCF28C651FE} - \OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-1001 -> No File <==== ATTENTION
Task: {2370EFF6-2FBE-4919-80AC-75645A8C5967} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe
Task: {27E04B9F-5503-4DB1-9C81-32D86E5A4092} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3629552 2021-09-08] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2D052895-64CF-487E-BD27-C3DDC8B69F12} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.6.53\WSCStub.exe [646520 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {41515A28-02F0-47B1-9BEC-B94BAFBDDB8C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {4D3CF423-6225-42EE-B386-25068F9110B1} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {520C7AD1-0C18-4446-A67A-5E75A3179DF5} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2021-09-08] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {65AF6671-5786-4851-8D2D-E86F69324D14} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {7B4DEE0E-1C69-4A51-8B1A-1948EBB721BC} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7D6EE954-BED8-4BEB-B629-8AFB44C8F55F} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {82A3918F-FA6F-49BF-B353-4F6098330641} - System32\Tasks\TotalAV_OEM_Welcome => C:\Program Files (x86)\TotalAV Welcome OEM\ss-oem.exe [251648 2020-06-16] (Protected Antivirus Limited -> Protected.net Group Limited)
Task: {844F8734-D10D-40EB-A4F7-620E97458A53} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.6.53\SymErr.exe [108752 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {8CA415D4-47C5-45D2-A1B4-4D6B6C5FA39C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17184 2014-09-02] (LENOVO -> Lenovo)
Task: {91734FF1-01CE-4B36-B8F7-90142A4470AB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [919936 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {AB7E6D04-585A-4A9B-9AC2-B75006906469} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-725688832-2798266748-3951577904-1002 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {ADEF22C0-AAD9-473E-8345-EEB75344B7BB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2352488 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AFC1317F-7DAE-4DE5-82E9-161721C12EA6} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [137088 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
Task: {C603A8D8-B575-4689-B3D5-890F8968A78C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {DF943F08-4352-4847-BF8C-E654756E88A2} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E18BF8D0-BC92-4CF1-8DBF-3CB86F636B6E} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe
Task: {EA4DC5AF-3B6F-4D7F-AAB3-6ED32FA8F5AA} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {F87D4065-E2DB-4BA1-88F4-A8B91044AC78} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-07-13] (Lenovo -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1a19eb76-236b-4315-85f4-21db9557d96d}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{25e9cf19-0abd-4796-b9e7-6b3f92aedb82}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-09-15]

FireFox:
========
FF DefaultProfile: nyjea0pv.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nyjea0pv.default [2021-06-17]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release [2021-09-15]
FF Extension: (Disconnect) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\2.0@disconnect.me.xpi [2021-02-11]
FF Extension: (Hoxx VPN Proxy) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\@hoxx-vpn.xpi [2021-08-29]
FF Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-08-29]
FF Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-08-29]
FF Extension: (NoScript) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-08-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nxwrwyjm.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-08-29]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-06-06]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-10]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-10]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-10]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-10]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-10]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-10]

Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-15]
BRA Notifications: Default -> hxxps://www.rt.com
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-08-11]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-14]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-09-15]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [566288 2016-04-12] (LENOVO -> Lenovo Corporation)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162384 2021-02-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 GUBootService; C:\Program Files (x86)\Glary Utilities 5\GUBootService.exe [867712 2021-09-06] (Glarysoft LTD -> Glarysoft Ltd)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2023592 2015-09-25] (LENOVO -> Lenovo Group Limited)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [631312 2016-04-12] (LENOVO -> Lenovo Corporation)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [480712 2015-03-23] (LENOVO -> Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-05-12] (LENOVO -> )
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.6.53\NortonSecurity.exe [343336 2021-07-29] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.6.53\nsWscSvc.exe [1058664 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13271336 2021-08-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20210913.004\BHDrvx64.sys [2018776 2021-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\ccSetx64.sys [192248 2021-07-29] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-10] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-10] (Symantec Corporation -> Broadcom)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [30720 2021-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20210914.061\IDSvia64.sys [1480128 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo(Japan)Ltd. -> Lenovo)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\nsvst.sys [56080 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R2 rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [61952 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSP64.SYS [885192 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1615060.035\SRTSPX64.SYS [41928 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1615060.035\SYMEFASI64.SYS [2062424 2021-07-29] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1615060.035\SymELAM.sys [25080 2021-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1615060.035\Ironx64.SYS [317296 2021-07-29] (Symantec Corporation -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1615060.035\symnets.sys [575328 2021-07-29] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-08] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1615060.035\wpCtrlDrv.sys [1015760 2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-15 14:49 - 2021-09-15 14:52 - 000026118 _____ C:\Users\User\Downloads\FRST.txt
2021-09-15 14:46 - 2021-09-15 14:50 - 000000000 ____D C:\FRST
2021-09-15 14:36 - 2021-09-15 14:36 - 002304000 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2021-09-15 11:37 - 2021-09-15 11:37 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2021-09-10 10:22 - 2021-09-10 10:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4156B204.sys
2021-09-10 10:22 - 2021-09-10 10:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-10 10:21 - 2021-09-10 11:56 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\Users\User\Documents\mbar
2021-09-10 10:21 - 2021-09-10 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-09-10 10:20 - 2021-09-10 10:20 - 014178840 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.10.3.1001.exe
2021-09-09 21:04 - 2021-09-15 14:17 - 000007310 _____ C:\Windows\ntbtlog.txt
2021-09-09 16:23 - 2021-09-09 16:23 - 000000000 ____D C:\Users\User\AppData\Local\NPE
2021-09-09 16:17 - 2021-09-09 16:18 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_16.17.01_log.txt
2021-09-09 12:07 - 2021-09-09 12:08 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_12.07.54_log.txt
2021-09-09 11:59 - 2021-09-09 12:02 - 000319296 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_11.59.36_log.txt
2021-09-09 11:59 - 2021-09-09 11:59 - 005054744 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2021-09-08 17:25 - 2021-09-08 17:25 - 019829840 _____ (Glarysoft Ltd) C:\Users\User\Downloads\Glary_Utilities_v5.173.0.201.exe
2021-09-08 17:22 - 2021-09-08 17:23 - 031850712 _____ (Bandicam Company) C:\Users\User\Downloads\Bandicam_v5.3.0.1879.exe
2021-09-08 16:41 - 2021-09-08 16:41 - 000001921 _____ C:\Users\User\Desktop\Norton Utilities.lnk
2021-09-08 16:41 - 2021-09-08 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton
2021-09-05 19:46 - 2021-09-05 19:46 - 000000000 ____D C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com_files
2021-09-05 19:45 - 2021-09-05 19:46 - 000322107 _____ C:\Users\User\Downloads\QA - Technical Department - Yetminster DT9 - Indeed.com.html
2021-09-03 14:48 - 2021-09-03 14:48 - 000000000 ____D C:\Users\User\AppData\Local\Tvsukernel
2021-09-03 14:15 - 2021-09-03 14:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-09-03 14:14 - 2021-09-03 14:14 - 000040888 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screenshot
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\LocalLow\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\ProgramData\iTop
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\iTop VPN
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
2021-09-03 14:08 - 2021-09-03 15:05 - 000000000 ____D C:\ProgramData\ProductData
2021-09-03 14:08 - 2021-09-03 14:16 - 000000000 ____D C:\Users\User\AppData\Roaming\instinfo
2021-09-03 14:08 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2021-09-03 14:07 - 2021-09-03 14:07 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
2021-09-03 14:06 - 2021-09-03 14:30 - 000000000 ____D C:\ProgramData\IObit
2021-09-03 14:06 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-09-03 10:33 - 2021-09-03 10:33 - 000002359 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-09-03 10:32 - 2021-09-03 10:32 - 000000000 ____D C:\Users\User\AppData\Roaming\Teams
2021-09-03 10:25 - 2021-09-03 10:34 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2021-08-31 14:50 - 2021-08-31 14:50 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-08-31 14:50 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCT.DLL
2021-08-29 17:21 - 2021-08-29 17:21 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-08-29 17:03 - 2021-09-03 10:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-26 13:17 - 2021-08-26 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2021-08-26 13:15 - 2021-08-26 13:15 - 008307216 _____ (Lenovo ) C:\Users\User\Downloads\system_update_5.07.0127.exe
2021-08-26 13:09 - 2021-08-26 13:09 - 003221952 _____ (Lenovo ) C:\Users\User\Downloads\LSBSetup (2).exe
2021-08-26 12:14 - 2021-08-26 12:14 - 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2021-08-26 12:14 - 2021-08-26 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-08-18 16:16 - 2021-08-18 16:16 - 000002884 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - User

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-15 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-15 14:17 - 2020-07-09 21:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-15 12:00 - 2020-07-09 21:40 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-15 11:59 - 2021-07-31 14:45 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-09-15 11:59 - 2021-06-09 13:12 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-09-15 11:32 - 2021-02-10 16:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-15 11:31 - 2021-02-14 18:03 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-09-15 11:31 - 2021-02-14 18:03 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2021-09-15 11:13 - 2021-02-10 16:47 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-15 08:25 - 2021-08-10 18:43 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2021-09-14 22:06 - 2021-02-11 14:36 - 000000000 ____D C:\Users\User\AppData\Roaming\Stellarium
2021-09-14 22:06 - 2021-02-10 16:02 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-09-14 15:37 - 2020-07-09 21:44 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-14 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-13 12:17 - 2021-02-10 22:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-13 09:33 - 2021-02-10 16:19 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2021-09-11 17:17 - 2021-02-10 18:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-09 17:38 - 2020-07-09 21:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-09-09 17:37 - 2020-07-09 21:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-09 17:37 - 2020-07-09 21:23 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-09 17:36 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-09-09 17:18 - 2021-02-11 12:31 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-09-09 16:23 - 2021-02-10 13:55 - 000000000 ____D C:\ProgramData\Norton
2021-09-08 17:26 - 2021-02-10 16:19 - 000003288 _____ C:\Windows\system32\Tasks\GlaryInitialize 5
2021-09-08 17:26 - 2021-02-10 16:19 - 000003024 _____ C:\Windows\system32\Tasks\GU5SkipUAC
2021-09-08 17:26 - 2021-02-10 16:19 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2021-09-08 17:26 - 2021-02-10 16:19 - 000001149 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2021-09-08 17:24 - 2021-02-27 22:11 - 000001057 _____ C:\Users\Public\Desktop\Bandicam.lnk
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-09-08 17:24 - 2021-02-27 22:10 - 000000000 ____D C:\Program Files (x86)\Bandicam
2021-09-08 16:41 - 2021-07-08 14:15 - 000000000 ____D C:\Program Files\Norton Utilities
2021-09-06 13:02 - 2021-06-16 12:11 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 09:59 - 2021-02-11 21:52 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2021-09-04 08:34 - 2021-03-19 11:51 - 000000000 ____D C:\Users\User\AppData\LocalLow\Norton
2021-09-03 14:59 - 2021-04-30 14:43 - 000000000 ____D C:\Windows\TempInst
2021-09-03 14:59 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-09-03 14:14 - 2021-02-08 16:05 - 001524664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2021-09-03 14:14 - 2021-02-08 16:05 - 000206776 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-09-03 11:01 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-09-03 10:56 - 2021-02-28 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-29 22:59 - 2021-02-11 18:53 - 000000000 ____D C:\Users\User\Documents\VSO Downloader
2021-08-29 17:21 - 2021-02-28 15:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-27 21:15 - 2020-07-09 21:30 - 000840838 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-26 13:17 - 2021-04-30 14:44 - 000000000 ____D C:\Windows\system32\Tasks\TVT
2021-08-26 13:16 - 2021-06-02 16:58 - 000000831 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2021-08-26 13:16 - 2020-08-28 09:18 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-08-26 13:10 - 2021-04-30 15:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-08-26 13:10 - 2021-04-30 11:58 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2021-08-26 12:08 - 2021-02-10 16:19 - 000000000 ____D C:\Users\User\AppData\Roaming\GlarySoft
2021-08-19 12:42 - 2021-06-17 12:07 - 000000000 ____D C:\ProgramData\TEMP
2021-08-19 12:41 - 2021-06-17 20:55 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-08-18 08:12 - 2021-02-10 22:20 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 08:12 - 2021-02-10 22:20 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-17 01:22 - 2021-02-10 18:46 - 000740168 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-08-17 01:22 - 2021-02-10 18:46 - 000486728 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by User (15-09-2021 14:53:42)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 20H2 19042.1165 (X64) (2020-08-27 16:13:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-725688832-2798266748-3951577904-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-725688832-2798266748-3951577904-503 - Limited - Disabled)
Guest (S-1-5-21-725688832-2798266748-3951577904-501 - Limited - Disabled)
User (S-1-5-21-725688832-2798266748-3951577904-1002 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-725688832-2798266748-3951577904-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.007.20091 - Adobe)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.3.0.1879 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 93.1.29.81 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation)
Glary Utilities 5.173 (HKLM-x32\...\Glary Utilities 5) (Version: 5.173.0.201 - Glarysoft Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.5 - Lenovo)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.4.0.21 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0127 - Lenovo)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.6.53 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.3.281 - NortonLifeLock Inc)
NVIDIA Graphics Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
SharpKeys (HKLM\...\{DCBF8C2F-0053-4BC7-B7A4-ABEE0D4389FC}) (Version: 3.9.0000 - RandyRants.com)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Stellarium 0.21.1 (HKLM-x32\...\Stellarium_is1) (Version: 0.21.1 - Stellarium team)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.21.4 - TeamViewer)
TotalAV Welcome OEM (HKLM-x32\...\TotalAV Welcome OEM) (Version: 1.0.0 - TotalAV Welcome OEM) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Virtual Moon Atlas V7.0 (HKLM-x32\...\{3EB7A19B-690F-49BA-B494-CADA547D0DB9}_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.15 - VideoLAN)
VSO Downloader 5.1.1.70 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.70 - VSO Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Zoom (HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\ZoomUMX) (Version: 5.6.4 (799) - Zoom Video Communications, Inc.)

Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa [2021-08-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-12] (Microsoft Corporation) [MS Ad]
Photo Frame -> C:\Program Files\WindowsApps\38731basquang.vn.PhotoFrame_1.1.3.0_x64__pyvvk3yw15sng [2021-04-04] (basquang) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-11] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-09-03] (Spotify AB) [Startup Task]
The Backgammon -> C:\Program Files\WindowsApps\6918E89D.TheBackgammon_1.2.10.0_x64__66n08swfvvka0 [2021-05-18] (UNBALANCE corp.) [MS Ad]
The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_1.3.8.0_x64__66n08swfvvka0 [2021-08-13] (UNBALANCE corp.) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-725688832-2798266748-3951577904-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.6.53\buShell.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-10-12] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.6.53\NavShExt.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-04-30 12:00 - 2016-04-14 07:50 - 000107008 ____N () [File not signed] C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002085888 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cv210.dll
2021-04-30 12:03 - 2016-04-05 09:37 - 002201088 _____ () [File not signed] C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2021-04-30 12:01 - 2014-10-23 10:20 - 000276480 _____ (Lenovo) [File not signed] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MHHelperDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.6.53\coIEPlg.dll [2021-07-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-725688832-2798266748-3951577904-1002\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

2021-02-21 17:19 - 2021-02-21 17:24 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Desktop\G Alexander\Pictures\Wallpapers\grand-canyon-wallpaper.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: TeamViewer => 2

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{40AAD3D7-52EA-4530-9003-E66B1236D6DA}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [UDP Query User{583779DC-EC42-45CC-957B-C960DC6DBFB9}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [{480AF5AA-9E64-4970-B285-0EBFE740668C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E94DBE2-F11B-4B8A-A1C6-208A909E5441}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B2D7A747-9439-4460-BAA1-D025312332EE}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF6E3546-FE15-4763-8C49-7FC7ACD815D2}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C9D8D439-F519-4BA3-A16F-20E2FB723A75}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1A30333-9C22-4936-A773-6C608DCB7B08}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26679C38-AF2E-4E8D-825F-682D52DFCCFA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A4F990E-B925-44BA-A75A-62DE0656B88B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71915E36-DA13-4E3F-9145-F82A675C5514}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59EEE163-C714-4484-920F-E3EE988DC269}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DF63D8A-CCB0-4A69-8F24-CD05729623B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{142802EE-21F3-4592-BD00-A5CEC25DC25B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C6B7C5D-2C8A-438F-8FD8-1C9716EAAE10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DEBC74A2-8698-425E-A0DE-EC9F603BEEB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFAB2553-974C-499E-A356-2E776D88098A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C06B28FF-BA50-4035-92AC-9833A06254A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{128FED1C-6334-4DB8-B81A-59F3429414BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4164B645-495C-41BD-8241-88CFFE900BCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E5CCF454-6AB3-432A-9C61-DC29F0D7CC81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{08F396D9-438E-447A-8597-8A7BC7613261}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E04B7202-E1E9-4E31-BC6C-7297DADAAF14}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{DF6D5B10-9BB1-4B35-BF59-03DD58FC1502}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{76A894DE-E8AD-4275-A326-D458551EA3F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FDEEC526-60A7-4FBE-B7CF-5C507DB8A385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F4D6C89E-9B84-4FF0-B11D-C8603CD6E086}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{458D0AD2-F42A-4E03-BC6B-2C4274DEDF97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{687FFFEC-6E61-4A3C-93F3-FE0BD9A8749C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2513710-DC58-442F-858F-E83F60278E41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2CB5E95-32A2-4443-9AE7-DD092C79664E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA25635A-F2B8-48E4-9957-EEE2FE54F90F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{212C1D7A-7C48-4CDC-BBE3-CAF586CC4F2D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

29-08-2021 18:23:41 Scheduled Checkpoint
03-09-2021 14:12:54 Driver Booster : NVIDIA High Definition Audio
13-09-2021 12:25:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/11/2021 09:10:37 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/11/2021 08:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: qmgr.dll, version: 7.8.19041.746, time stamp: 0x73a7ab6f
Exception code: 0xc0000005
Fault offset: 0x00000000000add14
Faulting process ID: 0x2d74
Faulting application start time: 0x01d7a7281291b86a
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: c:\windows\system32\qmgr.dll
Report ID: e40a3478-4408-4c99-b861-30fb935e243c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2021 04:05:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/09/2021 04:05:36 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (12872,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/08/2021 03:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Faulting module name: CCleaner64.exe, version: 5.84.0.9143, time stamp: 0x6128cf9a
Exception code: 0xc0000409
Fault offset: 0x0000000000c4bd55
Faulting process ID: 0x50c
Faulting application start time: 0x01d7a4c1e3aa03ac
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report ID: 7755712e-bffb-4536-88eb-a23a4930e50c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/08/2021 03:55:51 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (13308,R,98) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (09/15/2021 12:30:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/15/2021 08:30:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/14/2021 05:27:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/14/2021 04:12:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/14/2021 02:50:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/14/2021 02:37:18 PM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20206.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (09/14/2021 12:13:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/14/2021 08:55:08 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
================
Date: 2021-02-10 12:44:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-08 15:04:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-08 15:28:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-11 16:45:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-02-10 12:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.504.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-09-15 08:18:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-09-14 11:30:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.21.6.53\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 6IET68WW (1.28 ) 07/12/2010
Motherboard: LENOVO 2537VNK
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 3955.67 MB
Available physical RAM: 1004.36 MB
Total Virtual: 5939.67 MB
Available Virtual: 1854.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.54 GB) (Free:212.63 GB) NTFS

\\?\Volume{de77ec38-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{de77ec38-0000-0000-0016-a3654a000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: DE77EC38)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=515 MB) - (Type=27)

==================== End of Addition.txt =======================
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Hi, James.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=======================

Let's begin.

1. Why do you think you are infected?

Please explain with details what exactly do you mean by the following:

However there is some evidence my OS is playing up, as well as other evidence I am being followed by cyberstalkers.

2. Proxy extension

Are you aware of this proxy extension? Do you need it?

Hoxx VPN Proxy


3. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Glary Utilities 5.173
TotalAV Welcome OEM
Intel(R) Turbo Boost Technology Driver
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer at the end of the procedure.
If you don't use Team Viewer, uninstall this program too.

NOTE:

We do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that with these programs the potential is ever present to cause more problems than they claim to fix. That's why I recommend you to uninstall Glary Utilities anf Turbo Boost Technology Driver. CCleaner is also a registry cleaner. Keep it, if you need it, but do not use the registry cleaning option, as messing up with the registry may make your computer unbootable.


In your next reply please post:

  1. Your detailed description about the evidence you have that you are infected
  2. A reply about the proxy extension
  3. If the uninstalling procedure went well

 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
Let's begin.

1. Why do you think you are infected?

Please explain with details what exactly do you mean by the following:

2. Proxy extension

Are you aware of this proxy extension? Do you need it?

Hoxx VPN Proxy

3. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Glary Utilities 5.173
TotalAV Welcome OEM
Intel(R) Turbo Boost Technology Driver
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer at the end of the procedure.
If you don't use Team Viewer, uninstall this program too.

In your next reply please post:
  1. Your detailed description about the evidence you have that you are infected
  2. A reply about the proxy extension
  3. If the uninstalling procedure went well
In answer to your questions:

1. The OS does not seem to be behaving because I cannot switch off Auto-Shutdown using the online recommended methods. Also the internal camera and microphone are not working at all and I have tried everything to get them to work. Further I am unable to switch off the Wifi connection using the OS but have to use the physical switch on the side of the laptop (I don't usually use Wifi for security reasons).

I'm absolutely certain I'm being stalked and this doesn't just include cyberstalking, and the police are aware of the situation. The stalking and harassment phenomena often strongly correlates with my online behaviour giving the strong impression that my stalkers can see everything I'm doing both on and offline.

2. The Hoxx VPN Proxy has been removed. The issues with my OS predate the installing of this addon.

3. I have successfully uninstalled the following items:

TotalAV Welcome OEM
Intel(R) Turbo Boost Technology Driver
Team Viewer

I was only too pleased to uninstall TeamViewer. I've never used it, it continually asks to be updated, and the software is far too pushy as if it's attempting to take over your laptop.

I regularly use Glary Utilities and don't really want to uninstall it. Are there any security issues with this software as I think it's fairly reliable?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Hi, James.

God job, uninstalling all those programs. As for Glary, some antivirus programs detect it as potentially unwanted program. It's your computer, however, so your decision.

The OS does not seem to be behaving because I cannot switch off Auto-Shutdown using the online recommended methods. Also the internal camera and microphone are not working at all and I have tried everything to get them to work. Further I am unable to switch off the Wifi connection using the OS but have to use the physical switch on the side of the laptop (I don't usually use Wifi for security reasons).
Probably not malware related, but we will continue our checks.

1. Run AdwCleaner (Scan mode)


Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:

  1. The screenshot with the popup (if it appears)
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
Hi, James.

God job, uninstalling all those programs. As for Glary, some antivirus programs detect it as potentially unwanted program. It's your computer, however, so your decision.



Probably not malware related, but we will continue our checks.

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The screenshot with the popup (if it appears)
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
Here are the results:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-16-2021
# Duration: 00:00:21
# OS: Windows 10 Pro
# Scanned: 31985
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E}
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoOptMouseUpdate
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoOptMouseUpdate
Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OnScreenDisplay
Preinstalled.LenovoPowerManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
Preinstalled.LenovoServiceBridge Folder C:\Users\User\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoSettings Folder C:\ProgramData\LENOVO\LENOVO SETTINGS
Preinstalled.LenovoThinkVantageCommunicationsUtility Folder C:\Program Files\LENOVO\COMMUNICATIONS UTILITY
Preinstalled.LenovoThinkVantageCommunicationsUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LMCSSTART1
Preinstalled.LenovoThinkVantageCommunicationsUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LMCSSTART1
Preinstalled.LenovoThinkVantageCommunicationsUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1
Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 16/09/2021
Scan Time: 14:34
Log File: d8797974-16f2-11ec-8620-f0def1090f66.json

-Software Information-
Version: 4.4.6.132
Components Version: 1.0.1453
Update Package Version: 1.0.44996
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.1165)
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 312126
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 34 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Hi, James.

NOTE: In order not to have in your reply my instructions, do not click on the Reply button. Just write your reply in the Reply area under the last post and then click on the Post reply button.

Let's continue. Malwarebytes didn't detect anything. Let's see how we move on with AdwCleaner.

1. AdwCleaner (Clean mode)

AdwCleaner detected a potentially unwanted program, having to do with Advanced System Care. I will give you instructions to remove it.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I don't keep anything I don't need/use, but it is your computer so your decision, as I already told you.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Note: Do not copy and paste the logs here. Use the Attach files button to attach them. It's easier for me to review them.


In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
Hi, James.

NOTE: In order not to have in your reply my instructions, do not click on the Reply button. Just write your reply in the Reply area under the last post and then click on the Post reply button.

Let's continue. Malwarebytes didn't detect anything. Let's see how we move on with AdwCleaner.

1. AdwCleaner (Clean mode)

AdwCleaner detected a potentially unwanted program, having to do with Advanced System Care. I will give you instructions to remove it.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I don't keep anything I don't need/use, but it is your computer so your decision, as I already told you.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Note: Do not copy and paste the logs here. Use the Attach files button to attach them. It's easier for me to review them.


In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
Here are the logs.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Thanks.

Now, I'll need some time to review the new logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Here we go:

FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
MSCONFIG\Services: TeamViewer => 2
FirewallRules: [TCP Query User{40AAD3D7-52EA-4530-9003-E66B1236D6DA}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [UDP Query User{583779DC-EC42-45CC-957B-C960DC6DBFB9}C:\users\public\desktop\sdio_update\sdio_x64_r715.exe] => (Block) C:\users\public\desktop\sdio_update\sdio_x64_r715.exe => No File
FirewallRules: [{B2D7A747-9439-4460-BAA1-D025312332EE}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF6E3546-FE15-4763-8C49-7FC7ACD815D2}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-725688832-2798266748-3951577904-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {1C9F1EBF-9EA4-4232-B4DD-1DCF28C651FE} - \OneDrive Standalone Update Task-S-1-5-21-725688832-2798266748-3951577904-1001 -> No File <==== ATTENTION
Task: {82A3918F-FA6F-49BF-B353-4F6098330641} - System32\Tasks\TotalAV_OEM_Welcome => C:\Program Files (x86)\TotalAV Welcome OEM\ss-oem.exe
Task: {E18BF8D0-BC92-4CF1-8DBF-3CB86F636B6E} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2021-09-09 16:17 - 2021-09-09 16:18 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_16.17.01_log.txt
2021-09-09 12:07 - 2021-09-09 12:08 - 000004484 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_12.07.54_log.txt
2021-09-09 11:59 - 2021-09-09 12:02 - 000319296 _____ C:\TDSSKiller.3.1.0.28_09.09.2021_11.59.36_log.txt
2021-09-09 11:59 - 2021-09-09 11:59 - 005054744 _____ (AO Kaspersky Lab) C:\Users\User\Downloads\tdsskiller.exe
2021-09-03 14:48 - 2021-09-03 14:48 - 000000000 ____D C:\Users\User\AppData\Local\Tvsukernel
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screenshot
2021-09-03 14:10 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\LocalLow\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\Users\User\AppData\Roaming\iTop Screen Recorder
2021-09-03 14:09 - 2021-09-03 14:10 - 000000000 ____D C:\ProgramData\iTop
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\iTop VPN
2021-09-03 14:09 - 2021-09-03 14:09 - 000000000 ____D C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
2021-09-03 14:08 - 2021-09-03 15:05 - 000000000 ____D C:\ProgramData\ProductData
2021-09-03 14:08 - 2021-09-03 14:16 - 000000000 ____D C:\Users\User\AppData\Roaming\instinfo
2021-09-03 14:08 - 2021-09-03 14:08 - 000000000 ____D C:\Users\User\AppData\LocalLow\IObit
2021-09-03 14:07 - 2021-09-03 14:07 - 000000000 ____D C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}
2021-09-03 14:06 - 2021-09-16 16:24 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2021-09-03 14:06 - 2021-09-03 14:30 - 000000000 ____D C:\ProgramData\IObit
C:\Program Files (x86)\TotalAV Welcome OEM
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
Here's the log:
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Thank you, James.

Let's check the system for corruptions again.
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (Screenshot)
 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
Thank you, James.

Let's check the system for corruptions again.
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (Screenshot)
Here's the screenshot:
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,245
Hi, James.

The system seems fine, no corruptions/errors found.

In addition, there is no evidence of an active infection.

Just to ensure the above, let's do an online scan.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply please post:
  1. The eset.txt
  2. Feedback: How is the computer running now? Any remaining issues/questions/concerns
 

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
Hi, James.

The system seems fine, no corruptions/errors found.

In addition, there is no evidence of an active infection.

Just to ensure the above, let's do an online scan.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply please post:
  1. The eset.txt
  2. Feedback: How is the computer running now? Any remaining issues/questions/concerns
I have attached the eset.txt file.

A further issue with my laptop that I could also add to the list is that an indicator light regularly comes on to say that the laptop is busy but if you look under Task Manager the laptop does not seem to be busy at all. I don't know if this issue has changed at all recently, but I'll keep an eye on it.
 

Attachments

James321

Thread Starter
Joined
Apr 10, 2013
Messages
385
I have attached the eset.txt file.

A further issue with my laptop that I could also add to the list is that an indicator light regularly comes on to say that the laptop is busy but if you look under Task Manager the laptop does not seem to be busy at all. I don't know if this issue has changed at all recently, but I'll keep an eye on it.
I'm surprised that the scan (see my last post containing the eset.txt file) revealed that malware/adware could be contained within my security software itself.

Is this evidence of a rootkit?
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top