Found krosqm.txt, unsure if infected | #firefox | #chrome | #microsoftedge

Malware bytes log
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/12/21
Scan Time: 12:53 PM
Log File: 21a41684-43af-11ec-aa39-54bf6454c3d1.json

-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47140
License: Expired

-System Information-
OS: Windows 10 (Build 19042.1348)
CPU: x64
File System: NTFS
User: DESKTOP-HPGP98MDori

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 937787
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 9 hr, 19 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
Malware.AI.4090171179, D:YARRADOBE ACROBAT PRO DC 2020 V20.12.20048 MULTILINGUALFIXKEYGENACROBAT_KEYGEN.EXE, Quarantined, 1000000, 0, 1.0.47140, 29E6D78E1C2F4F33F3CB0F2B, dds, 01506844, 4C91FD071034E8F7D0F7DD307E801BD3, DCBBB8FAEF5BE39428BD3FFE6C1A4A98DA43C23DF3A88C5DFC9C42A40AF6B8C4
CrackTool.Agent, D:YARRADOBE ACROBAT PRO DC 2020 V20.12.20048 MULTILINGUALFIX.ZIP, Quarantined, 5883, 445980, 1.0.47140, 9082695A2E6099F583AC763F, dds, 01506844, BEFEC69BC124F910C7EDC12C774DFA4E, 05C6C65CF717FA7638A14EDB4BBBA5D369AA60D633E3BD44296E5081348BCB19
CrackTool.Agent, D:YARRADOBE ACROBAT PRO DC 2020 V20.12.20048 MULTILINGUALFIXEMULAMTEMU.V0.9.2-PAINTER.EXE, Quarantined, 5883, 445980, 1.0.47140, 9082695A2E6099F583AC763F, dds, 01506844, 8ABDC20F619641E29AA9AD2B999A0DCC, CDC95D0113A2AF05C2E70FAB23F6C218AE583EBCB47077DD5B705A476F9D6B96
HackTool.Patcher, D:YARRADOBE ACROBAT PRO DC 2020 V20.12.20048 MULTILINGUALFIXPATCHADOBE.SNR.PATCH.V2.0-PAINTER.EXE, Quarantined, 7466, 473286, 1.0.47140, 16E5B466C030F0E5254BF951, dds, 01506844, B31679DB7DB878992B4553290A9E6C7C, 256C2A409C97448D168F3EB1BFB89AF3D259DFC05A510A3F464D8E4B348116D4

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

——-

Adwcleaner LOG

 

# ——————————-
# Malwarebytes AdwCleaner 8.3.0.0
# ——————————-
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# ——————————-
# Mode: Scan
# ——————————-
# Start:    11-13-2021
# Duration: 00:00:12
# OS:       Windows 10 Home
# Scanned:  31990
# Detected: 15

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:Program FilesDELLCOMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:ProgramDataDELLCOMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Preinstalled.DellSupportAssistAgent   Folder   C:Program FilesDELLSAREMEDIATIONAUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:Program FilesDELLSAREMEDIATIONPLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:Program FilesDELLSUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent   Folder   C:ProgramDataSUPPORTASSISTCLIENTTECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent   Folder   C:UsersDoriDocumentsDELLSUPPORTASSIST
Preinstalled.DellSupportAssistAgent   Registry   HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{CA1B3D2F-3F50-4B8A-AB48-571873371C3B}  
Preinstalled.DellSupportAssistAgent   Registry   HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{CA1B3D2F-3F50-4B8A-AB48-571873371C3B}  
Preinstalled.DellSupportAssistAgent   Registry   HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent   Task   C:WindowsSystem32TasksDELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:Program Files (x86)DELLUPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:Program FilesDELLUPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:ProgramDataDELLUPDATESERVICE

AdwCleaner[S00].txt – [3027 octets] – [12/11/2021 16:06:18]

########## EOF – C:AdwCleanerLogsAdwCleaner[S01].txt ##########

——-

 

FRST TEXT LOG

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by Dori (administrator) on DESKTOP-HPGP98M (Dell Inc. G7 7588) (13-11-2021 00:10:21)
Running from C:UsersDoriDesktop
Loaded Profiles: Dori
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(Autodesk, Inc. -> Autodesk) [File not signed] C:Program Files (x86)Common FilesAutodesk SharedAdskLicensing11.0.0.4854AdskLicensingServiceAdskLicensingService.exe
(Autodesk, Inc. -> Autodesk, Inc.) [File not signed] C:AutodeskNetwork License Manageradskflex.exe
(Dell Inc -> ) C:Program Files (x86)DellUpdateServiceServiceShell.exe
(Dell Inc -> Dell Inc.) C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultDDVRulesProcessor.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:Program FilesDellDellDataVaultnvapiw.exe
(Electronic Arts, Inc. -> Electronic Arts) D:ProgramsOriginOriginWebHelperService.exe
(Flexera Software LLC -> Flexera) C:AutodeskNetwork License Managerlmgrd.exe <2>
(Flexera Software LLC -> Flexera) C:Program Files (x86)Common FilesMacrovision SharedFlexNet PublisherFNPLicensingService.exe
(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6cttGCP.ML.BackgroundSysTrayIGCCTray.exe
(INTEL CORP) C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6cttIGCC.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7208949846a9b9dcigfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7208949846a9b9dcigfxEM.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_9cf4db1a1fd1b22dOneApp.IGCC.WinService.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_362cfac2b6e1097fIntelCpHDCPSvc.exe
(Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_362cfac2b6e1097fIntelCpHeciSvc.exe
(Intel Corporation -> Intel® Corporation) C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_b5484efd38adbe8djhi_service.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_9c788f1d162b1224RstMwService.exe
(Logitech Inc -> Logitech Inc.) C:Program FilesLogitech Gaming SoftwareArxAppletsDiscordlogitechg_discord.exe
(Logitech Inc -> Logitech Inc.) C:Program FilesLogitech Gaming SoftwareLCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe <14>
(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <2>
(Nvidia Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvdmi.inf_amd64_1d9733c3f8b56796Display.NvContainerNVDisplay.Container.exe <2>
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:Program FilesDellSupportAssistAgentPCDSupportAssistDsapi.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <3>
(Rivet Networks LLC -> Rivet Networks LLC) C:WindowsSystem32driversRivetNetworksKillerxTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:WindowsSystem32driversRivetNetworksKillerKillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:WindowsSystem32driversRivetNetworksKillerKillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:WindowsSystem32driversRivetNetworksKillerxTendUtilityService.exe
(Waves Inc -> Waves Audio Ltd.) C:WindowsSystem32DriverStoreFileRepositorywavesapo.inf_amd64_043a570d84e7e965WavesSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [WavesSvc] => C:WINDOWSSystem32DriverStoreFileRepositorywavesapo.inf_amd64_043a570d84e7e965WavesSvc64.exe [1229072 2018-03-09] (Waves Inc -> Waves Audio Ltd.)
HKLM…Run: [Launch LCore] => C:Program FilesLogitech Gaming SoftwareLCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM…Run: [pac] => C:Program FilesAutodeskPersonal Accelerator for RevitRevitAccelerator.exe [221992 2020-12-09] (Autodesk, Inc. -> Autodesk)
HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-06-02] (Adobe Inc. -> )
HKLM-x32…Run: [Acrobat Assistant 8.0] => C:Program Files (x86)AdobeAcrobat DCAcrobatAcrotray.exe [5641776 2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32…Run: [] => [X]
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…Run: [Viber] => C:UsersDoriAppDataLocalViberViber.exe [54922512 2021-10-27] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…Run: [Discord] => C:UsersDoriAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…Run: [EpicGamesLauncher] => D:ProgramsEpic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33435616 2021-10-10] (Epic Games Inc. -> Epic Games, Inc.)
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…Run: [com.squirrel.slack.slack] => C:UsersDoriAppDataLocalslackslack.exe [309568 2021-10-26] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKUS-1-5-21-1837760386-3629158831-3067125119-1002…PoliciesExplorer: []
HKLM…PrintMonitorsAdobe PDF Port Monitor: C:Windowssystem32AdobePDF.dll [65488 2020-09-11] (Adobe Inc. -> Adobe Systems Inc)
HKLM…PrintMonitorsCutePDF Writer Monitor v3.2: C:Windowssystem32cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM…PrintMonitorsPDF-XChange Standard Port Monitor: C:WINDOWSsystem32pxcpm.dll [2162432 2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication95.0.4638.69Installerchrmstp.exe [2021-11-02] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupNetwork Server.lnk [2020-05-08]
ShortcutTarget: Network Server.lnk -> C:Program Files (x86)WIBUKEYServerWkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {031CEF3F-2B02-4A45-B2B2-42065985893F} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-06-17] (Google Inc -> Google LLC)
Task: {19AF1392-C326-4EB9-8CBF-19B085DF32EE} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19D5F303-1C0F-4E2D-9E45-D8C7662396DF} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2100DAAF-AD14-47B6-AA6F-A2ECB2883B5F} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {217F48AB-7A0F-4E9E-A68B-96EA09F7D660} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37AF87E5-17DA-4445-AEF1-6EA34F1C272F} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log
Task: {3AE7690B-48D4-46C6-AA59-63B23066978A} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-06-17] (Google Inc -> Google LLC)
Task: {3C8782BF-7F4D-47C3-95BA-FD40BBA65186} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4AC1F83C-3614-4A2C-9975-425D15709127} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {53A01CED-054A-425B-8139-90280AAD3FBB} – System32TasksMicrosoftWindowsUpdateOrchestratorOrchestrator => C:Program Files (x86)InstallShield Installation Information{BB281145-A521-2EF3-B593-C5D534DC9911}orchestrator.exe [1662662 2018-02-24] (MS) [File not signed]
Task: {544DFCE4-6332-42EA-A922-482CBCFDC65B} – System32TasksIntelThunderboltStart Thunderbolt application when hardware is detected => C:Program Files (x86)IntelThunderbolt Software\ConditionalAppStarter.exe [226008 2018-12-25] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {5E79B1FA-057A-49B0-974E-1D502AC31C4F} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {619A4814-DFCF-45C2-BFD7-35C1583DAD9D} – System32TasksIntelThunderboltStart Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {68C63913-B963-4DAA-9CDF-72C777E8358E} – System32TasksMozillaFirefox Background Update 308046B0AF4A39CB => C:Program FilesMozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozillaupdates308046B0AF4A39CBbackgroundupdate.moz_log –backgroundtask backgroundupdate
Task: {75B023C9-72AC-4ED6-9BB4-1A4F02E698F3} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7A12369A-94B6-46C1-99BF-629C999D1FAB} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86D5FEF2-C64F-4F71-A2AD-FC4AF93FD7EA} – System32TasksOneDrive Standalone Update Task v2 => C:UsersDoriAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe (No File)
Task: {890AEF26-C02E-47B7-A59D-2F52DBF7EADA} – System32TasksMicrosoftWindowsUpdateOrchestratorShutdown => C:Program Files (x86)InstallShield Installation Information{BB281145-A521-2EF3-B593-C5D534DC9911}orchestrator.exe [1662662 2018-02-24] (MS) [File not signed]
Task: {8A1DE423-7A78-4BF0-957A-06A74C35813B} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log
Task: {90AC4C3D-8BB4-49C7-A6E3-8322C54ED968} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {90DD2958-E8B6-41E5-BBDB-3D8C9C87D051} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9247048E-7C88-43E4-9A44-3DCF13CB3385} – System32TasksIntelThunderboltStart Thunderbolt service on boot if driver is up => C:Program Files (x86)IntelThunderbolt Software\tbtsvc.exe [2302168 2018-12-25] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {93F58921-DE24-4FAF-99C3-CDF35270A429} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7330364-4366-447F-8A0B-063BF8EE4356} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB4CC7EE-D088-4F1A-9602-17A8908B141A} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {B324DF16-F83B-4E13-9E9F-452E303DE5EC} – System32TasksIntelThunderboltStart Thunderbolt application on switch user if service is up => C:Program Files (x86)IntelThunderbolt Software\ConditionalAppStarter.exe [226008 2018-12-25] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {C5379208-E7CD-4742-A90C-6123B29E5CAD} – System32TasksIntelThunderboltStart Thunderbolt application on login if service is up => C:Program Files (x86)IntelThunderbolt Software\ConditionalAppStarter.exe [226008 2018-12-25] (Intel® Client Connectivity Division SW -> Intel Corporation)
Task: {CA1B3D2F-3F50-4B8A-AB48-571873371C3B} – System32TasksDell SupportAssistAgent AutoUpdate => C:Program FilesDellSupportAssistAgentbinSupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {F862B9C0-C343-4630-BCAC-3379336E1F55} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip..Interfaces{8ce64e98-5ffb-4488-b13e-26f5584512af}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip..Interfaces{e8bd546d-75c5-45b4-a4d6-6efd25c95d5f}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

FireFox:
========
FF DefaultProfile: limu9rvi.default
FF DefaultProfile: rrh6xmm9.default
FF ProfilePath: C:UsersDoriAppDataRoamingZoteroZoteroProfileslimu9rvi.default [2021-11-04]
FF ProfilePath: C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2 [2021-11-12]
FF Extension: (Facebook Container) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensions@contain-facebook.xpi [2019-07-08]
FF Extension: (Windscribe VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensions@windscribeff.xpi [2019-06-19]
FF Extension: (To Google Translate) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionsjid1-93WyvpgvxzGATw@jetpack.xpi [2019-07-11]
FF Extension: (Pushbullet) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionsjid1-BYcQOfYfmBMd9A@jetpack.xpi [2019-06-19]
FF Extension: (Firefox Lightbeam) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-06-19]
FF Extension: (Mate Translate – translator, dictionary) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionsjid1-TMndP6cdKgxLcQ@jetpack.xpi [2019-06-19]
FF Extension: (Reddit Enhancement Suite) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-06-19]
FF Extension: (Touch VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2Extensionstouch-vpn@anchorfree.com.xpi [2019-06-19]
FF Extension: (uBlock Origin) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesj5sw672p.default-release-2ExtensionsuBlock0@raymondhill.net.xpi [2019-07-10]
FF ProfilePath: C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1 [2021-11-12]
FF Extension: (Facebook Container) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensions@contain-facebook.xpi [2019-06-18]
FF Extension: (Windscribe VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensions@windscribeff.xpi [2019-06-18]
FF Extension: (ETP Search Volume Study) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsetp-search-volume-study@shield.mozilla.org.xpi [2019-06-18]
FF Extension: (To Google Translate) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsjid1-93WyvpgvxzGATw@jetpack.xpi [2019-06-18]
FF Extension: (Pushbullet) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsjid1-BYcQOfYfmBMd9A@jetpack.xpi [2019-06-18]
FF Extension: (Firefox Lightbeam) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-06-18]
FF Extension: (Mate Translate – translator, dictionary) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsjid1-TMndP6cdKgxLcQ@jetpack.xpi [2019-06-18]
FF Extension: (Reddit Enhancement Suite) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-06-18]
FF Extension: (Touch VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1Extensionstouch-vpn@anchorfree.com.xpi [2019-06-17]
FF Extension: (uBlock Origin) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilesv4e4843b.default-release-1ExtensionsuBlock0@raymondhill.net.xpi [2019-06-17]
FF ProfilePath: C:UsersDoriAppDataRoamingMozillaFirefoxProfilesrrh6xmm9.default [2019-06-17]
FF ProfilePath: C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-release [2021-11-12]
FF Extension: (Facebook Container) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensions@contain-facebook.xpi [2019-06-17]
FF Extension: (Windscribe VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensions@windscribeff.xpi [2019-06-17]
FF Extension: (To Google Translate) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsjid1-93WyvpgvxzGATw@jetpack.xpi [2019-06-17]
FF Extension: (Pushbullet) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsjid1-BYcQOfYfmBMd9A@jetpack.xpi [2019-06-17]
FF Extension: (Firefox Lightbeam) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-06-17]
FF Extension: (Mate Translate – translator, dictionary) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsjid1-TMndP6cdKgxLcQ@jetpack.xpi [2019-06-17]
FF Extension: (Reddit Enhancement Suite) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2019-06-17]
FF Extension: (Touch VPN) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionstouch-vpn@anchorfree.com.xpi [2019-06-17]
FF Extension: (uBlock Origin) – C:UsersDoriAppDataRoamingMozillaFirefoxProfilespeh8it56.default-releaseExtensionsuBlock0@raymondhill.net.xpi [2019-06-17]
FF ProfilePath: C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3 [2021-11-13]
FF Session Restore: MozillaFirefoxProfiles7mvhh5ii.default-release-3 -> is enabled.
FF Notifications: MozillaFirefoxProfiles7mvhh5ii.default-release-3 -> hxxps://tomato-timer.com; hxxps://us05web.zoom.us; hxxps://app.slack.com
FF Extension: (Facebook Container) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensions@contain-facebook.xpi [2021-08-03]
FF Extension: (Dark Reader) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsaddon@darkreader.org.xpi [2021-11-09]
FF Extension: (Browsec VPN – Free VPN for Firefox) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsbrowsec@browsec.com.xpi [2021-11-02]
FF Extension: (To Google Translate) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsjid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-22]
FF Extension: (Firefox Lightbeam) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-07-25]
FF Extension: (Mate Translate – translator, dictionary) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsjid1-TMndP6cdKgxLcQ@jetpack.xpi [2020-11-21]
FF Extension: (Reddit Enhancement Suite) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2021-05-31]
FF Extension: (uBlock Origin) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3ExtensionsuBlock0@raymondhill.net.xpi [2021-10-18]
FF Extension: (Zotero Connector) – C:UsersDoriAppDataRoamingMozillaFirefoxProfiles7mvhh5ii.default-release-3Extensionszotero@chnm.gmu.edu.xpi [2021-10-14] [UpdateUrl:hxxps://www.zotero.org/download/connector/firefox/release/updates.json]
FF HKLM…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi [2020-09-11]
FF HKLM-x32…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi
FF Plugin-x32: Adobe Acrobat -> C:Program Files (x86)AdobeAcrobat DCAcrobatAirnppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-89C7CB5556C69D1E – D:firefox.exe

Chrome:
=======
CHR Profile: C:UsersDoriAppDataLocalGoogleChromeUser DataDefault [2021-11-12]
CHR Notifications: Default -> hxxps://web.skype.com
CHR Extension: (Slides) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-06-17]
CHR Extension: (Docs) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-06-17]
CHR Extension: (Google Drive) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (YouTube) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-17]
CHR Extension: (uBlock Origin) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-25]
CHR Extension: (Adobe Acrobat) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-04-23]
CHR Extension: (Sheets) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-06-17]
CHR Extension: (Google Docs Offline) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-22]
CHR Extension: (Hola Free VPN Proxy Unblocker – Best VPN) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsgkojfkhlekighikafcpjkiklfbnlmeio [2021-06-20]
CHR Extension: (Chrome Web Store Payments) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-03-22]
CHR Extension: (Netflix Party is now Teleparty) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionsoocalimimngaihdkbihfgmpkcpnmlaoa [2021-09-22]
CHR Extension: (Gmail) – C:UsersDoriAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 Adsk2022; C:AutodeskNetwork License Managerlmgrd.exe [1201488 2021-02-24] (Flexera Software LLC -> Flexera)
R2 AdskLicensingService; C:Program Files (x86)Common FilesAutodesk SharedAdskLicensingCurrentAdskLicensingServiceAdskLicensingService.exe [18673448 2021-03-30] (Autodesk, Inc. -> Autodesk) [File not signed]
S4 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 ApHidMonitorService; C:WINDOWSsystem32DellTPadHidMonitorSvc.exe [878640 2018-02-05] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8903520 2021-09-13] (BattlEye Innovations e.K. -> )
S4 dcpm-notify; C:Program FilesDellCommandPowerManagerNotifyService.exe [315008 2021-05-13] (Dell Inc -> Dell Inc.)
R2 DDVCollectorSvcApi; C:Program FilesDellDellDataVaultDDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:Program FilesDellDellDataVaultDDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:Program FilesDellDellDataVaultDDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:Program FilesDellSupportAssistAgentPCDSupportAssistDsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S3 Dell.CommandPowerManager.Service; C:WINDOWSsystem32dllhost.exe /Processid:{200C3D72-B6D8-481E-8627-C325831B36AA} [21312 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:Program Files (x86)DellUpdateServiceServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [818304 2021-10-20] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 KAPSService; C:WINDOWSSystem32driversRivetNetworksKillerKAPSService.exe [73480 2021-04-02] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:WINDOWSSystem32driversRivetNetworksKillerKillerAnalyticsService.exe [1775392 2021-04-02] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:WINDOWSSystem32driversRivetNetworksKillerKillerNetworkService.exe [2663208 2021-04-02] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:WINDOWSSystem32driversRivetNetworksKillerKNDBWMService.exe [73496 2021-04-02] (Rivet Networks LLC -> Rivet Networks, LLC.)
S4 LogiRegistryService; C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7848632 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; D:ProgramsOriginOriginClientService.exe [2557656 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:ProgramsOriginOriginWebHelperService.exe [3476184 2021-10-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 SupportAssistAgent; C:Program FilesDellSupportAssistAgentbinSupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2110.6-0MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:WINDOWSSystem32driversRivetNetworksKillerxTendSoftAPService.exe [73504 2021-04-02] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:WINDOWSSystem32driversRivetNetworksKillerxTendUtilityService.exe [73504 2021-04-02] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 edgeupdate; “C:Program Files (x86)MicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe” /svc [X]
S3 edgeupdatem; “C:Program Files (x86)MicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe” /medsvc [X]
R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvdmi.inf_amd64_1d9733c3f8b56796Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvdmi.inf_amd64_1d9733c3f8b56796Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ApHidfiltrService; C:WINDOWSSystem32driversApHidfiltr.sys [373544 2018-02-05] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [153088 2021-08-13] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:WINDOWSSystem32driversdddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 imausbhpal; C:WINDOWSSystem32driversimausbhpal.sys [671224 2017-05-19] (Intel® Wireless Connectivity Solutions -> )
S3 imausbhub; C:WINDOWSSystem32driversimausbhub.sys [479736 2017-05-19] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 KfeCoSvc; C:WINDOWSSystem32driversRivetNetworksKillerKfeCo10X64.sys [184400 2021-04-02] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 LGCoreTemp; C:Program FilesLogitech Gaming SoftwareDriversLgCoreTemplgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:WINDOWSsystem32driversLGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LSI_SAS3; C:WINDOWSSystem32driverslsi_sas3.sys [101384 2015-11-18] (AVAGO TECHNOLOGIES U.S. INC. -> Avago Technologies)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
S3 megasas35; C:WINDOWSSystem32driversmegasas35.sys [87576 2018-02-16] (Avago Technologies U.S. Inc. -> Avago Technologies)
S3 percsas3; C:WINDOWSSystem32driverspercsas3.sys [75792 2016-09-20] (AVAGO TECHNOLOGIES U.S. INC. -> Avago Technologies)
S3 RvNetMP60; C:WINDOWSSystem32driversRvNetMP60.sys [69048 2021-09-21] (Famatech Corp. -> Famatech Corp.)
S3 SynPTPHID; C:WINDOWSSystem32driversSynPTPHID.sys [64040 2018-04-02] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ViGEmBus; C:WINDOWSSystem32driversViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:WINDOWSSystem32DRIVERSWibuKey64.sys [118200 2019-06-21] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
S4 DBUtilDrv2; SystemRootSystem32driversDBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-13 00:10 – 2021-11-13 00:10 – 000037011 _____ C:UsersDoriDesktopFRST.txt
2021-11-13 00:09 – 2021-11-13 00:09 – 000003088 _____ C:UsersDoriDesktopAdwCleaner[S01].txt
2021-11-13 00:07 – 2021-11-13 00:07 – 000002360 _____ C:UsersDoriDesktopmalwarebyteslog.txt
2021-11-13 00:06 – 2021-11-13 00:06 – 000000000 ____D C:WINDOWSPanther
2021-11-12 23:51 – 2021-11-12 23:51 – 000002384 _____ C:UsersDoriDesktopmlwrbyteslog.txt
2021-11-12 18:37 – 2021-11-12 18:37 – 000000000 ____D C:UsersDoriDocumentsZoom
2021-11-12 17:10 – 2021-11-12 17:10 – 003227579 _____ C:UsersDoriDesktopunterwaltersdorf- einfuehrung 12.10.21 .pdf
2021-11-12 16:23 – 2021-11-12 16:23 – 000001004 _____ C:UsersDoriDesktopin – Shortcut.lnk
2021-11-12 16:09 – 2021-11-13 00:10 – 000000000 ____D C:FRST
2021-11-12 16:09 – 2021-11-12 16:09 – 002312192 _____ (Farbar) C:UsersDoriDesktopFRST64.exe
2021-11-12 16:05 – 2021-11-12 16:06 – 000000000 ____D C:AdwCleaner
2021-11-12 16:05 – 2021-11-12 16:05 – 008553680 _____ (Malwarebytes) C:UsersDoriDesktopadwcleaner_8.3.0.exe
2021-11-12 13:33 – 2021-11-12 13:47 – 000000000 ____D C:ProgramDataHitmanPro
2021-11-12 13:33 – 2021-11-12 13:33 – 000000000 ____D C:Program FilesHitmanPro
2021-11-12 13:32 – 2021-11-12 13:32 – 011332032 _____ (SurfRight B.V.) C:UsersDoriDesktopHitmanPro_x64.exe
2021-11-12 13:25 – 2021-11-12 13:27 – 000001872 _____ C:UsersDoriDesktopRkill.txt
2021-11-12 13:25 – 2021-11-12 13:25 – 001802704 _____ (Bleeping Computer, LLC) C:UsersDoriDesktoprkill.exe
2021-11-12 12:52 – 2021-11-12 12:52 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-11-12 12:52 – 2021-11-12 12:52 – 000002041 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-11-12 12:52 – 2021-11-12 12:52 – 000002029 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-11-12 12:52 – 2021-11-12 12:51 – 000160176 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2021-11-12 12:52 – 2021-11-12 12:51 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2021-11-12 12:51 – 2021-11-12 12:51 – 000000000 ____D C:ProgramDataMalwarebytes
2021-11-12 12:51 – 2021-11-12 12:51 – 000000000 ____D C:Program FilesMalwarebytes
2021-11-12 12:16 – 2021-11-12 12:16 – 000000842 _____ C:UsersDoriDesktopSEM 4 – Shortcut.lnk
2021-11-11 17:50 – 2021-11-11 17:50 – 000008149 _____ C:UsersDoriDesktopcode for map.txt
2021-11-11 10:54 – 2021-11-11 10:54 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe
2021-11-11 10:54 – 2021-11-11 10:54 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2021-11-11 10:54 – 2021-11-11 10:54 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe
2021-11-11 10:54 – 2021-11-11 10:54 – 000011363 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-11-11 10:49 – 2021-11-11 10:49 – 000000000 ___HD C:$WinREAgent
2021-11-08 22:12 – 2021-11-08 22:13 – 001363782 _____ C:UsersDoriDesktoppresentation.pdf
2021-11-08 11:54 – 2021-11-08 11:54 – 013191432 _____ C:UsersDoriDesktopTandy (Radio Shack) – Getting started in electronics.pdf
2021-11-07 14:52 – 2021-11-07 14:52 – 005164400 _____ C:UsersDoriDesktopZwischenpräsentation_small_Rebecca_Alina.pdf
2021-11-07 00:08 – 2021-11-07 00:08 – 000001154 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Health Check.lnk
2021-11-07 00:08 – 2021-11-07 00:08 – 000000000 ____D C:Program FilesPCHealthCheck
2021-11-04 16:08 – 2021-11-05 01:26 – 000000000 ____D C:Program FilesMozilla Firefox
2021-11-03 12:01 – 2021-11-03 12:01 – 000000000 ____D C:UsersDoriAppDataLocalViber
2021-11-02 17:17 – 2021-11-02 17:19 – 000000000 ____D C:UsersDoriAppDataRoamingAnalytics
2021-11-02 17:17 – 2021-11-02 17:17 – 000000000 ____D C:UsersDoriAppDataRoamingDynamo
2021-11-02 17:17 – 2021-11-02 17:17 – 000000000 ____D C:UsersDoriAppDataLocaldynamoplayer-4
2021-11-02 17:17 – 2021-11-02 17:17 – 000000000 ____D C:UsersDoriAppDataLocalChromium
2021-10-30 13:56 – 2021-10-30 15:01 – 000000000 ____D C:UsersDoriAppDataRoamingPath of Exile
2021-10-30 12:56 – 2021-10-30 12:56 – 000000222 _____ C:UsersDoriDesktopPath of Exile.url
2021-10-28 22:01 – 2021-10-28 22:01 – 000001477 _____ C:UsersDoriAppDataRoamingMicrosoftWindowsStart MenuProgramsNVIDIA GeForce NOW.lnk
2021-10-28 22:01 – 2021-10-28 22:01 – 000001469 _____ C:UsersDoriDesktopNVIDIA GeForce NOW.lnk
2021-10-26 12:34 – 2021-10-26 12:34 – 000002198 _____ C:UsersDoriDesktopSlack.lnk
2021-10-25 14:50 – 2021-10-25 14:50 – 000000000 ____D C:UsersDoriAppDataLocalAutodesk,_Inc
2021-10-24 22:53 – 2021-10-25 12:20 – 000000000 ____D C:UsersDoriDesktoptrash
2021-10-20 20:42 – 2021-10-20 20:42 – 000000000 ____D C:UsersDoriAppDataLocalWarThunder
2021-10-14 09:43 – 2021-11-04 13:28 – 000000000 ____D C:UsersDoriZotero
2021-10-14 09:43 – 2021-10-14 09:50 – 000000000 ____D C:UsersDoriAppDataLocalZotero
2021-10-14 09:43 – 2021-10-14 09:43 – 000000787 _____ C:UsersPublicDesktopZotero.lnk
2021-10-14 09:43 – 2021-10-14 09:43 – 000000787 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsZotero.lnk
2021-10-14 09:43 – 2021-10-14 09:43 – 000000000 ____D C:UsersDoriAppDataRoamingZotero

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-13 00:11 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-11-13 00:10 – 2021-06-13 23:53 – 000000000 ____D C:ProgramDataMozilla
2021-11-13 00:09 – 2019-12-07 10:13 – 000000000 ____D C:WINDOWSINF
2021-11-13 00:09 – 2019-06-17 20:02 – 000000000 ____D C:UsersDoriAppDataLocalLowMozilla
2021-11-13 00:09 – 2019-06-17 18:35 – 000000000 ____D C:Program Files (x86)Google
2021-11-13 00:08 – 2019-02-08 17:31 – 000000000 ____D C:ProgramDataNVIDIA
2021-11-13 00:07 – 2021-10-12 16:54 – 000000000 ____D C:UsersDoriAppDataRoamingSlack
2021-11-13 00:06 – 2021-03-16 01:55 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-11-13 00:06 – 2021-03-16 01:48 – 000008192 ___SH C:DumpStack.log.tmp
2021-11-13 00:06 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSServiceState
2021-11-13 00:06 – 2019-12-07 10:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-11-13 00:06 – 2019-06-17 18:22 – 000000000 __SHD C:UsersDoriIntelGraphicsProfiles
2021-11-13 00:06 – 2019-02-08 17:27 – 000000000 ____D C:Intel
2021-11-12 23:49 – 2021-03-16 01:48 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-11-12 16:27 – 2021-07-24 21:51 – 000000000 ____D C:UsersDoriAppDataRoamingvlc
2021-11-12 16:18 – 2019-09-11 18:12 – 000000000 ____D C:ProgramDataAutodesk
2021-11-12 14:13 – 2021-03-16 01:50 – 000000000 ____D C:UsersDori
2021-11-12 13:37 – 2019-12-07 10:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-11-12 13:37 – 2019-06-17 18:22 – 000000000 ____D C:UsersDoriAppDataLocalPackages
2021-11-12 13:26 – 2019-06-17 18:24 – 000000000 ____D C:UsersDoriAppDataLocalD3DSCache
2021-11-12 13:13 – 2019-06-17 19:44 – 000000000 ____D C:Program Files (x86)Steam
2021-11-12 12:52 – 2019-12-07 10:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-11-12 12:28 – 2019-06-18 22:56 – 000000000 ____D C:UsersDoriDocumentsMy Games
2021-11-12 11:11 – 2021-03-16 13:04 – 000842414 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-11-12 11:11 – 2021-01-30 18:30 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData
2021-11-12 00:59 – 2019-12-07 10:03 – 000524288 _____ C:WINDOWSsystem32configBBI
2021-11-12 00:58 – 2019-12-10 20:41 – 000000000 ____D C:UsersDoriAppDataRoamingDiscord
2021-11-12 00:44 – 2019-12-10 20:40 – 000000000 ____D C:UsersDoriAppDataLocalDiscord
2021-11-11 21:32 – 2019-06-20 15:10 – 000000000 ____D C:ProgramDataPackages
2021-11-11 21:13 – 2021-06-16 22:16 – 000995840 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSysWOW64setup
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSSystemResources
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSsystem32Dism
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSShellExperiences
2021-11-11 21:12 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-11-11 21:12 – 2019-12-07 10:03 – 000000000 ____D C:WINDOWSservicing
2021-11-11 10:56 – 2019-12-07 10:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-11-11 10:47 – 2019-06-17 20:33 – 000000000 ____D C:WINDOWSsystem32MRT
2021-11-11 10:45 – 2019-06-17 20:32 – 141529560 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2021-11-10 16:59 – 2021-05-20 15:11 – 000000000 ____D C:ProgramDataRevitInterProcess
2021-11-09 13:24 – 2019-12-07 10:14 – 000000000 ____D C:WINDOWSRegistration
2021-11-08 20:55 – 2019-06-18 21:42 – 000000000 ____D C:UsersDoriAppDataLocalCrashDumps
2021-11-08 20:45 – 2019-10-08 13:03 – 000000000 ____D C:ProgramDataboost_interprocess
2021-11-08 14:36 – 2019-07-28 16:44 – 000000000 ____D C:UsersDoriAppDataRoamingViberPC
2021-11-05 01:30 – 2019-06-30 15:43 – 000000000 ____D C:ProgramDataPCDr
2021-11-05 01:26 – 2021-06-16 22:17 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2021-11-04 16:29 – 2021-09-13 20:38 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2021-11-04 16:29 – 2019-07-25 20:27 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2021-11-03 21:25 – 2021-09-10 06:53 – 000000000 ____D C:UsersDoriDesktop_a
2021-11-02 21:49 – 2018-07-08 22:01 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-11-02 21:42 – 2019-06-17 18:36 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-11-02 18:45 – 2019-09-11 20:21 – 000000000 ____D C:UsersDoriAppDataLocalCutePDF Writer
2021-11-02 18:35 – 2019-12-20 10:57 – 000000000 ____D C:UsersDoriAppDataRoamingFileZilla
2021-10-30 12:56 – 2019-06-17 20:09 – 000000000 ____D C:UsersDoriAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2021-10-28 22:01 – 2019-06-17 18:25 – 000000000 ____D C:UsersDoriAppDataLocalNVIDIA
2021-10-28 22:01 – 2019-06-17 18:23 – 000000000 ____D C:UsersDoriAppDataLocalNVIDIA Corporation
2021-10-28 22:01 – 2019-02-08 17:30 – 000000000 ____D C:ProgramDataNVIDIA Corporation
2021-10-26 12:34 – 2021-10-12 16:54 – 000000000 ____D C:UsersDoriAppDataRoamingMicrosoftWindowsStart MenuProgramsSlack Technologies Inc
2021-10-26 12:34 – 2021-10-12 16:54 – 000000000 ____D C:UsersDoriAppDataLocalslack
2021-10-26 12:34 – 2019-12-10 20:40 – 000000000 ____D C:UsersDoriAppDataLocalSquirrelTemp
2021-10-25 14:48 – 2019-09-11 18:48 – 000083352 _____ C:UsersDoriAppDataLocalGDIPFONTCACHEV1.DAT
2021-10-23 14:32 – 2020-01-07 18:58 – 000000000 ____D C:ProgramDataOrigin
2021-10-23 13:25 – 2021-08-02 13:16 – 000000000 ____D C:UsersDoriAppDataLocalOrigin
2021-10-20 20:41 – 2021-07-24 21:02 – 000000000 ____D C:Program Files (x86)EasyAntiCheat
2021-10-20 20:41 – 2020-12-31 15:17 – 000000000 ____D C:UsersDoriAppDataRoamingEasyAntiCheat
2021-10-20 00:12 – 2021-08-02 13:17 – 000000000 ____D C:UsersDoriAppDataRoamingOrigin

==================== Files in the root of some directories ========

2021-06-04 15:57 – 2021-07-21 16:14 – 000012288 _____ () C:UsersDoriAppDataRoamingemp.bin
2021-07-17 00:43 – 2021-07-17 00:43 – 000000539 _____ () C:UsersDoriAppDataRoamingPureRef.ini
2020-06-21 17:07 – 2020-06-21 17:07 – 000001456 _____ () C:UsersDoriAppDataLocalAdobe Save for Web 13.0 Prefs
2021-01-30 18:26 – 2021-01-30 18:26 – 000000410 _____ () C:UsersDoriAppDataLocaloobelibMkey.log
2019-06-27 17:23 – 2019-06-27 17:35 – 000007626 _____ () C:UsersDoriAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

ADDITION IS ATTACHED.

 

 

 

Edited by automaticwednesday, 12 November 2021 – 07:33 PM.




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

forty seven − forty one =