www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
URL:
https://www.bleepingcomputer.com/forums/t/768452/js-file-downloaded-and-ran/
Submission: On June 01 via manual from US — Scanned from DE
Submission: On June 01 via manual from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:768452" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="768452">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/768452/js-file-downloaded-and-ran/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Former OpenSea head of product charged with NFT insider trading
Featured Deal: Keep your personal data backed up with this recovery tool deal
JS FILE DOWNLOADED AND RAN
Started by cpiro , Feb 11 2022 08:04 AM
* This topic is locked
10 replies to this topic
#1 CPIRO
cpiro
*
* Members
* 12 posts
* OFFLINE
* Local time:11:09 PM
Posted 11 February 2022 - 08:04 AM
Hi everyone,
The following file has been downloaded and ran on a laptop. The site that was
downloaded from is definitely suspicious. I dont like the report im getting from
VirusTotal either.
File name: Chrome.Update.d0ef27.js
BitDefender which is intalled on the machine reported that it quarantined the
file. This is the reported threat from BitDefender ->
Object
name C:\Users\User\Downloads\download.d0ef27.zip=>Chrome.Update.d0ef27.js=>(INFECTED_JS)
Threat Name: JS.Heur.Calisto.3.AB6762B9.Gen
| Suspicious.Cloud.13.001D9BAB670000
This is the VirusTotal link
-> https://www.virustotal.com/gui/file/3b45fd0f9babc385d9e48f200f79cb0ec6406197abfda50f313b7270f0d4289a/detection
How can i ensure the laptop is clean and that the js script has not done any
further damage after it was opened?
Thank you!
Edited by cpiro, 11 February 2022 - 08:14 AM.
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V164672 Read More
Read More Read More Read More Read More Read More FBI seizes domains used to
sell stolen data,DDoS services 1/1 Skip Ad Continue watching after the ad Visit
Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 11 February 2022 - 08:54 AM
Greetings cpiro and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal
forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please
call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================
Ground Rules:
* First, please keep in mind most of us at BleepingComputer volunteer our
assistance for your benefit in your time of need. Please try to match our
commitment to you with your patience toward us.
* It is important to not run any tools or take any steps other than those I
will provide for you.
* Please perform all steps in the order they are listed. If things are not
clear or you experience problems be sure to stop and let me know.
* Please copy and paste all logs into your post unless otherwise requested.
* When your computer is clean I will let you know, provide instructions to
remove tools and reports, and offer you information about how you can combat
future infections.
* If you do not reply to your topic after 5 days I will assume it has been
abandoned and I will close it.
===================================================
Now that I am assisting you, you can expect that I will be very responsive to
your situation. If you are able, I would request you check this thread at least
once per day so that we can try to resolve your issues effectively and
efficiently. If you are going to be delayed please be considerate and let me
know.
Thank you for your patience thus far.
Please do this.
===================================================
Farbar Recovery Scan Tool (FRST)
--------------------
* Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and
save it to your Desktop. <<< Important
* Right click on the icon and select Run as administrator
* Note: If you receive any warning about the download it is a false positive
and you can ignore it
* Click Yes to the disclaimer
* Click Scan and allow the program to run
* Click OK on the Scan complete screen, then OK on the Addition.txt pop up
screen
* 2 Notepad documents should now be open on your desktop.
* Please copy and paste the contents of each report in separate reply windows
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* FRST.txt
* Addition.txt
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#3 CPIRO
cpiro
* Topic Starter
*
* Members
* 12 posts
* OFFLINE
* Local time:11:09 PM
Posted 11 February 2022 - 09:40 AM
FIRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by Administrator (administrator) on LAPTOP (LENOVO 20VE) (11-02-2022
16:07:47)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: 135 & Administrator & user_obfuscated1 & user_obfuscated
Platform: Microsoft Windows 10 Enterprise Version 21H1 19043.1466 (X64)
Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Action1 Corporation -> Action1 Corporation)
C:\Windows\Action1\action1_agent.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Reader\AdobeCollabSync.exe <2>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Endpoint
Security\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Endpoint
Security\epintegrationservice.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Endpoint
Security\epprotectedservice.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Endpoint
Security\epsecurityservice.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Endpoint
Security\epupdateservice.exe
(CommPeak) [File not signed] C:\Program Files\CommPeak\CommPeak
Softphone\CommPeak Softphone.exe <7>
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
C:\Windows\System32\ELANFPService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
C:\Windows\System32\ElanIapService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
<64>
(Intel Corporation -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Intel Corporation -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIServiceN.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxEMN.exe
<2>
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_78ff17a5ea060c5f\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c1bb57f83a7b11b3\IntelCpHDCPSvc.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe <2>
(Lenovo -> Lenovo(beijing) Limited)
C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
(Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program
Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Microsoft Search in
Bing\MicrosoftSearchInBing.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common
Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
Office\root\Office16\msoasb.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
Office\root\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
OneDrive\OneDrive.exe <2>
(Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program
Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\ImmersiveControlPanel\SystemSettings.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
C:\Windows\System32\FMService64.exe
(MMSOFT Design Ltd. -> MMSOFT Design Ltd.) C:\Program
Files\Pulseway\PCMonitorSrv.exe
(MMSOFT Design Ltd. -> MMSOFT Design Ltd.) C:\Program
Files\Pulseway\pcmontask.exe <2>
(MMSOFT Design Ltd. -> MMSOFT Design Ltd.) C:\Program
Files\Pulseway\PulsewayAddonManager.exe
(NesterSoft Inc. -> NesterSoft Inc.) C:\Program Files (x86)\WTC\WTC.exe <2>
(NesterSoft Inc. -> NesterSoft) C:\Program Files (x86)\WTC\WTCWatch.exe
(Smart Sound Technology -> Intel)
C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_af402faff66f53bd\AS\IAS\IntelAudioService.exe
(TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
(Teramind Inc. -> )
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\dwm.exe
<2>
(Teramind Inc. -> )
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program
Files (x86)\Common Files\Zoom\Support\CptService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. ->
Oracle Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe
2\KeePass.exe [3137728 2021-01-09] (Open Source Developer, Dominik Reichl ->
Dominik Reichl)
HKLM-x32\...\Run: [WTC] => C:\Program Files (x86)\WTC\WTC.exe [4246320
2020-08-04] (NesterSoft Inc. -> NesterSoft Inc.)
HKLM-x32\...\Run: [Teams] => "C:\Program Files (x86)\Microsoft\Teams\Update.exe"
--processStart "Teams.exe" --allUsers --process-start-args "--system-initiated"
(No File)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] =>
C:\Program Files
(x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Installer\setup.exe
[3195784 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1] => C:\Apps\LiveChat\LiveChat.exe
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Policies\system: [legalnoticecaption] Company_X Staff Desktop
HKLM\...\Policies\system: [legalnoticetext] Company_X Staff Use Only.
Unauthorised access is prohibited.
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\Run:
[MicrosoftEdgeAutoLaunch_59F172553F618574CCE6A19A3BE98946] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
--win-session-start /prefetch:5
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [Install] =>
C:\Users\135\AppData\Local\script.bat [435 2021-12-28] () [File not signed]
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [zoommsirepair]
=> C:\Program Files (x86)\Zoom\bin\installer.exe [757032 2021-12-06] (Zoom Video
Communications, Inc. -> Zoom Video Communications, Inc.)
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [Delete Cached
Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q
"C:\Users\135\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [Delete Cached
Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q
"C:\Users\135\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [Uninstall
21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q
"C:\Users\135\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64"
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [Uninstall
21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q
"C:\Users\135\AppData\Local\Microsoft\OneDrive\21.220.1024.0005"
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\...\RunOnce: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2226701930-1242553143-2355408699-500\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3055808520-1387724865-3386475538-7864\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3055808520-1387724865-3386475538-7864\...\RunOnce: [Delete Cached
Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q
"C:\Users\acharalambous_Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3055808520-1387724865-3386475538-7864\...\RunOnce: [Delete Cached
Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q
"C:\Users\acharalambous_Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3055808520-1387724865-3386475538-7864\...\RunOnce: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[ForceClassicControlPanel] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[NoInternetIcon] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[ForceStartMenuLogOff] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[NoCDBurning] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[NoRunasInstallPrompt] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[DisallowCpl] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[NoAutoTrayNotify] 1
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\Policies\Explorer:
[NoAddPrinter] 0
HKLM\...\Print\Monitors\rica6Hlm: C:\WINDOWS\system32\rica6Hlm.dll [28160
2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH
CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\98.0.4758.82\Installer\chrmstp.exe [2022-02-10]
(Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components:
[{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Esl\AiodLite.dll [2021-10-05] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers:
[{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll
[2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers:
[{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll
[2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters:
[{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll
[2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\user_obfuscated\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\CommPeak Softphone.lnk [2022-02-08]
ShortcutTarget: CommPeak Softphone.lnk -> C:\Program Files\CommPeak\CommPeak
Softphone\CommPeak Softphone.exe (CommPeak) [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {0BB6B763-5BEE-4CFA-9C6C-EB1D438AE504} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704
2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BA1EF00-847F-49CA-B885-B6102959A623} -
System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4188240
2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {28BD8FD3-228F-4535-9A3A-DB3BB138D29B} -
System32\Tasks\PulsewayServiceCheck => C:\Program Files\Pulseway\watchdog.bat
[184 2022-02-01] () [File not signed] <==== ATTENTION
Task: {3C3FADEC-E5F6-401E-B1B6-B21B88B17A97} -
System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files
(x86)\Microsoft\Edge\Application\98.0.1108.50\Installer\setup.exe [3196816
2022-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3EDD5509-596D-4379-BF2D-C89515F748E0} - System32\Tasks\Mozilla\Firefox
Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla
Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {469A3021-25C4-4CB9-8756-9DCDD7FFFA92} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-2226701930-1242553143-2355408699-500 => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
Task: {53DBA9C9-9B91-4239-A78A-F1712A62B28E} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-3055808520-1387724865-3386475538-7864 => C:\Program
Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-25]
(Microsoft Corporation -> Microsoft Corporation)
Task: {5E0C0DCA-9448-46E7-9F3F-73EC303F0A37} - System32\Tasks\OneDrive
Per-Machine Standalone Update Task => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
Task: {6201E66C-EC3F-4F70-A90B-8FB391A25026} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8388528 2022-01-03] (Microsoft
Corporation -> Microsoft Corporation)
Task: {64C937E2-519D-44A5-8B8F-779D9DF1C968} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8388528 2022-01-03] (Microsoft
Corporation -> Microsoft Corporation)
Task: {87CBE158-0A77-47BB-9FB1-D97CCEE39921} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-28]
(Microsoft Corporation -> Microsoft Corporation)
Task: {8FD6CA9E-5BB3-4C4F-B242-2BC2B4A64E80} - System32\Tasks\Adobe Acrobat
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {95DF5E81-4B70-4BAF-A301-C8691F13693B} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-2226701930-1242553143-2355408699-1002 => C:\Program
Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-25]
(Microsoft Corporation -> Microsoft Corporation)
Task: {C1B24043-3F68-48A7-9A44-97C80DA00797} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-28] (Google LLC -> Google
LLC)
Task: {CB4D06E3-504B-453B-BE1D-EFB24C39F787} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-28]
(Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}"
was unlocked. <==== ATTENTION
Task: {CD868902-1D8F-4793-ABDC-D3DDE61A519D} -
System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
=> C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows ->
Microsoft Corporation)
Task: {CF237832-C5D3-4157-B5C7-FAAA0CDB0490} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-28] (Google LLC -> Google
LLC)
Task: {EA99BC9C-690F-42F2-97F9-1830C7527C62} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-3055808520-1387724865-3386475538-8729 => C:\Program
Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-25]
(Microsoft Corporation -> Microsoft Corporation)
Task: {F4345F1D-F6C5-4507-A6BA-9F4853D7CE5A} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704
2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}"
was unlocked. <==== ATTENTION
Task: {FAC681AD-06EE-4588-8D29-391FA4778723} -
System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
=> C:\WINDOWS\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows ->
Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings:
[ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: 127.0.0.1 tm.filter
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{354b5a18-0014-49e1-a276-d415dc8dc27a}: [DhcpNameServer]
8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{94275b01-5cdd-49d8-9e3b-fe2e77b771c3}: [DhcpNameServer]
172.24.0.50 172.24.0.66 172.24.0.253
Tcpip\..\Interfaces\{b6cfa7af-a3e8-4760-a552-55b468f1d567}: [DhcpNameServer]
172.24.0.50 172.24.0.66 172.24.0.253
Tcpip\..\Interfaces\{b715ee9f-4754-4332-a4e4-44075143cb43}: [DhcpNameServer]
172.24.0.50 172.24.0.66 172.24.0.253
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User
Data\Default [2022-02-11]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program
Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-12-28] (Oracle
America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program
Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-12-28] (Oracle America, Inc.
-> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2021-12-28] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2021-12-28] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\NPSPWRAP.DLL [2021-12-28] (Microsoft Corporation -> Microsoft
Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader
DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default [2022-02-11]
CHR Extension: (Slides) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-11]
CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-11]
CHR Extension: (Google Drive) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-11]
CHR Extension: (YouTube) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-11]
CHR Extension: (Sheets) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-11]
CHR Extension: (Google Docs Offline) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-11]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-11]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-11]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 A1Agent; C:\WINDOWS\Action1\action1_agent.exe [7017856 2022-01-07] (Action1
Corporation -> Action1 Corporation)
S3 A1Update; C:\WINDOWS\Action1\action1_update.exe [352128 2022-01-11] (Action1
Corporation -> Action1 Corporation)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft
Corporation -> Microsoft Corporation)
S2 DolbyDAXAPI;
C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bbc2d331dc619068\DAX3API.exe
[2305120 2021-03-02] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\WINDOWS\System32\ElanIapService.exe [475088 2020-07-30]
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint
Security\EPIntegrationService.exe [355168 2022-01-28] (Bitdefender SRL ->
Bitdefender)
R2 EPProtectedService; C:\Program Files\Bitdefender\Endpoint
Security\EPProtectedService.exe [367384 2022-01-28] (Bitdefender SRL ->
Bitdefender)
R2 EPRedline; C:\Program Files\Bitdefender\Endpoint Security\bdredline.exe
[3119968 2022-01-28] (Bitdefender SRL -> Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint
Security\EPSecurityService.exe [367376 2022-01-28] (Bitdefender SRL ->
Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint
Security\EPUpdateService.exe [355168 2022-01-28] (Bitdefender SRL ->
Bitdefender)
S3 FileSyncHelper; C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [343936 2020-08-16]
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 IntelAudioService;
C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_af402faff66f53bd\\AS\\IAS\\IntelAudioService.exe
[536432 2020-12-02] (Smart Sound Technology -> Intel)
R2 LenovoFnAndFunctionKeys;
C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_b9fd1528982e300f\LenovoUtilityService.exe
[539128 2021-08-26] (Lenovo -> Lenovo(beijing) Limited)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1820080 2021-02-07] (Lenovo ->
Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
[7972536 2022-02-11] (Malwarebytes Inc -> Malwarebytes)
R2 MicrosoftSearchInBing; C:\Program Files (x86)\Microsoft\Microsoft Search in
Bing\MicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe
/Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-09] (Microsoft
Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-25]
(Microsoft Corporation -> Microsoft Corporation)
R2 PC Monitor; C:\Program Files\Pulseway\PCMonitorSrv.exe [1532752 2022-01-31]
(MMSOFT Design Ltd. -> MMSOFT Design Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher ->
Microsoft Corporation)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [252264
2021-01-26] (TBT_DCH_DRV_PROD -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
[12986664 2021-12-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 tsvchst;
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
[3701552 2021-09-14] (Teramind Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-28] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-28] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WTCWatch; C:\Program Files (x86)\WTC\WTCWatch.exe [2451728 2020-08-04]
(NesterSoft Inc. -> NesterSoft)
R2 ZoomCptService; "C:\Program Files (x86)\Common
Files\Zoom\Support\CptService.exe" -user_path
"C:\Users\Default\AppData\Roaming\Zoom"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976
2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3947928 2022-01-28] (Microsoft
Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest,
ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800672 2021-08-26] (Microsoft
Windows Hardware Compatibility Publisher -> Bitdefender)
R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [88968
2021-10-27] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender
LLC)
S0 BDElam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft
Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [184424 2020-07-15]
(BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [153088 2021-09-03]
(Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176
2022-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 fenrir; C:\WINDOWS\System32\drivers\fenrir.sys [54312 2019-04-05]
(Bitdefender SRL -> )
R3 gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1190288 2022-01-28] (Microsoft
Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest,
ROMANIA)
R3 iaLPSS2_GPIO2_TGL;
C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys
[128152 2020-08-10] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL;
C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys
[197272 2020-08-10] (Intel Corporation -> Intel Corporation)
R0 Ignis; C:\WINDOWS\System32\drivers\ignis.sys [185248 2021-11-04] (Microsoft
Windows Hardware Compatibility Publisher -> Bitdefender)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568
2022-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-11]
(Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-02-11]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-02-11]
(Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992
2022-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-02-11]
(Malwarebytes Inc -> Malwarebytes)
R3 tmfsdrv2; C:\WINDOWS\System32\DRIVERS\tmfsdrv2.sys [247448 2021-09-14]
(Teramind Inc. -> )
R2 tm_filter; C:\WINDOWS\system32\DRIVERS\tm_filter.sys [88728 2021-09-14]
(Teramind Inc. -> Windows ® Win 7 DDK provider)
R2 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [623008 2021-12-28] (Microsoft
Windows Hardware Compatibility Publisher -> Bitdefender)
S3 usbaud; C:\WINDOWS\System32\drivers\usbaud64w10.sys [99672 2020-09-23]
(Synaptics Incorporated -> Synaptics Inc.)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [485792 2021-11-10] (Microsoft
Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-28]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-28]
(Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-28]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-11 16:07 - 2022-02-11 16:08 - 000031923 _____
C:\Users\Administrator\Downloads\FRST.txt
2022-02-11 16:07 - 2022-02-11 16:08 - 000000000 ____D C:\FRST
2022-02-11 16:06 - 2022-02-11 16:07 - 002311680 _____ (Farbar)
C:\Users\Administrator\Downloads\FRST64.exe
2022-02-11 15:30 - 2022-02-11 15:30 - 000001237 _____
C:\Users\Administrator\Desktop\scan.txt
2022-02-11 15:25 - 2022-02-11 15:25 - 000000000 ____D
C:\Users\Administrator\AppData\Local\mbam
2022-02-11 15:24 - 2022-02-11 15:24 - 000248992 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000220568 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000194480 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\farflt.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000160176 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbae64.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000156792 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mwac.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000069040 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\mbam.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000019912 _____ (Malwarebytes)
C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-02-11 15:24 - 2022-02-11 15:24 - 000002033 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-11 15:24 - 2022-02-11 15:24 - 000002021 _____
C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-11 15:23 - 2022-02-11 15:23 - 000000000 ____D
C:\ProgramData\Malwarebytes
2022-02-11 15:23 - 2022-02-11 15:23 - 000000000 ____D C:\Program
Files\Malwarebytes
2022-02-11 15:22 - 2022-02-11 15:22 - 002911928 _____ (Malwarebytes)
C:\Users\Administrator\Downloads\MBSetup-10789.10789-consumer.exe
2022-02-11 15:04 - 2022-02-11 15:04 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Comms
2022-02-11 14:52 - 2022-02-11 14:52 - 000003592 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-2226701930-1242553143-2355408699-500
2022-02-11 14:49 - 2022-02-11 15:07 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Publishers
2022-02-11 14:49 - 2022-02-11 14:49 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Teams
2022-02-11 14:49 - 2022-02-11 14:49 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\NesterSoft
2022-02-11 14:48 - 2022-02-11 15:58 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Google
2022-02-11 14:48 - 2022-02-11 15:24 - 000000000 ____D
C:\Users\Administrator\AppData\Local\D3DSCache
2022-02-11 14:48 - 2022-02-11 15:07 - 000000000 ____D
C:\Users\Administrator\AppData\Local\Packages
2022-02-11 14:48 - 2022-02-11 14:48 - 000000020 ___SH
C:\Users\Administrator\ntuser.ini
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 __SHD
C:\Users\Administrator\IntelGraphicsProfiles
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 ___RD C:\Users\Administrator\3D
Objects
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Adobe
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 ____D
C:\Users\Administrator\AppData\LocalLow\Intel
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 ____D
C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2022-02-11 14:48 - 2022-02-11 14:48 - 000000000 ____D C:\Users\Administrator
2022-02-11 14:48 - 2022-01-04 08:37 - 000000000 ___RD
C:\Users\Administrator\OneDrive
2022-02-11 14:48 - 2021-12-28 12:09 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Zoom
2022-02-11 14:48 - 2021-12-28 12:08 - 000000000 ____D
C:\Users\Administrator\AppData\Local\SquirrelTemp
2022-02-11 14:48 - 2021-12-28 12:02 - 000000000 ____D
C:\Users\Administrator\AppData\Roaming\Sun
2022-02-11 10:39 - 2022-02-11 10:39 - 000000000 ___HD C:\$WinREAgent
2022-02-08 17:20 - 2022-02-11 15:07 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Roaming\commpeak-softphone
2022-02-08 17:20 - 2022-02-08 17:20 - 000002163 _____
C:\Users\Public\Desktop\CommPeak Softphone.lnk
2022-02-08 17:20 - 2022-02-08 17:20 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\commpeak-softphone-updater
2022-02-08 17:20 - 2022-02-08 17:20 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommPeak
2022-02-08 17:20 - 2022-02-08 17:20 - 000000000 ____D C:\Program Files\CommPeak
2022-02-08 17:18 - 2022-02-08 17:19 - 074030064 _____ (CommPeak)
C:\Users\user_obfuscated\Downloads\CommPeak Softphone Setup 5.0.0.exe
2022-02-01 08:25 - 2022-02-01 08:25 - 000003742 _____
C:\WINDOWS\system32\Tasks\PulsewayServiceCheck
2022-01-28 17:11 - 2022-01-28 17:11 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\Bitdefender
2022-01-28 17:11 - 2022-01-28 17:11 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\Bdch
2022-01-26 09:20 - 2022-01-26 09:20 - 000003929 _____
C:\Users\user_obfuscated\Downloads\Summary of Sales Statistics.xlsx
2022-01-20 08:03 - 2022-01-20 08:03 - 000022163 _____
C:\Users\user_obfuscated\Downloads\Notification.pdf
2022-01-14 13:37 - 2022-01-14 13:37 - 000016721 _____
C:\Users\user_obfuscated\Downloads\Rules for December .xlsx
2022-01-14 11:23 - 2022-01-14 11:23 - 000000318 _____
C:\WINDOWS\system32\httpproxy.json
2022-01-13 18:18 - 2022-01-13 18:18 - 000979758 _____
C:\Users\user_obfuscated\Downloads\896bf664ccc377bd1a0e19c7cef79d4a.pdf
2022-01-12 09:48 - 2022-01-12 09:48 - 000523776 _____ (curl, hxxps://curl.se/)
C:\WINDOWS\system32\curl.exe
2022-01-12 09:48 - 2022-01-12 09:48 - 000464384 _____ (curl, hxxps://curl.se/)
C:\WINDOWS\SysWOW64\curl.exe
2022-01-12 09:48 - 2022-01-12 09:48 - 000011797 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-11 16:07 - 2021-09-26 02:29 - 000000000 ____D C:\WINDOWS\INF
2022-02-11 15:56 - 2021-09-26 01:35 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-02-11 15:27 - 2021-12-28 12:01 - 000000000 ____D C:\Program Files
(x86)\Google
2022-02-11 15:24 - 2021-09-26 02:30 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-11 15:07 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-11 15:05 - 2021-09-26 02:30 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-02-11 15:05 - 2021-09-26 02:30 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-02-11 14:48 - 2022-01-07 17:37 - 000000000 ____D
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}
2022-02-11 14:48 - 2021-12-03 04:18 - 000000000 __RHD
C:\Users\Public\AccountPictures
2022-02-11 14:48 - 2021-09-26 02:30 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2022-02-11 12:37 - 2021-12-28 11:45 - 000000160 _____
C:\WINDOWS\system32\config\netlogon.ftl
2022-02-11 11:19 - 2022-01-03 16:36 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\Packages
2022-02-11 11:10 - 2021-12-28 14:12 - 000000218 _____
C:\WINDOWS\system32\ricdb.ini
2022-02-11 10:45 - 2021-12-28 11:42 - 000000000 ____D C:\Program Files\Pulseway
2022-02-11 10:45 - 2021-09-26 02:28 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-11 02:28 - 2021-12-28 11:46 - 000159834 __RSH C:\ProgramData\ntuser.pol
2022-02-11 02:27 - 2021-12-28 11:11 - 000004782 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-02-11 02:27 - 2021-09-26 02:30 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-02-11 02:27 - 2021-09-26 01:35 - 000002438 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-10 02:06 - 2021-12-28 12:01 - 000002247 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-10 02:06 - 2021-12-28 12:01 - 000002206 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-09 10:18 - 2021-12-28 11:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-09 10:15 - 2021-12-28 11:11 - 149611728 ____C (Microsoft Corporation)
C:\WINDOWS\system32\MRT.exe
2022-02-09 08:09 - 2022-01-03 16:43 - 000000000 ___RD
C:\Users\user_obfuscated\OneDrive - Company_X (CY) Limited
2022-02-08 17:22 - 2022-01-03 16:36 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\D3DSCache
2022-02-01 20:51 - 2021-12-28 12:09 - 000000000 ____D C:\Program Files
(x86)\TeamViewer
2022-02-01 09:15 - 2021-09-26 02:31 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-01-28 17:11 - 2021-12-28 11:52 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Endpoint
Security Tools
2022-01-28 17:00 - 2021-12-28 11:52 - 003947928 _____ (Bitdefender S.R.L.
Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2022-01-28 17:00 - 2021-12-28 11:52 - 001190288 _____ (BitDefender S.R.L.
Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2022-01-28 17:00 - 2021-12-28 11:52 - 000009975 _____
C:\WINDOWS\system32\Drivers\gemma.cat
2022-01-28 17:00 - 2021-12-28 11:52 - 000009967 _____
C:\WINDOWS\system32\Drivers\atc.cat
2022-01-28 15:50 - 2022-01-03 16:45 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Roaming\WhatsApp
2022-01-27 22:09 - 2022-01-07 23:10 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\CrashDumps
2022-01-27 11:09 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-27 08:44 - 2021-12-28 11:05 - 000795738 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-27 08:43 - 2021-09-26 02:30 - 000000000 ____D
C:\WINDOWS\LiveKernelReports
2022-01-27 08:40 - 2022-01-03 16:39 - 000000000 ____D
C:\Users\user_obfuscated\AppData\Local\PlaceholderTileLogoFolder
2022-01-27 08:40 - 2022-01-03 16:36 - 000000000 __SHD
C:\Users\user_obfuscated\IntelGraphicsProfiles
2022-01-27 08:39 - 2022-01-07 15:55 - 000000000 ____D C:\WINDOWS\Action1
2022-01-27 08:39 - 2022-01-05 08:37 - 000000000 ____D C:\Program Files\Microsoft
OneDrive
2022-01-27 08:39 - 2021-09-26 02:27 - 001310720 _____
C:\WINDOWS\system32\config\BBI
2022-01-27 08:39 - 2021-09-26 01:35 - 000440864 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-27 08:39 - 2021-09-26 01:35 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-27 08:39 - 2021-09-26 01:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-27 08:39 - 2021-09-26 01:35 - 000000000 ____D C:\Intel
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ___SD
C:\WINDOWS\system32\DiagSvcs
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-27 08:38 - 2021-09-26 02:30 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2022-01-25 08:42 - 2022-01-04 08:37 - 000003194 _____
C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-25 08:42 - 2022-01-04 08:37 - 000002132 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-25 08:42 - 2022-01-03 16:40 - 000003596 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-3055808520-1387724865-3386475538-7864
2022-01-25 08:42 - 2022-01-03 16:37 - 000003596 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-3055808520-1387724865-3386475538-8729
2022-01-25 08:42 - 2021-12-28 11:04 - 000003596 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-2226701930-1242553143-2355408699-1002
2022-01-24 08:42 - 2021-09-26 01:35 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-24 08:42 - 2021-09-26 01:35 - 000003356 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-21 01:32 - 2021-12-28 12:01 - 000003420 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-21 01:32 - 2021-12-28 12:01 - 000003296 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Edited by cpiro, 11 February 2022 - 09:41 AM.
* Back to top
--------------------------------------------------------------------------------
#4 CPIRO
cpiro
* Topic Starter
*
* Members
* 12 posts
* OFFLINE
* Local time:11:09 PM
Posted 11 February 2022 - 09:43 AM
Adiition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Administrator (11-02-2022 16:10:01)
Running from C:\Users\Administrator\Downloads
Microsoft Windows 10 Enterprise Version 21H1 19043.1466 (X64) (2021-12-03
02:18:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
135 (S-1-5-21-2226701930-1242553143-2355408699-1002 - Administrator - Enabled)
=> C:\Users\135
Administrator (S-1-5-21-2226701930-1242553143-2355408699-500 - Administrator -
Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2226701930-1242553143-2355408699-503 - Limited -
Disabled)
Guest (S-1-5-21-2226701930-1242553143-2355408699-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2226701930-1242553143-2355408699-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Endpoint Security Tools Antimalware (Enabled - Up to date)
{BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Bitdefender Endpoint Security Tools Firewall (Enabled)
{82E9F5D1-B06F-8438-3781-C5B6FA91F981}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
{4CEC2908-5CE4-48F0-A717-8FC833D8017A}
(HKLM\...\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}) (Version: 0.1.260 -
{4CEC2908-5CE4-48F0-A717-8FC833D8017A}) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Action1 Agent (HKLM-x32\...\{9A741C40-5689-4673-A611-B219BA066235}) (Version:
5.10.400.1 - Action1 Corporation)
Adobe Acrobat Reader DC MUI
(HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 21.007.20099 -
Adobe Systems Incorporated)
Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version:
7.4.3.146 - Bitdefender)
CommPeak Softphone 5.0.0 (HKLM\...\807d6e6b-bfca-51b4-a3b3-e33b5ac88e2f)
(Version: 5.0.0 - CommPeak)
DefaultPackMSI (HKLM-x32\...\{D066B018-448B-40C5-9034-259BBCC49351}) (Version:
4.6.2.0 - Microsoft) Hidden
Google Chrome (HKLM\...\{177B605A-B1E1-3197-B5D4-05F00C0174D1}) (Version:
98.0.4758.82 - Google LLC)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0})
(Version: 8.0.3110.11 - Oracle Corporation)
KeePass Password Safe 2.47 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:
2.47 - Dominik Reichl)
Malwarebytes version 4.5.2.157
(HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 -
Malwarebytes)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us)
(Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us)
(Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.50 - Microsoft
Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
98.0.1108.43 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 -
Microsoft Corporation)
Microsoft Search in Bing (HKLM-x32\...\{C17F6DEF-D34C-4B75-97E1-D81062408B4A})
(Version: 2.0.2 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76})
(Version: 2.84.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 95.0.2 (x64 en-US))
(Version: 95.0.2 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.9.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component
(HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 -
Microsoft Corporation) Hidden
Pulseway (HKLM\...\{FFDDE85C-B61B-43C1-973B-C37726F7D0AC}) (Version: 8.8.10 -
MMSOFT Design)
Pulseway Remote Control (HKLM-x32\...\{243F0BFC-9F8E-430A-B479-9242DFAFEEB9})
(Version: 8.8.9 - MMSOFT Design)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89})
(Version: 0.76.0.0 - Simon Tatham)
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies
S.A.)
Teams Machine-Wide Installer
(HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.32771 -
Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.25.8 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\...\WhatsApp)
(Version: 2.2147.16 - WhatsApp)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WorkTime Client (HKLM-x32\...\{B36AE061-76D4-4194-8F1C-DB269E295C11}) (Version:
7.0.0.0 - NesterSoft Inc.)
Zoom (HKLM-x32\...\{53759904-DABA-488A-9FC1-8B42D3D92F52}) (Version: 5.8.2058 -
Zoom)
Packages:
=========
Dolby Audio -> C:\Program
Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20900.902.0_x64__rz1tebttyb220
[2022-02-11] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program
Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt
[2022-02-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe
[2022-02-11] (Microsoft Studios) [MS Ad]
Thunderbolt™ Control Center -> C:\Program
Files\WindowsApps\appup.thunderboltcontrolcenter_1.0.34.0_x64__8j3eq9eme6ctt
[2022-02-11] (INTEL CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729_Classes\CLSID\{04271989-C4D2-D636-6D83-98F8181192FB}
-> [OneDrive - Company_X] => C:\Users\user_obfuscated\OneDrive - Company_X
[2022-01-03 16:43]
ShellIconOverlayIdentifiers: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] ->
{BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] ->
{5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] ->
{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] ->
{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] ->
{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] ->
{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] ->
{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft
OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-25] (Microsoft
Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll
[2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
=> C:\Program Files\Notepad++\NppShell_06.dll [2021-12-08] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-11]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll
[2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll
[2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-11]
(Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander
Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-02-08 17:20 - 2022-01-25 15:27 - 002690560 _____ () [File not signed]
C:\Program Files\CommPeak\CommPeak Softphone\ffmpeg.dll
2022-02-08 17:20 - 2022-01-25 15:27 - 000441344 _____ () [File not signed]
C:\Program Files\CommPeak\CommPeak Softphone\libegl.dll
2022-02-08 17:20 - 2022-01-25 15:27 - 008017408 _____ () [File not signed]
C:\Program Files\CommPeak\CommPeak Softphone\libglesv2.dll
2021-12-28 11:55 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not
signed] C:\Program Files\7-Zip\7-zip.dll
2021-12-28 12:06 - 2021-12-28 12:06 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft
Office\root\Client\AppVIsvSubsystems64.dll
2021-12-28 12:06 - 2021-12-28 12:06 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft
Office\root\Office16\AppVIsvSubsystems64.dll
2021-12-28 12:06 - 2021-12-28 12:06 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
C:\Program Files\Microsoft Office\root\Client\C2R64.dll
2021-12-28 12:06 - 2021-12-28 12:06 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService =>
""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService =>
""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-12-28]
(Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-12-28] (Oracle America,
Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft
Office\root\Office16\GROOVEEX.DLL [2022-01-03] (Microsoft Corporation ->
Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-12-28] (Oracle America,
Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
[2021-12-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
[2021-12-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-28]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2021-12-28] (Microsoft Corporation -> Microsoft
Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-28] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2021-12-28] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-28] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2021-12-28] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-28] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2021-12-28] (Microsoft Corporation -> Microsoft
Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-09-26 02:30 - 2022-01-07 17:37 - 000000847 _____
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 tm.filter
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files (x86)\Common
Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program
Files\PuTTY\
HKU\S-1-5-21-2226701930-1242553143-2355408699-1002\Control
Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2226701930-1242553143-2355408699-500\Control
Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3055808520-1387724865-3386475538-7864\Control
Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\wallpaper001.jpg
HKU\S-1-5-21-3055808520-1387724865-3386475538-8729\Control
Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\wallpaper001.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{45AFEF2C-71BA-4563-9EA5-9B942E36E774}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{0D8919E0-829A-455F-8148-98E2227B2070}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{5335F2D7-804F-404E-A651-2E931CBB0915}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{1111E90F-0952-46DE-8782-85661912A321}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{98EB7A92-80A7-4CFD-80D2-609C7025BCE1}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{EC1E6F57-8739-4D0D-ABB4-6A47FD18FC93}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{F0122058-54A2-4733-BA0B-641821B27C8A}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{9B84CDB4-66BC-474B-B5E5-EED76DFD4F96}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{78451D16-A264-4938-B00C-ABAF2E424FA5}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F0283E9C-9069-4CD0-B49E-EBBFD60B18AC}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1F4812D0-4957-4B57-A20D-EC65A32E1084}] => (Allow) C:\Program
Files (x86)\WTC\WTC.exe (NesterSoft Inc. -> NesterSoft Inc.)
FirewallRules: [{C8A4A6CB-A5B7-457D-BF2F-254B0F62A792}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{2BE9B009-FD97-47B8-847B-A5DBF7DC046D}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{88C1AB8E-3852-4549-B9F5-E1092D3880F4}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{E62CF1FA-36DF-45B7-A7A7-55ABC4641F81}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{71D84A71-3B1F-4E14-A24E-38AF204DF94C}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{2B7D0CA9-75E3-42C2-8F57-67DCA5F0692B}] => (Allow) C:\Program
Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype
Technologies S.A.)
FirewallRules: [{F36F1FDA-4338-4C51-BFB1-A2A6EEA3D7E4}] => (Allow) C:\Program
Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype
Technologies S.A.)
FirewallRules: [{A39597FD-9F9E-430F-8D25-6ED54475453B}] => (Allow) C:\Program
Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [{2A8CEC1B-87D3-407A-83F8-1FA5C47D6CB0}] => (Allow) C:\Program
Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [{E1B8191B-6184-443A-9B28-15AF3C729CC5}] => (Allow) C:\Program
Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH ->
TeamViewer Germany GmbH)
FirewallRules: [{48DA0C6B-2033-40E6-8CE6-C67E5C1F1F8F}] => (Allow) C:\Program
Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH ->
TeamViewer Germany GmbH)
FirewallRules: [{BA7AC088-C3C8-4BEE-B3A2-D7CEBA322965}] => (Allow) C:\Program
Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video
Communications, Inc.)
FirewallRules: [{F07C5691-9E1F-4511-B876-9461693133B0}] => (Allow) C:\Program
Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video
Communications, Inc.)
FirewallRules: [{11C7EC47-E16D-4ACB-9228-4C6FC955D487}] => (Allow) C:\Program
Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video
Communications, Inc.)
FirewallRules: [{1B47540A-B834-40A5-AFAC-A1EEFEB77B82}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C834996-54AB-4985-9286-C623C349C67A}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12FB35E3-0851-49C2-BA8E-FE6F0DE38B33}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{774C5FCF-BFA9-4E2D-A7D3-FD13503F68FE}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CFD21749-B374-48C0-8384-0F1C68247189}] => (Allow)
C:\WINDOWS\Action1\action1_agent.exe (Action1 Corporation -> Action1
Corporation)
FirewallRules: [{66A68955-A903-4AAE-A888-E77EC6C9BCDA}] => (Allow)
C:\WINDOWS\Action1\action1_agent.exe (Action1 Corporation -> Action1
Corporation)
FirewallRules: [{3B7FCF31-3F61-47D7-80FC-72A22DAA3985}] => (Allow) C:\Program
Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\msedgewebview2.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8E7B478-5800-4D18-85CF-1F073F8C5774}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{9CE2A4D0-A616-49F9-9711-4D9EE4F41B26}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{D78F20DC-7E31-454E-A37C-EA5BA8D9DA8C}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{DC838A4D-28C9-430B-B073-E737E35E25FC}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{225417D7-BFAD-4FCF-8AE9-768B3A060930}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{650A598E-411E-40E2-B7E0-E31AFEF1B0F9}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{677A4B9F-0AFB-433A-8066-332F317BCB70}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{656A4D29-CCC7-4B34-ABEA-B4887311C52C}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{3696C1B0-9823-46BE-BECF-6FBC235A31CA}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:476.33 GB) (Free:375.81 GB) (79%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/11/2022 11:26:36 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for
user: user_obfuscated@outlook.com - error code 0x80040206.
Error: (02/11/2022 10:49:26 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svc.exe, version: 0.0.0.0, time stamp:
0x6140fac7
Faulting module name: libcurl.dll, version: 7.56.1.0, time stamp: 0x59edbdef
Exception code: 0xc0000005
Fault offset: 0x0000fce5
Faulting process id: 0x64d4
Faulting application start time: 0x01d81ebd0ba86148
Faulting application path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
Faulting module path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\libcurl.dll
Report Id: e75ba2cf-b5d9-44ef-b46e-fdaacb2379b8
Faulting package full name:
Faulting package-relative application ID:
Error: (02/11/2022 08:48:01 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for
user: user_obfuscated@outlook.com - error code 0x80040206.
Error: (02/11/2022 08:09:05 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for
user: user_obfuscated@outlook.com - error code 0x80040206.
Error: (02/10/2022 10:29:59 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svc.exe, version: 0.0.0.0, time stamp:
0x6140fac7
Faulting module name: libcurl.dll, version: 7.56.1.0, time stamp: 0x59edbdef
Exception code: 0xc0000005
Fault offset: 0x0000fce5
Faulting process id: 0xfe8
Faulting application start time: 0x01d81ebcef88135f
Faulting application path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
Faulting module path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\libcurl.dll
Report Id: 430d31d7-13f1-4648-8b92-f33b2f771b1c
Faulting package full name:
Faulting package-relative application ID:
Error: (02/10/2022 10:29:11 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svc.exe, version: 0.0.0.0, time stamp:
0x6140fac7
Faulting module name: libcurl.dll, version: 7.56.1.0, time stamp: 0x59edbdef
Exception code: 0xc0000005
Fault offset: 0x0000fce5
Faulting process id: 0x5634
Faulting application start time: 0x01d81e781676fa0e
Faulting application path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
Faulting module path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\libcurl.dll
Report Id: 3d0c273a-60fd-4d83-b521-5987602c91cd
Faulting package full name:
Faulting package-relative application ID:
Error: (02/10/2022 05:19:27 PM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for
user: user_obfuscated@outlook.com - error code 0x80040206.
Error: (02/10/2022 02:16:21 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: svc.exe, version: 0.0.0.0, time stamp:
0x6140fac7
Faulting module name: libcurl.dll, version: 7.56.1.0, time stamp: 0x59edbdef
Exception code: 0xc0000005
Fault offset: 0x0000fce5
Faulting process id: 0x6c4c
Faulting application start time: 0x01d81e78036274ca
Faulting application path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\svc.exe
Faulting module path:
C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\0.1.260\{B0B64EF4-51E1-48B1-9C3B-C4E8C80628AD}\libcurl.dll
Report Id: 93d62b9a-e649-4b3b-b21f-ccecaf2ca55b
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (02/11/2022 03:56:08 PM) (Source: Microsoft-Windows-GroupPolicy)
(EventID: 1129) (User: DOMAIN_X)
Description: The processing of Group Policy failed because of lack of network
connectivity to a domain controller. This may be a transient condition. A
success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a
success message for several hours, then contact your administrator.
Error: (02/11/2022 03:56:08 PM) (Source: Microsoft-Windows-GroupPolicy)
(EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network
connectivity to a domain controller. This may be a transient condition. A
success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a
success message for several hours, then contact your administrator.
Error: (02/11/2022 02:18:07 PM) (Source: Microsoft-Windows-GroupPolicy)
(EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network
connectivity to a domain controller. This may be a transient condition. A
success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a
success message for several hours, then contact your administrator.
Error: (02/11/2022 02:18:05 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 19 failed to bind to its
provider.
Error: (02/11/2022 02:18:05 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 19 failed to bind to its
provider.
Error: (02/11/2022 02:18:05 PM) (Source: Microsoft-Windows-NDIS) (EventID:
10317) (User: NT AUTHORITY)
Description: Miniport ThinkPad USB-C Dock Ethernet #2,
{b715ee9f-4754-4332-a4e4-44075143cb43}, had event 74
Error: (02/11/2022 02:07:49 PM) (Source: Microsoft-Windows-NDIS) (EventID:
10317) (User: NT AUTHORITY)
Description: Miniport ThinkPad USB-C Dock Ethernet #2,
{b715ee9f-4754-4332-a4e4-44075143cb43}, had event 74
Error: (02/11/2022 02:03:40 PM) (Source: Microsoft-Windows-GroupPolicy)
(EventID: 1129) (User: DOMAIN_X)
Description: The processing of Group Policy failed because of lack of network
connectivity to a domain controller. This may be a transient condition. A
success message would be generated once the machine gets connected to the domain
controller and Group Policy has successfully processed. If you do not see a
success message for several hours, then contact your administrator.
CodeIntegrity:
===============
Date: 2022-01-05 11:17:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bitdefender\Endpoint
Security\atcuf\dlls_265575225590319423\atcuf64.dll that did not meet the
Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO F8CN41WW(V2.04) 05/07/2021
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 40743.3 MB
Available physical RAM: 21439.19 MB
Total Virtual: 46631.3 MB
Available Virtual: 21649.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:476.33 GB) (Free:375.81 GB) NTFS
\\?\Volume{b62089a5-03fa-45b9-b90a-e683d7a714be}\ () (Fixed) (Total:0.5 GB)
(Free:0.08 GB) NTFS
\\?\Volume{eb653eba-8f4b-4f5a-9f7e-e5e291234e76}\ () (Fixed) (Total:0.09 GB)
(Free:0.05 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 41D77176)
Partition: GPT.
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
#5 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 11 February 2022 - 11:18 AM
This appears to be a company/restricted computer so our ability to address
things is limited.
Are you aware of Pulseway and Nestersoft Teamviewer and Teramind being installed
on the computer?
Can you tell me if the download.d0ef27.zip file is still in the Bitdefender
quarantine folder? If so could you upload it here.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#6 CPIRO
cpiro
* Topic Starter
*
* Members
* 12 posts
* OFFLINE
* Local time:11:09 PM
Posted 13 February 2022 - 12:41 PM
Oh My!, on 11 Feb 2022 - 4:18 PM, said:
> This appears to be a company/restricted computer so our ability to address
> things is limited.
>
> Are you aware of Pulseway and Nestersoft Teamviewer and Teramind being
> installed on the computer?
>
> Can you tell me if the download.d0ef27.zip file is still in the Bitdefender
> quarantine folder? If so could you upload it here.
Apologies for the late reply. I am aware yes. I am an administrator on the
machine. I will be uploading the file shortly. BitDefender seems to have
eliminated the file but i kept a copy since i am very curious.
Thank you.
Edit: uploaded zip file password is 12345
Edited by cpiro, 13 February 2022 - 12:44 PM.
* Back to top
--------------------------------------------------------------------------------
#7 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 13 February 2022 - 03:27 PM
Thank you for the file. It is all programming language so I am not sure what the
script was intended to do.
Everything else seems good.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#8 CPIRO
cpiro
* Topic Starter
*
* Members
* 12 posts
* OFFLINE
* Local time:11:09 PM
Posted 14 February 2022 - 09:12 AM
Oh My!, on 13 Feb 2022 - 8:27 PM, said:
> Thank you for the file. It is all programming language so I am not sure what
> the script was intended to do.
>
> Everything else seems good.
Much appreciated!
* Back to top
--------------------------------------------------------------------------------
#9 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 14 February 2022 - 10:55 AM
You are quite welcome.
Are there any remaining questions or concerns you might have before I post some
tool/log clean up instructions and other information for you to consider going
forward?
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#10 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 16 February 2022 - 10:26 AM
Since it appears we are all set.....
Here is our final step and some additional information to consider.
===================================================
KpRm by Kernel-panik
--------------
* Download KpRm and save it to your Desktop (see here if you must use Chrome)
* Note: If the file is detected as malware it is not and it is safe to
download. The detection is a false positive.
* Right click on the icon and select Run as administrator
* Click Yes on the Disclaimer
* Place a check mark in Delete Tools, Create Restore Point, and Delete in 7
days
* Click Run
* Click OK on All operations are completed
* KpRm will delete itself from you Desktop and you can either save or remove
the report that is generated
* You are free to remove any other tools/reports still remaining
===================================================
All Clean!
--------------
Your computer is now clean. Please consider this going forward.
===================================================
Please take the time to read below on how to secure the machine and take the
necessary steps to keep it clean.
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent
tutorial which will provide you with the information you need to know about how
to keep your computer secure and clean. Please take the time to read: Simple and
easy ways to keep your computer safe and secure on the Internet.
In addition, here are some more links you might find of interest:
* Have you Been Hacked? 10 Indicators That Say Yes
* So How did I get infected?
* Pirated Software is All Fun and Games Until Your Data is Stolen
* Do You Need Anti-Ransomware Software for Your PC?
* Why You Should Update All Your Software
* How Safe Are Password Managers?
* Whats the Best Way to Back Up My Computer?
Thank you for placing your trust in BleepingComputer. It was a pleasure serving
you.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#11 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 50,354 posts
* ONLINE
* Gender:Male
* Location:California
* Local time:02:09 PM
Posted 16 February 2022 - 09:54 PM
It appears that this issue is resolved, therefore I am closing the topic. If
that is not the case and you need or wish to continue with this topic, please
send me or any Moderator a Personal Message (PM) that you would like this topic
re-opened.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
0 members, 1 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy