Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Malware won't go away  (Read 92451 times)

0 Members and 1 Guest are viewing this topic.

Pacific64

    Topic Starter


    Greenhorn

    • Experience: Familiar
    • OS: Windows 10
    Malware won't go away
    « on: December 09, 2020, 06:40:18 AM »
    Every time I scan using using Malwarebytes it detects the exact same number of infections. If I delete them they come back. If I quarantine them and scan, more show. I tried resetting my pc in an effort to get rid of the infections, but they still remain. Not sure what to do. Below is the info that might help.

    Thx


    FRST LOG:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2020
    Ran by Bluem (administrator) on DESKTOP-GQ3KK01 (Dell Inc. OptiPlex 9020) (09-12-2020 09:29:05)
    Running from C:\Users\Bluem\Desktop
    Loaded Profiles: Bluem
    Platform: Windows 10 Pro Version 20H2 19042.662 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnapp.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnService.exe
    (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
    (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
    (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
    (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
    (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
    (Kaspersky Lab JSC -> Kaspersky Lab AO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\plugin-nm-server-v2.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Bluem\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsstore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [BdVpnApp] => C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe [224376 2020-11-21] (Bitdefender SRL -> Bitdefender)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-06-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [659976 2020-09-23] (Kaspersky Lab -> AO Kaspersky Lab)
    HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\WINDOWS\system32\hpinkstsD711LM.dll [393352 2017-03-26] (Hewlett Packard -> HP Inc.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {4AC3361F-AE35-44AD-8D9A-3FE877ED1211} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {620C4FAA-D1E7-4502-8250-BD9556D9F116} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
    Task: {6E03156F-6E0F-483D-B8D0-3FE8B9F46926} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {7DA8D026-EA99-4C74-81DD-BEE9CB09F69C} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305 A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [930872 2020-10-02] (Bitdefender SRL -> Bitdefender)
    Task: {8FE69185-BD3A-41B3-BE91-7ED607123B64} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2020-12-04] (Dell Inc -> Dell Inc.)
    Task: {966EC8F0-F489-4347-B251-BDDCA3887A37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
    Task: {EC5EBD62-3F6A-4DC0-AE95-DA6B710CC1D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-08] (Google LLC -> Google LLC)
    Task: {F7F0B392-2557-486B-B816-C7AD747651C4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD398 64 => C:\Program Files\Bitdefender Agent\WatchDog.exe [895080 2020-10-28] (Bitdefender SRL -> Bitdefender)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
    Tcpip\..\Interfaces\{fd8cd48b-4545-45ad-8544-4f49bf381f0c}: [DhcpNameServer] 64.71.255.204 64.71.255.198

    Edge:
    ======
    Edge Profile: C:\Users\Bluem\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-09]
    Edge Extension: (Kaspersky Password Manager) - C:\Users\Bluem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eolheccophlcbnkkbelcgminoojochgj [2020-12-08]

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-07-16] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-10-09] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
    FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-09] (Oracle America, Inc. -> Oracle Corporation)

    Chrome:
    =======
    CHR Profile: C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default [2020-12-09]
    CHR Extension: (Slides) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-08]
    CHR Extension: (Docs) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-08]
    CHR Extension: (Google Drive) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-08]
    CHR Extension: (YouTube) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-08]
    CHR Extension: (uBlock Origin) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-08]
    CHR Extension: (Kaspersky Password Manager) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnkblpjbkfklfloegejegedcafpliaa [2020-12-08]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2020-12-08]
    CHR Extension: (Sheets) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-08]
    CHR Extension: (Scroll To Top) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2020-12-08]
    CHR Extension: (Color Links) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiponeioelghhaljfflaaflpccedbdem [2020-12-08]
    CHR Extension: (Disable JavaScript) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdlihdedhlmhlbgooailmfhahieoem [2020-12-08]
    CHR Extension: (MeasureIt!) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\keoagpbljgpdoldcmfpgicnpijmfompi [2020-12-08]
    CHR Extension: (Video DownloadHelper) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-12-08]
    CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-12-08]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-08]
    CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2020-12-08]
    CHR Extension: (Gmail) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Bluem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
    CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AfVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe [197624 2020-11-02] (Pango Inc. -> AnchorFree Inc.)
    R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
    R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
    R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195344 2018-03-22] (Bitdefender SRL -> Bitdefender)
    R2 BdVpnService; C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe [249880 2020-11-21] (Bitdefender SRL -> Bitdefender)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2020-12-08] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
    R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
    R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2020-09-23] (Kaspersky Lab JSC -> AO Kaspersky Lab)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1355768 2020-10-28] (Bitdefender SRL -> Bitdefender)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2020-12-04] (Dell Inc -> Dell Inc.)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170840 2020-10-02] (Bitdefender SRL -> Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-10-02] (Bitdefender SRL -> Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2151624 2020-09-16] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
    R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [796200 2020-05-26] (Bitdefender SRL -> Bitdefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
    S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
    R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2020-12-09] (Dell Inc. -> )
    R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-08] (Malwarebytes Corporation -> Malwarebytes)
    R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [473608 2020-09-14] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195232 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
    S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-09-16] (Bitdefender SRL -> Bitdefender)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [138904 2020-12-08] (Malwarebytes Inc -> Malwarebytes)
    S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
    R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [47920 2020-02-20] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [640760 2020-06-09] (Bitdefender SRL -> Bitdefender)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-12-09 09:29 - 2020-12-09 09:29 - 000020383 _____ C:\Users\Bluem\Desktop\FRST.txt
    2020-12-09 09:28 - 2020-12-09 09:29 - 000000000 ____D C:\FRST
    2020-12-09 09:28 - 2020-12-09 09:28 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2020-12-09 09:28 - 2020-12-09 09:28 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
    2020-12-09 09:28 - 2020-12-09 09:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2020-12-09 09:28 - 2020-12-09 09:28 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
    2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\Users\Bluem\Desktop\FRST-OlderVersion
    2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2020-12-09 09:28 - 2020-12-09 09:28 - 000000000 ____D C:\Program Files\CCleaner
    2020-12-09 09:27 - 2020-12-09 09:27 - 030469496 _____ (Piriform Software Ltd) C:\Users\Bluem\Downloads\ccsetup574.exe
    2020-12-09 09:26 - 2020-12-09 09:26 - 000000000 ____D C:\Users\Bluem\Downloads\SCRAP
    2020-12-09 09:25 - 2020-12-09 09:25 - 000004665 _____ C:\Users\Bluem\Desktop\MBAMEXPORT.txt
    2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Sun
    2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\Users\Bluem\AppData\LocalLow\Sun
    2020-12-09 08:47 - 2020-12-09 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2020-12-09 08:47 - 2020-12-09 08:46 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2020-12-09 08:46 - 2020-12-09 08:46 - 000000000 ____D C:\ProgramData\Oracle
    2020-12-09 08:46 - 2020-12-09 08:46 - 000000000 ____D C:\Program Files\Java
    2020-12-09 06:02 - 2020-12-09 09:28 - 002288640 _____ (Farbar) C:\Users\Bluem\Desktop\FRST64.exe
    2020-12-08 14:32 - 2020-12-09 05:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2020-12-08 14:32 - 2020-12-09 05:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2020-12-08 14:32 - 2020-12-09 05:24 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Users\Default User
    2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Users\All Users
    2020-12-08 14:32 - 2020-12-08 14:32 - 000000000 _SHDL C:\Documents and Settings
    2020-12-08 14:32 - 2020-12-08 10:41 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2020-12-08 14:32 - 2020-12-08 10:41 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2020-12-08 14:27 - 2020-12-08 14:27 - 000561169 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
    2020-12-08 14:27 - 2020-12-08 14:27 - 000113697 _____ C:\WINDOWS\system32\Drivers\rtwavesvolpro.dat
    2020-12-08 14:27 - 2020-12-08 14:27 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
    2020-12-08 14:27 - 2020-12-08 14:27 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
    2020-12-08 14:26 - 2020-12-09 09:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-12-08 14:26 - 2020-12-08 14:27 - 000000000 ____D C:\ProgramData\HP
    2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 ____D C:\Program Files\Realtek
    2020-12-08 14:26 - 2020-12-08 14:26 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2020-12-08 14:26 - 2020-12-08 11:09 - 000008192 ___SH C:\DumpStack.log.tmp
    2020-12-08 14:26 - 2020-12-08 11:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2020-12-08 14:26 - 2020-12-08 11:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-12-08 14:26 - 2020-12-08 10:55 - 000000000 ____D C:\Program Files\Intel
    2020-12-08 14:26 - 2020-12-08 10:54 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
    2020-12-08 14:26 - 2020-12-08 10:54 - 000000000 ____D C:\Intel
    2020-12-08 14:26 - 2018-12-19 02:27 - 000099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2020-12-08 14:24 - 2020-12-08 10:51 - 000000000 ____D C:\WINDOWS\Panther
    2020-12-08 14:24 - 2020-12-08 10:32 - 000000000 ____D C:\Windows.old
    2020-12-08 14:23 - 2020-12-08 14:23 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\winrm
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\WCN
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\slmgr
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\0409
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\Setup
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\OCR
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\DigitalLocker
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\addins
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Reference Assemblies
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\MSBuild
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2020-12-08 14:23 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2020-12-08 14:23 - 2020-12-08 10:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2020-12-08 14:22 - 2020-10-02 20:33 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2020-12-08 14:22 - 2020-10-02 20:33 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2020-12-08 14:21 - 2020-12-09 09:25 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-12-08 14:21 - 2020-12-09 08:07 - 000000000 ____D C:\WINDOWS\appcompat
    2020-12-08 14:21 - 2020-12-09 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-12-08 14:21 - 2020-12-09 05:24 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-12-08 14:21 - 2020-12-08 14:32 - 000000000 ____D C:\WINDOWS\CSC
    2020-12-08 14:21 - 2020-12-08 14:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2020-12-08 14:21 - 2020-12-08 14:24 - 000000000 ____D C:\WINDOWS\Containers
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\F12
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\dsc
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\SystemResources
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\setup
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\oobe
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\MUI
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Dism
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\system32\Com
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\IME
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\WINDOWS\Help
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows NT
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Windows Defender
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Common Files\System
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows NT
    2020-12-08 14:21 - 2020-12-08 14:23 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\Program Files\Windows Sidebar
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __RSD C:\WINDOWS\Media
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 __RHD C:\Users\Public\Libraries
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\Configuration
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\system32\AppV
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Web
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\WaaS
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Vss
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\tracing
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\TAPI
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SystemApps
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\winevt
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ti-et
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ta-lk
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ta-in
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\si-lk
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Sgrm
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ras
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\PointOfService
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\NDF
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\my-mm
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Keywords
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Ipmi
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\IME
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ias
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\DriverState
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\TxR
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\config\Journal
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\AppLocker
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\am-et
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\System
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SKB
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ShellComponents
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\security
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\schemas
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\SchCache
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Resources
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\rescache
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\RemotePackages
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Registration
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Provisioning
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\PLA
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Performance
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\ModemLogs
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\L2Schemas
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\InputMethod
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\IdentityCRL
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Globalization
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\DiagTrack
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Cursors
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\Branding
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\bcastdvr
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\ProgramData\USOShared
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Security
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files\Common Files\Services
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2020-12-08 14:21 - 2020-12-08 14:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2020-12-08 14:21 - 2020-12-08 14:20 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2020-12-08 14:21 - 2020-12-08 14:20 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
    2020-12-08 14:21 - 2020-12-08 14:20 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2020-12-08 14:21 - 2020-12-08 14:20 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
    2020-12-08 14:21 - 2020-12-08 14:20 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2020-12-08 14:21 - 2020-12-08 14:20 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
    2020-12-08 14:21 - 2020-12-08 14:20 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
    2020-12-08 14:21 - 2020-12-08 14:20 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000219 _____ C:\WINDOWS\system.ini
    2020-12-08 14:21 - 2020-12-08 14:20 - 000000092 _____ C:\WINDOWS\win.ini
    2020-12-08 14:21 - 2020-12-08 11:49 - 000000000 ___RD C:\Program Files (x86)
    2020-12-08 14:21 - 2020-12-08 11:39 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2020-12-08 14:21 - 2020-12-08 10:53 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2020-12-08 14:21 - 2020-12-08 10:53 - 000000000 ____D C:\WINDOWS\ServiceState
    2020-12-08 14:21 - 2020-12-08 10:37 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2020-12-08 14:21 - 2020-12-08 10:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2020-12-08 14:21 - 2020-12-08 10:33 - 000000000 ____D C:\WINDOWS\system32\spool
    2020-12-08 14:21 - 2020-12-08 10:33 - 000000000 ____D C:\ProgramData\USOPrivate
    2020-12-08 14:21 - 2018-12-19 02:27 - 000103944 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
    2020-12-08 14:20 - 2020-12-09 09:28 - 000000000 ____D C:\WINDOWS\INF
    2020-12-08 14:17 - 2020-12-09 08:23 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2020-12-08 14:17 - 2020-12-08 14:21 - 000000000 ____D C:\WINDOWS\system32\SMI
    2020-12-08 14:17 - 2020-12-08 11:09 - 072876032 _____ C:\WINDOWS\system32\config\SOFTWARE
    2020-12-08 14:17 - 2020-12-08 11:09 - 013631488 _____ C:\WINDOWS\system32\config\SYSTEM
    2020-12-08 14:17 - 2020-12-08 11:09 - 002097152 _____ C:\WINDOWS\system32\config\DEFAULT
    2020-12-08 14:17 - 2020-12-08 11:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2020-12-08 14:17 - 2020-12-08 11:09 - 000131072 _____ C:\WINDOWS\system32\config\SAM
    2020-12-08 14:17 - 2020-12-08 11:09 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
    2020-12-08 14:17 - 2020-12-08 10:52 - 000000000 ____D C:\WINDOWS\servicing
    2020-12-08 14:17 - 2020-12-08 10:52 - 000000000 ____D C:\WINDOWS\CbsTemp
    2020-12-08 12:59 - 2020-12-08 12:59 - 000000050 _____ C:\Users\Bluem\Documents\GOD OF WAR NOTES.txt
    2020-12-08 11:49 - 2020-12-08 11:49 - 000001303 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
    2020-12-08 11:49 - 2020-12-08 11:49 - 000001303 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
    2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\Users\Bluem\AppData\Local\Kaspersky Lab
    2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
    2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2020-12-08 11:49 - 2020-12-08 11:49 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
    2020-12-08 11:41 - 2020-12-08 11:41 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2020-12-08 11:41 - 2020-12-08 11:41 - 000138904 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2020-12-08 11:41 - 2020-12-08 11:41 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2020-12-08 11:40 - 2020-12-08 11:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2020-12-08 11:40 - 2020-12-08 11:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2020-12-08 11:40 - 2020-12-08 11:40 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
    2020-12-08 11:40 - 2020-12-08 11:40 - 000000000 ____D C:\Users\Bluem\AppData\Local\mbam
    2020-12-08 11:39 - 2020-12-08 11:39 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2020-12-08 11:39 - 2020-12-08 11:39 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2020-12-08 11:39 - 2020-12-08 11:39 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2020-12-08 11:39 - 2020-12-08 11:39 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2020-12-08 11:39 - 2020-12-08 11:39 - 000000000 ____D C:\ProgramData\Malwarebytes
    2020-12-08 11:39 - 2020-12-08 11:39 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-12-08 11:37 - 2020-12-08 11:43 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-12-08 11:37 - 2020-12-08 11:43 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-12-08 11:37 - 2020-12-08 11:43 - 000000000 ____D C:\Users\Bluem\AppData\Local\Google
    2020-12-08 11:37 - 2020-12-08 11:37 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-12-08 11:37 - 2020-12-08 11:37 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-12-08 11:37 - 2020-12-08 11:37 - 000002282 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-12-08 11:37 - 2020-12-08 11:37 - 000000000 ____D C:\Program Files\Google
    2020-12-08 11:37 - 2020-12-08 11:37 - 000000000 ____D C:\Program Files (x86)\Google
    2020-12-08 11:32 - 2020-12-08 11:32 - 000196756 _____ C:\ProgramData\vpn.1607441536.bdinstall.v2.bin
    2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender VPN
    2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\Bitdefender VPN
    2020-12-08 11:32 - 2020-12-08 11:32 - 000000000 ____D C:\ProgramData\AnchorFree_Inc
    2020-12-08 11:15 - 2020-12-08 11:15 - 000768664 _____ C:\ProgramData\cl.1607440354.bdinstall.v2.bin
    2020-12-08 11:15 - 2020-12-08 11:15 - 000101428 _____ C:\ProgramData\cl.kit.1607440353.bdinstall.v2.bin
    2020-12-08 11:15 - 2020-12-08 11:15 - 000003420 _____ C:\WINDOWS\system32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305 A3C
    2020-12-08 11:15 - 2020-12-08 11:15 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
    2020-12-08 11:14 - 2020-12-08 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
    2020-12-08 11:14 - 2020-12-08 11:32 - 000002195 _____ C:\Users\Public\Desktop\Bitdefender VPN.lnk
    2020-12-08 11:14 - 2020-12-08 11:32 - 000002195 _____ C:\ProgramData\Desktop\Bitdefender VPN.lnk
    2020-12-08 11:14 - 2020-12-08 11:14 - 000002342 _____ C:\Users\Public\Desktop\Bitdefender.lnk
    2020-12-08 11:14 - 2020-12-08 11:14 - 000002342 _____ C:\ProgramData\Desktop\Bitdefender.lnk
    2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\WINDOWS\system32\elambkup
    2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\Gemma
    2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\BDLogging
    2020-12-08 11:14 - 2020-12-08 11:14 - 000000000 ____D C:\ProgramData\Atc
    2020-12-08 11:14 - 2019-03-20 23:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2020-12-08 11:13 - 2020-12-08 11:32 - 000000000 ____D C:\Program Files\Bitdefender
    2020-12-08 11:13 - 2020-12-08 11:29 - 000000000 ____D C:\ProgramData\Bitdefender
    2020-12-08 11:13 - 2020-12-08 11:13 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD398 64
    2020-12-08 11:13 - 2020-12-08 11:13 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Bitdefender
    2020-12-08 11:13 - 2020-09-16 12:26 - 002151624 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
    2020-12-08 11:13 - 2020-09-16 08:50 - 000185312 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2020-12-08 11:13 - 2020-09-14 13:26 - 000473608 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
    2020-12-08 11:13 - 2020-09-03 04:20 - 000195232 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2020-12-08 11:13 - 2020-06-09 16:13 - 000640760 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
    2020-12-08 11:13 - 2020-05-26 12:23 - 000796200 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
    2020-12-08 11:13 - 2020-01-17 02:03 - 000046056 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
    2020-12-08 11:12 - 2020-12-08 11:13 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
    2020-12-08 11:11 - 2020-12-08 11:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
    2020-12-08 11:11 - 2020-12-08 11:11 - 000117484 _____ C:\ProgramData\agent.1607440293.bdinstall.v2.bin
    2020-12-08 11:11 - 2020-12-08 11:11 - 000000000 ____D C:\ProgramData\Bitdefender Agent
    2020-12-08 11:10 - 2020-12-08 11:10 - 000020604 _____ C:\WINDOWS\system32\results.xml
    2020-12-08 11:10 - 2020-12-08 11:10 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2020-12-08 11:10 - 2020-12-08 11:10 - 000000000 _____ C:\WINDOWS\SysWOW64\wsmand.log.lock
    2020-12-08 11:09 - 2020-12-08 11:09 - 000258688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-12-08 10:55 - 2020-12-08 10:55 - 000000000 ____D C:\ProgramData\Package Cache
    2020-12-08 10:55 - 2019-05-17 05:17 - 000002291 ____N C:\WINDOWS\system32\SetupBD.din
    2020-12-08 10:54 - 2020-12-08 10:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
    2020-12-08 10:54 - 2020-12-08 10:54 - 000000000 ____D C:\Users\Bluem\AppData\Local\Comms
    2020-12-08 10:53 - 2020-12-08 10:54 - 000000000 ____D C:\Program Files (x86)\Intel
    2020-12-08 10:53 - 2020-12-08 10:53 - 000003738 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
    2020-12-08 10:53 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2020-12-08 10:53 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Intel
    2020-12-08 10:46 - 2020-12-08 10:46 - 000000000 ____D C:\Dell
    2020-12-08 10:46 - 2020-12-08 10:46 - 000000000 _____ C:\WINDOWS\invcol.tmp
    2020-12-08 10:44 - 2020-12-08 11:12 - 000000000 ____D C:\ProgramData\PCDr
    2020-12-08 10:44 - 2020-12-08 10:53 - 000000000 ____D C:\ProgramData\Dell
    2020-12-08 10:44 - 2020-12-08 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2020-12-08 10:44 - 2020-12-08 10:44 - 000003912 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
    2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\ProgramData\SupportAssist
    2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\ProgramData\Dell Inc
    2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\Program Files\Dell
    2020-12-08 10:44 - 2020-12-08 10:44 - 000000000 ____D C:\Program Files (x86)\Dell
    2020-12-08 10:39 - 2020-12-08 10:55 - 000000000 ____D C:\Users\Bluem\AppData\Local\PlaceholderTileLogoFolder
    2020-12-08 10:39 - 2020-12-08 10:40 - 000000000 ____D C:\WINDOWS\system32\MRT
    2020-12-08 10:39 - 2020-12-08 10:39 - 000000000 ___HD C:\OneDriveTemp
    2020-12-08 10:39 - 2020-12-08 10:39 - 000000000 ___HD C:\$WinREAgent
    2020-12-08 10:38 - 2020-12-08 11:10 - 000000000 ___RD C:\Users\Bluem\OneDrive
    2020-12-08 10:38 - 2020-12-08 10:39 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3098683771-1714621788-1964174946-1001
    2020-12-08 10:38 - 2020-12-08 10:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2020-12-08 10:37 - 2020-12-08 11:15 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-12-08 10:37 - 2020-12-08 11:10 - 000000000 __SHD C:\Users\Bluem\IntelGraphicsProfiles
    2020-12-08 10:37 - 2020-12-08 11:09 - 000000000 ____D C:\Users\Bluem\AppData\Local\ConnectedDevicesPlatform
    2020-12-08 10:37 - 2020-12-08 10:55 - 000000000 ____D C:\Users\Bluem\AppData\Local\Packages
    2020-12-08 10:37 - 2020-12-08 10:55 - 000000000 ____D C:\ProgramData\Packages
    2020-12-08 10:37 - 2020-12-08 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
    2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ___RD C:\Users\Bluem\3D Objects
    2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Roaming\Adobe
    2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Local\VirtualStore
    2020-12-08 10:37 - 2020-12-08 10:37 - 000000000 ____D C:\Users\Bluem\AppData\Local\Publishers
    2020-12-08 10:35 - 2020-12-08 10:39 - 000002367 _____ C:\Users\Bluem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-12-08 10:35 - 2020-12-08 10:38 - 000000000 ____D C:\Users\Bluem
    2020-12-08 10:35 - 2020-12-08 10:35 - 000000020 ___SH C:\Users\Bluem\ntuser.ini
    2020-12-08 10:14 - 2020-12-08 14:24 - 000000000 ___HD C:\$SysReset
    2020-12-02 16:04 - 2020-02-20 13:02 - 000047920 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
    2020-12-02 14:15 - 2020-12-02 14:15 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2020-12-02 14:15 - 2020-12-02 14:15 - 002755584 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2020-12-02 14:15 - 2020-12-02 14:15 - 002260480 ____N C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 001822272 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2020-12-02 14:15 - 2020-12-02 14:15 - 001393496 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2020-12-02 14:15 - 2020-12-02 14:15 - 001333248 ____N C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000363520 ____N C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000287232 ____N C:\WINDOWS\system32\CoreMas.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000266240 ____N C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000240640 ____N C:\WINDOWS\SysWOW64\CoreMas.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000165376 ____N C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2020-12-02 14:15 - 2020-12-02 14:15 - 000089088 ____N C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000073216 ____N C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000060928 ____N C:\WINDOWS\system32\runexehelper.exe
    2020-12-02 14:15 - 2020-12-02 14:15 - 000048640 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000039936 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2020-12-02 14:15 - 2020-12-02 14:15 - 000013312 ____N C:\WINDOWS\system32\agentactivationruntimestarter.exe
    2020-12-02 14:15 - 2020-12-02 14:15 - 000010890 ____N C:\WINDOWS\system32\DrtmAuthTxt.wim
    2020-12-02 14:15 - 2020-12-02 14:15 - 000010752 ____N C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
    2020-12-02 14:15 - 2020-12-02 14:15 - 000001370 ____N C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)


    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================




    ADDITION LOG:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020
    Ran by Bluem (09-12-2020 09:30:24)
    Running from C:\Users\Bluem\Desktop
    Windows 10 Pro Version 20H2 19042.662 (X64) (2020-12-08 14:32:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3098683771-1714621788-1964174946-500 - Administrator - Disabled)
    Bluem (S-1-5-21-3098683771-1714621788-1964174946-1001 - Administrator - Enabled) => C:\Users\Bluem
    DefaultAccount (S-1-5-21-3098683771-1714621788-1964174946-503 - Limited - Disabled)
    Guest (S-1-5-21-3098683771-1714621788-1964174946-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3098683771-1714621788-1964174946-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
    Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 25.0.7.34 - Bitdefender)
    Bitdefender VPN (HKLM\...\Bitdefender VPN) (Version: 25.0.1.24 - Bitdefender)
    CCleaner (HKLM\...\CCleaner) (Version: 5.74 - Piriform)
    Dell SupportAssist (HKLM\...\{684820E8-F6AA-4162-A547-317DA6BED1FB}) (Version: 3.8.0.108 - Dell Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
    Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
    Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
    Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.57 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
    Microsoft OneDrive (HKU\S-1-5-21-3098683771-1714621788-1964174946-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)

    Packages:
    =========
    Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.8.0_x64__htrsf667h5kn2 [2020-12-08] (Dell Inc)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-08] (Microsoft Studios) [MS Ad]
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.147.684.0_x86__zpdnekdrzrea0 [2020-12-08] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-08] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-08] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2020-12-01 04:14 - 2020-12-01 04:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-10-02] (Bitdefender SRL -> Bitdefender)
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-10-02] (Bitdefender SRL ->
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Malware won't go away
    « Reply #1 on: December 09, 2020, 03:30:42 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download AdwareCleaner onto your Desktop. AdwCleaner

    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.



    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.



    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    Download and install: Please download Malwarebytes' scanner to your desktop.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Download Security Check by screen317 from the following link and save it to your desktop.

    Security Check

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Pacific64

      Topic Starter


      Greenhorn

      • Experience: Familiar
      • OS: Windows 10
      Re: Malware won't go away
      « Reply #2 on: December 09, 2020, 04:50:22 PM »
      Hello Dave

      Please accept my apologies. I thought I ran the proper scans when I started thread today. I'm not used to this stuff. Below are the logs you requested. The ADWcleaner interface doesn't seem to match the one you've provided. It offered me none of those options. I have MABAM Premium already installed. The first MBAM log was from earlier today. I thought I posted it. I must have made a mistake. The log shows the infections. I ran it again as per your request and it came up clean. I'm afraid to delete the quarantined items as they will most likely return. They may even return tomorrow.
      « Last Edit: December 11, 2020, 04:15:58 PM by SuperDave »
      Logged

      Pacific64

        Topic Starter


        Greenhorn

        • Experience: Familiar
        • OS: Windows 10
        Re: Malware won't go away
        « Reply #3 on: December 09, 2020, 04:54:51 PM »
        It wouldn't let me paste the MBAM logs so I'll attach them. The one from earlier today is first. The one I just scanned is second.





        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Malware won't go away
        « Reply #4 on: December 10, 2020, 03:56:33 PM »
        Please run the AdwCleaner and post the log.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        Pacific64

          Topic Starter


          Greenhorn

          • Experience: Familiar
          • OS: Windows 10
          Re: Malware won't go away
          « Reply #5 on: December 10, 2020, 04:20:24 PM »
          Hi Sir

          My apologies. I forgot.

          # -------------------------------
          # Malwarebytes AdwCleaner 8.0.8.0
          # -------------------------------
          # Build:    10-08-2020
          # Database: 2020-11-23.1 (Cloud)
          # Support:  https://www.malwarebytes.com/support
          #
          # -------------------------------
          # Mode: Scan
          # -------------------------------
          # Start:    12-10-2020
          # Duration: 00:00:12
          # OS:       Windows 10 Pro
          # Scanned:  31920
          # Detected: 8


          ***** [ Services ] *****

          No malicious services found.

          ***** [ Folders ] *****

          No malicious folders found.

          ***** [ Files ] *****

          No malicious files found.

          ***** [ DLL ] *****

          No malicious DLLs found.

          ***** [ WMI ] *****

          No malicious WMI found.

          ***** [ Shortcuts ] *****

          No malicious shortcuts found.

          ***** [ Tasks ] *****

          No malicious tasks found.

          ***** [ Registry ] *****

          No malicious registry entries found.

          ***** [ Chromium (and derivatives) ] *****

          No malicious Chromium entries found.

          ***** [ Chromium URLs ] *****

          No malicious Chromium URLs found.

          ***** [ Firefox (and derivatives) ] *****

          No malicious Firefox entries found.

          ***** [ Firefox URLs ] *****

          No malicious Firefox URLs found.

          ***** [ Hosts File Entries ] *****

          No malicious hosts file entries found.

          ***** [ Preinstalled Software ] *****

          Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
          Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
          Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FE69185-BD3A-41B3-BE91-7ED607123B64} 
          Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FE69185-BD3A-41B3-BE91-7ED607123B64} 
          Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
          Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
          Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
          Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


          AdwCleaner[S00].txt - [2339 octets] - [09/12/2020 19:33:15]

          ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Malware won't go away
          « Reply #6 on: December 11, 2020, 04:16:42 PM »
          How are things now? Are you still seeing the infections?
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          Pacific64

            Topic Starter


            Greenhorn

            • Experience: Familiar
            • OS: Windows 10
            Re: Malware won't go away
            « Reply #7 on: December 11, 2020, 04:57:34 PM »
            Hello

            It appears as though MBAM hasn't detected any new infections, but there are 29 in quarantine. Should I just leave them in there or delete them? What would you recommend?

            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Malware won't go away
            « Reply #8 on: December 12, 2020, 03:33:41 PM »
            It's up to you. You can delete them if you need extra space or leave them there. I usually delete them.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            Pacific64

              Topic Starter


              Greenhorn

              • Experience: Familiar
              • OS: Windows 10
              Re: Malware won't go away
              « Reply #9 on: December 12, 2020, 04:27:21 PM »
              Thanks very much for your help!
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Malware won't go away
              « Reply #10 on: December 13, 2020, 11:32:35 AM »
              You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's
              Pages: [1]   Go Up
              « previous next »