View Single Post
  #4  
Old October 27th, 2021, 03:34 AM
Simple plus Naive Simple plus Naive is offline
Senior Member
 
Join Date: Jan 2002
O/S: Windows XP Pro
Location: Ontario, Canada
Posts: 233
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by ansel (administrator) on DESKTOP-N1N2OEO (Dell Inc. Inspiron 3670) (26-10-2021 22:13:11)
Running from C:\Users\ansel\Desktop
Loaded Profiles: ansel
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_ x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess .exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\ansel\AppData\Roaming\BitTorrent\BitTorre nt.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\ansel\AppData\Roaming\BitTorrent\helper\h elper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\ansel\AppData\Roaming\BitTorrent\updates\ 7.10.5_46097\bittorrentie.exe <2>
(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.39 20.0_x86__mcezb6ze687jp\Power2Go11\CLMLSvc_P2G11.e xe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <24>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler. exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler6 4.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_9a914baee86356a0\IntelCpHDCPSvc.ex e
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_9a914baee86356a0\IntelCpHeciSvc.ex e
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(Lavasoft Software Canada Inc. -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
(Lavasoft Software Canada Inc. -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0 _x64__wafk5atnkzcwy\mcafee-security.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0 _x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\csp\4.6.104.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_21_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\msc\MfeBrowserHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6 305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.1 4430.20306.0_x86__8wekyb3d8bbwe\Office16\SDXHelper .exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_no ne_7e21bc567c7ed16b\TiWorker.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_18c775e07a6aaafd\RtkAudUServ ice64.exe <3>
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\ansel\AppData\Local\slack\app-4.20.0\slack.exe <6>
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.ex e
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo75de.inf_amd64_444d52e511fbcc11\WavesSysSvc64 .exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe <4>
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-08-29] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_18c775e07a6aaafd\RtkAudUServ ice64.exe [1257032 2021-04-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConn ectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wav esapo75de.inf_amd64_444d52e511fbcc11\WavesSvc64.ex e [1237696 2020-12-06] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81373696 2020-07-29] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [BitTorrent] => C:\Users\ansel\AppData\Roaming\BitTorrent\BitTorre nt.exe [2279976 2021-10-03] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9123248 2021-10-08] (Lavasoft Software Canada Inc. -> Lavasoft)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [btweb] => "C:\Users\ansel\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [bt] => C:\Users\ansel\AppData\Roaming\BitTorrent\BitTorre nt.exe [2279976 2021-10-03] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [PopUpStopperFreeEdition] => E:\Programs DL\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [524288 2003-04-29] (Panicware, Inc.) [File not signed]
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [Opera Browser Assistant] => C:\Users\ansel\AppData\Local\Programs\Opera\assist ant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\ansel\AppData\Local\slack\slack.exe [309568 2021-10-05] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\MountPoints2: {4665f055-21c1-11e9-a2e2-283a4d4984aa} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\MountPoints2: {58e693f5-d271-11ea-a328-283a4d4984aa} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-3346590564-2256023101-3313217200-1001\...\MountPoints2: {a7dd4f1b-28f2-11e9-a2e7-283a4d4984aa} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM\...\Windows x64\Print Processors\DELS1PC: C:\Windows\System32\spool\prtprocs\x64\DELS1pc.dll [27648 2006-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\DELS1 Langmon: C:\WINDOWS\system32\DELS1L6.DLL [22016 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.54\Insta ller\chrmstp.exe [2021-10-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ECC0EB6-2A2F-487B-8F35-BE05DA8B9A6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-26] (Google Inc -> Google Inc.)
Task: {0F55F6A4-185D-4DBC-A6CB-CD7BE35FB18C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695616 2021-09-13] (McAfee, LLC -> McAfee, LLC)
Task: {1DCC3A02-9942-4920-82B6-D333D38DEFBD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4255648 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {326287C3-57AE-48FD-ADC7-179DDD135678} - System32\Tasks\Opera scheduled Autoupdate 1548539181 => C:\Users\ansel\AppData\Local\Programs\Opera\launch er.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {46A10940-8BD8-429A-90EB-D428478245A2} - System32\Tasks\Opera scheduled assistant Autoupdate 1548539183 => C:\Users\ansel\AppData\Local\Programs\Opera\launch er.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\ansel\AppData\Local\Programs\Opera\ assistant" $(Arg0)
Task: {4D35DBA0-5C67-401F-9EFA-D0C3C5F33649} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {4E0475C0-063D-41FF-9170-BEBB14994EA8} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0. 12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {531902F6-76CB-4039-A5DA-BC1B54BE945F} - System32\Tasks\GoogleUpdateTaskMachineCore1d57d663 d59caa0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-26] (Google Inc -> Google Inc.)
Task: {829AFE33-6E39-479B-972E-D85E53EFC301} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-26] (Google Inc -> Google Inc.)
Task: {88086ED0-A9C6-4151-BB09-DA5DF1E974B6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {942912BF-49AF-467F-B8B6-AAF6EB64A3F5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {9D4E8DC0-D906-40AA-B776-97B8973E2118} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4255648 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E2E18D8-1672-4759-98AB-C5130EFB2FB1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110424 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2BA84BE-A36D-4B50-8CAD-D729F8CB8AB5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {B4121A8E-B030-41D3-B1F7-5041ED3FF13D} - System32\Tasks\GoogleUpdateTaskMachineUA1d57d663d6 bbfb9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-26] (Google Inc -> Google Inc.)
Task: {B43A0C0B-AD78-4549-AEA8-A438A09F0BEE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110424 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B95A8A7B-92AD-466D-86CF-678E553AB822} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4114288 2021-08-12] (McAfee, LLC -> McAfee, LLC)
Task: {C15D4A16-2000-4351-931E-6FF6123F1496} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [95072 2020-08-14] (Rivet Networks LLC -> DELL)
Task: {D47C8DB8-7FBE-4849-B8A2-7C331A629858} - System32\Tasks\WD Discovery Service Task ansel => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryServi ce.exe [72704 2020-07-29] (Western Digital Technologies, Inc. -> )
Task: {DDCC5234-9D28-4D16-8C0A-89AB87D681F7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF50E95D-6580-4B03-9702-C77E19B1CB78} - System32\Tasks\WD Device Agent Task ansel => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [717824 2020-07-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {E6C4FE32-8A35-4967-A8B7-76BDE8A680FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {ED70A5F6-A6BC-4B87-8381-8514D68BF5DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {F93DCBAA-6B7D-4A4B-A5B9-F95221836298} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{de1717e2-7e50-41da-9a54-2e842d27e274}: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{fb039661-93b1-4598-823d-204fd5b066ab}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\ansel\Downloads
Edge Notifications: HKU\S-1-5-21-3346590564-2256023101-3313217200-1001 -> hxxps//play.howstuffworks.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ansel\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-19]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfeeŽ WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-10-20] [UpdateUrl:hxxps//sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-10-18] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-10-06] (McAfee, LLC -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-10-06] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default [2021-10-26]
CHR Notifications: Default -> hxxps//en.savefrom.net; hxxps//news.mingpao.com; hxxps//personal.hsbc.ca; hxxps//seekingalpha.com; hxxps//time4news.net; hxxps//twitter.com; hxxps//www.680news.com; hxxps//www.facebook.com; hxxps//www.netflix.com; hxxps//www.reddit.com; hxxps//www.sephora.com; hxxps//www.youtube.com
CHR StartupUrls: Default -> "hxxp//www.680news.com/","hxxp//www.google.ca/"
CHR DefaultSearchURL: Default -> hxxps//search.yahoo.com/search?fr=mcafee&type=E211US105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps//us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafe e_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2019-01-26]
CHR Extension: (Flash Video Downloader) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlh ccpdbc [2019-05-09]
CHR Extension: (Docs) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2019-01-26]
CHR Extension: (Google Drive) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2019-01-26]
CHR Extension: (Video Downloader professional) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpin pmmpil [2021-06-19]
CHR Extension: (Sheets) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2019-01-26]
CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho [2021-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-10-18]
CHR Extension: (Web Safety) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlf gpjabp [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-01-30]
CHR Extension: (Live Start Page - Living Wallpapers) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocggccaacacpienfcgmgcihoom bokbbj [2021-10-18]
CHR Extension: (Gmail) - C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-25]
CHR Profile: C:\Users\ansel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-09]
CHR Profile: C:\Users\ansel\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]

Opera:
=======
OPR Profile: C:\Users\ansel\AppData\Roaming\Opera Software\Opera Stable [2021-10-17]
OPR DefaultSuggestURL: Opera Stable -> hxxps//www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding}

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0185561635174996mcinstcleanup; C:\ProgramData\McInstTemp0185561635174996\McInst.e xe [872896 2021-09-29] (McAfee, LLC -> McAfee, LLC)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9251696 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
R2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [3413424 2021-10-08] (Lavasoft Software Canada Inc. -> )
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Ds api.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [19128 2021-07-08] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973040 2021-10-20] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe [797576 2021-09-29] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2018-07-16] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\\McCSPServiceHost.exe [2825792 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1672272 2021-09-08] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
S2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [64848 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64856 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1630576 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2385256 2020-08-14] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinServ ice.exe [22960 2021-10-08] (Lavasoft Software Canada Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-10-08] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [74752 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [574464 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390656 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [90048 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526336 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1088512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [638464 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110080 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118784 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [256512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 22:13 - 2021-10-26 22:21 - 000032558 _____ C:\Users\ansel\Desktop\FRST.txt
2021-10-26 22:11 - 2021-10-26 22:18 - 000000000 ____D C:\FRST
2021-10-26 22:10 - 2021-10-26 22:10 - 002310656 _____ (Farbar) C:\Users\ansel\Desktop\FRST64.exe
2021-10-25 23:15 - 2021-10-25 23:15 - 000106570 _____ C:\Users\ansel\Downloads\yb1565.app-jul00720.torrent
2021-10-18 16:30 - 2021-10-21 15:32 - 000000000 ____D C:\ProgramData\McInstTemp0172691634592609
2021-10-13 07:13 - 2021-10-13 07:13 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-13 07:13 - 2021-10-13 07:13 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-13 07:12 - 2021-10-13 07:12 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 07:12 - 2021-10-13 07:12 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-13 07:12 - 2021-10-13 07:12 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-13 07:12 - 2021-10-13 07:12 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-13 07:12 - 2021-10-13 07:12 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-13 07:11 - 2021-10-13 07:11 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-13 07:11 - 2021-10-13 07:11 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-13 07:11 - 2021-10-13 07:11 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 07:11 - 2021-10-13 07:11 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-13 07:11 - 2021-10-13 07:11 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjec ts.dll
2021-10-13 07:11 - 2021-10-13 07:11 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 06:25 - 2021-10-13 06:28 - 000000000 ___HD C:\$WinREAgent
2021-10-12 10:45 - 2021-10-12 10:45 - 000000000 _____ C:\WINDOWS\invcol.tmp
2021-10-10 22:27 - 2021-10-10 22:29 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-10-10 22:08 - 2021-10-10 22:08 - 000000938 _____ C:\Users\ansel\Desktop\JRT.txt
2021-10-10 22:05 - 2021-10-10 22:05 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnele vatedTask
2021-10-10 22:03 - 2021-10-10 22:03 - 000000000 ____D C:\WINDOWS\ERUNT
2021-10-10 21:37 - 2021-10-15 21:17 - 000000000 ____D C:\AdwCleaner
2021-10-08 21:17 - 2021-10-08 21:17 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-10-08 21:09 - 2021-10-08 21:09 - 000459506 _____ C:\WINDOWS\system32\perfh011.dat
2021-10-08 21:09 - 2021-10-08 21:09 - 000124278 _____ C:\WINDOWS\system32\perfc011.dat
2021-10-08 21:09 - 2021-10-08 21:07 - 000144624 _____ C:\WINDOWS\system32\perfi011.dat
2021-10-08 21:09 - 2021-10-08 21:07 - 000033402 _____ C:\WINDOWS\system32\perfd011.dat
2021-10-08 21:08 - 2021-10-08 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2021-10-08 21:08 - 2021-10-08 21:08 - 000000000 ____D C:\WINDOWS\system32\ja
2021-10-08 20:36 - 2019-10-15 13:50 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2021-10-05 22:13 - 2021-10-05 22:14 - 000039559 _____ C:\Users\ansel\Downloads\Media Release Form - JFT Online Teacher-Support Japanese Language Course.pdf
2021-10-05 22:08 - 2021-10-26 22:23 - 000000000 ____D C:\Users\ansel\AppData\Roaming\Slack
2021-10-05 22:08 - 2021-10-05 22:08 - 000002205 _____ C:\Users\ansel\Desktop\Slack.lnk
2021-10-05 22:08 - 2021-10-05 22:08 - 000000000 ____D C:\Users\ansel\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Slack Technologies Inc
2021-10-05 22:08 - 2021-10-05 22:08 - 000000000 ____D C:\Users\ansel\AppData\Local\SquirrelTemp
2021-10-05 22:08 - 2021-10-05 22:08 - 000000000 ____D C:\Users\ansel\AppData\Local\slack
2021-10-05 22:07 - 2021-10-05 22:07 - 095710016 _____ (Slack Technologies Inc.) C:\Users\ansel\Downloads\SlackSetup.exe
2021-10-03 17:26 - 2021-10-03 17:28 - 010998644 _____ C:\WINDOWS\Minidump\100321-40953-01.dmp
2021-10-03 17:26 - 2021-10-03 17:26 - 1267546630 _____ C:\WINDOWS\MEMORY.DMP
2021-10-03 04:46 - 2021-10-03 04:46 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-10-03 04:46 - 2021-10-03 04:46 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-10-03 04:46 - 2021-10-03 04:46 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-10-03 04:45 - 2021-10-03 04:45 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-10-03 04:45 - 2021-10-03 04:45 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-10-03 04:45 - 2021-10-03 04:45 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-10-03 04:45 - 2021-10-03 04:45 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-10-03 04:45 - 2021-10-03 04:45 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-10-03 04:44 - 2021-10-03 04:44 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-10-03 04:44 - 2021-10-03 04:44 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-10-03 04:43 - 2021-10-03 04:43 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-10-03 04:43 - 2021-10-03 04:43 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-10-03 02:43 - 2021-10-21 15:44 - 000000000 ____D C:\Users\ansel\AppData\LocalLow\BitTorrent
2021-10-03 00:38 - 2021-10-15 00:38 - 000004464 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1548539183

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-26 22:26 - 2019-01-26 16:45 - 000000000 ____D C:\Users\ansel\AppData\Roaming\BitTorrent
2021-10-26 22:24 - 2021-02-11 13:51 - 000000000 ____D C:\Users\ansel\AppData\Local\BitTorrentHelper
2021-10-26 22:21 - 2019-01-26 16:52 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-26 22:18 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-26 21:49 - 2020-11-29 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-26 20:02 - 2020-12-15 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-10-26 19:52 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-26 19:52 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-26 13:47 - 2019-01-26 17:07 - 000000000 ____D C:\Users\ansel\AppData\Roaming\vlc
2021-10-26 13:46 - 2021-04-21 22:15 - 000000000 ____D C:\Users\ansel\Downloads\Drama
2021-10-26 10:30 - 2020-11-29 18:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-10-25 22:47 - 2019-01-26 16:53 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-25 22:47 - 2019-01-26 16:53 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 10:16 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-24 10:46 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-23 01:08 - 2020-06-24 21:02 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-23 01:08 - 2020-06-24 21:02 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-23 00:58 - 2020-11-29 18:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1548539181
2021-10-23 00:58 - 2019-01-26 16:46 - 000001411 _____ C:\Users\ansel\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Opera Browser.lnk
2021-10-21 23:13 - 2020-09-24 22:08 - 000000000 ____D C:\Users\ansel\AppData\Local\ElevatedDiagnostics
2021-10-21 15:41 - 2020-07-29 21:25 - 000000000 ____D C:\Users\ansel\.wdc
2021-10-21 15:35 - 2020-12-25 22:07 - 000000000 __RSD C:\Users\ansel\Documents\McAfee Vaults
2021-10-21 15:33 - 2020-11-29 18:31 - 000000000 ____D C:\Users\ansel
2021-10-21 15:31 - 2020-11-29 18:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 15:31 - 2020-11-29 18:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 15:31 - 2019-01-05 06:32 - 000000000 ____D C:\Intel
2021-10-21 03:33 - 2020-11-29 18:58 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3346590564-2256023101-3313217200-1001
2021-10-21 03:33 - 2020-11-29 18:31 - 000002385 _____ C:\Users\ansel\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
2021-10-20 11:48 - 2020-07-29 21:26 - 000000000 ____D C:\Users\ansel\AppData\Roaming\WD Discovery
2021-10-18 17:25 - 2020-11-29 18:58 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-10-18 17:11 - 2019-02-22 18:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-18 16:33 - 2019-01-05 06:39 - 000000000 ____D C:\Program Files\Common Files\mcafee
2021-10-18 16:31 - 2020-11-29 18:58 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-10-18 16:29 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-18 15:16 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-15 05:13 - 2019-04-12 21:02 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-13 13:33 - 2019-01-26 16:39 - 000000000 ____D C:\Users\ansel\AppData\Local\Packages
2021-10-13 07:26 - 2020-11-29 18:25 - 000536856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 07:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-13 07:22 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-13 05:49 - 2019-01-27 00:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 05:31 - 2019-01-27 00:30 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-09 22:58 - 2020-11-30 13:10 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore1d6c6a91ed0f6af
2021-10-09 22:58 - 2020-11-29 18:58 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-10-09 22:45 - 2021-08-13 00:57 - 000000000 ___HD C:\$MfeDeepRem
2021-10-08 21:32 - 2019-01-26 16:45 - 000000000 ____D C:\Users\ansel\AppData\Local\PlaceholderTileLogoFo lder
2021-10-08 21:09 - 2020-11-29 19:43 - 000416164 _____ C:\WINDOWS\system32\prfh0404.dat
2021-10-08 21:09 - 2020-11-29 19:43 - 000125334 _____ C:\WINDOWS\system32\prfc0404.dat
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-10-08 21:08 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-10-08 21:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-10-08 21:08 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-10-08 21:07 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-10-08 21:07 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-10-08 21:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME
2021-10-08 21:07 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-10-08 21:07 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-10-08 21:07 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-10-08 20:38 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\OCR
2021-10-07 20:19 - 2019-02-01 07:14 - 000000000 ____D C:\Users\ansel\AppData\Local\D3DSCache
2021-10-07 19:36 - 2020-09-18 00:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-03 17:29 - 2020-11-30 00:59 - 000000000 ____D C:\WINDOWS\Minidump
2021-10-03 11:49 - 2020-11-29 18:43 - 001329746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-03 11:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-10-03 11:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-10-03 00:51 - 2020-11-29 18:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-03 00:14 - 2020-11-29 18:58 - 000003450 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineU A1d57d663d6bbfb9
2021-10-03 00:14 - 2020-11-29 18:58 - 000003326 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineC ore1d57d663d59caa0
2021-09-28 12:02 - 2018-06-11 11:27 - 001088512 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehidk.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000574464 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000526336 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfefirek.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000390656 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000256512 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000118784 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000090048 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2021-09-28 12:02 - 2018-06-11 11:27 - 000074752 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\cfwids.sys

==================== Files in the root of some directories ========

2021-04-29 21:23 - 2021-04-29 21:23 - 021109568 _____ (Bandicam Company) C:\Users\ansel\bandicut-setup.exe
2021-03-08 22:46 - 2021-03-08 22:46 - 020878552 _____ (BitTorrent, Inc.) C:\Users\ansel\btweb_installer.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Reply With Quote