Possible cryptocurrency mining virus – Virus, Trojan, Spyware, and Malware Removal Help

0


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021

Ran by loras (administrator) on DESKTOP-LRF2N6K (MEDION X17803) (20-06-2021 18:11:15)

Running from C:UserslorasDownloads

Loaded Profiles: loras

Platform: Windows 10 Home Version 21H1 19043.1055 (X64) Language: English (United Kingdom)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Autodesk Inc -> Autodesk) C:UserslorasAutodeskGenuine ServiceGenuineService.exe

(Autodesk, Inc. -> Autodesk Inc.) C:Program Files (x86)AutodeskAutodesk Desktop AppAdAppMgrSvc.exe

(Autodesk, Inc. -> Autodesk) C:Program Files (x86)AutodeskAutodesk Desktop AppAcWebBrowserAcWebBrowser.exe <3>

(Autodesk, Inc. -> Autodesk, Inc.) C:Program Files (x86)AutodeskAutodesk Desktop AppAutodeskDesktopApp.exe

(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnagent.exe

(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnui.exe

(Dolby Laboratories, Inc. -> ) C:Program FilesCommon FilesDolbyDAX3RADARHOSTDSRHost.exe

(Dolby Laboratories, Inc. -> ) C:WindowsSystem32dolbyaposvcDAX3API.exe

(Electronic Arts, Inc. -> Electronic Arts) C:Program Files (x86)OriginOriginWebHelperService.exe

(Flexera Software LLC -> Flexera Software LLC) C:Program FilesCommon FilesMacrovision SharedFlexNet PublisherFNPLicensingService64.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <17>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler64.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_ffc75848a6342fdfjhi_service.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_3bd4cd1d0a01f3b6igfxCUIService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_3bd4cd1d0a01f3b6igfxEM.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_25e8e0015b11aeb3OneApp.IGCC.WinService.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_0952bd3addcd9dc6IntelCpHDCPSvc.exe

(Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_0952bd3addcd9dc6IntelCpHeciSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_eea3cf789013ad4fRstMwService.exe

(McAfee, LLC -> McAfee, LLC) C:Program FilesMcAfeeWebAdvisorservicehost.exe

(McAfee, LLC -> McAfee, LLC) C:Program FilesMcAfeeWebAdvisoruihost.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbweGamingServices.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbweGamingServicesNet.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32msiexec.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynvtfi.inf_amd64_cd33f2b721c156e7Display.NvContainerNVDisplay.Container.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32RtkAudUService64.exe <2>

(Tersys Group OÜ -> Trust.Zone VPN Project) C:Program FilesTrust.Zone VPN Clienttrustzone_x64.exe

(Tersys Group OÜ -> Trust.Zone VPN Project) C:Program FilesTrust.Zone VPN Clienttzclient_x64.exe <2>

(Uniwill Technology Inc. -> ) C:Program FilesOEMGaming CenterUniwillServiceGCUBridge.exe

(Uniwill Technology Inc. -> ) C:Program FilesOEMGaming CenterUniwillServiceMyControlCenterGCUService.exe

(Uniwill Technology Inc. -> ) C:Program FilesOEMGaming CenterUniwillServiceMyControlCenterOSDTpDetect.exe

(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:Program FilesTabletWacomWacom_Tablet.exe

(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:Program FilesTabletWacomWacom_TabletUser.exe

(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:Program FilesTabletWacomWacom_TouchUser.exe

(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:Program FilesTabletWacomWTabletServicePro.exe

(Wacom Technology Corp. -> Wacom Technology) C:Program FilesTabletWacomWacomHost.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [RtkAudUService] => C:WINDOWSSystem32RtkAudUService64.exe [1110816 2020-07-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM…Run: [Trust.Zone VPN Client UI Helper] => C:Program FilesTrust.Zone VPN Clienttzclient_x64.exe [6412464 2020-04-05] (Tersys Group OÜ -> Trust.Zone VPN Project)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program Files (x86)AdobeAdobe Creative CloudACCCreative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32…Run: [Autodesk Desktop App] => C:Program Files (x86)AutodeskAutodesk Desktop AppAutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)

HKLM-x32…Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnui.exe [1674368 2021-01-22] (Cisco Systems, Inc. -> Cisco Systems, Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-06-15] (Adobe Inc. -> )

HKUS-1-5-21-3985742228-1352986308-2773348996-1007…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)

HKUS-1-5-21-3985742228-1352986308-2773348996-1007…Run: [CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-06-15] (Adobe Inc. -> )

HKUS-1-5-21-3985742228-1352986308-2773348996-1007…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33249248 2021-06-14] (Epic Games Inc. -> Epic Games, Inc.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication91.0.4472.106Installerchrmstp.exe [2021-06-17] (Google LLC -> Google LLC)

Startup: C:UserslorasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupGenuineService.lnk [2020-10-03]

ShortcutTarget: GenuineService.lnk -> C:UserslorasAutodeskGenuine ServiceGenuineService.exe (Autodesk Inc -> Autodesk)

Startup: C:UserslorasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2020-12-13]

ShortcutTarget: Send to OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

Startup: C:UserslorasAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTrust.Zone VPN Client.lnk [2020-10-02]

ShortcutTarget: Trust.Zone VPN Client.lnk -> C:Program FilesTrust.Zone VPN Clienttrustzone_x64.exe (Tersys Group OÜ -> Trust.Zone VPN Project)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {04666474-4026-44B8-898A-2C03CB6E4BB9} – System32TasksPCIeBusQueue => “wevtutil.exe” cl System

Task: {11155E6B-6EB5-4D33-9A35-A79B4E17B96B} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {1B1338E4-DC19-4AE5-A8BD-EEA8DDA6801C} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {279AA1DC-45C4-421A-AD3E-EF2ACEDF1A0E} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {29AB6D0C-3E39-4EFE-BB62-51DF985593A7} – System32TasksPCIeBus => “wevtutil.exe” cl Application

Task: {2E5EC1BD-5B16-4223-B835-EE799E653DD8} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {47DC547E-CB4E-4D00-867B-64173B9AF65C} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {4D0F4402-C650-431F-A7D6-49F505FC4ADD} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147272 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {69402A04-B77F-4D06-A4B9-802E0E2C0625} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {759FFB06-8CF2-4E72-BE96-8D97A99D9B38} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124856 2021-06-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {7F502197-51B1-42C9-92E6-F69F003FE79C} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {90804F81-543B-4A1D-9364-6DF1FAED2037} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {908967B6-0926-4818-85A0-FC2C8A10E099} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155432 2019-12-12] (Google Inc -> Google LLC)

Task: {961810BD-AB74-4A3D-A9C1-35BEA78F3356} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {96B371F9-5946-43F8-9150-8971752A8E62} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155432 2019-12-12] (Google Inc -> Google LLC)

Task: {9A8C2496-BE8D-42B1-B734-67DB50DFD02C} – System32TasksMicrosoftWindowsRemovalToolsMRT_ERROR_HB => C:Windowssystem32MRT.exe [132447432 2021-06-09] (Microsoft Windows -> Microsoft Corporation)

Task: {9D8A8749-3DC1-496D-ADCC-3559470F3B02} – System32TasksContentManagement => C:UserslorasAppDataRoamingUnarchiverUnarchiver.exe [275065686 2021-06-17] (Unarchiver) [File not signed] <==== ATTENTION

Task: {A3A8F5DA-4329-47BC-9BC5-A5F24568408E} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {B7AC3278-E3B5-4EAA-B04B-3BCCF7C1FAE2} – System32TasksOneDrive Standalone Update Task-S-1-5-21-3985742228-1352986308-2773348996-500 => C:UserslorasAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe

Task: {C09CF237-F4EF-47D8-A12E-F25E02F1D978} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {C383124B-AE28-4F73-ABA0-C95E69D84FEE} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124856 2021-06-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {D08A40B7-1D0D-4AE1-BFD9-3D5A757A3BDA} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147272 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)

Task: {D304F769-424D-4FEF-8169-44959EF1F354} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DC9AD6F0-92C3-48EA-9198-08FA686F9398} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DF34149F-C014-408C-A3A2-F7994DD0CDBE} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {E1E6D121-05C0-4380-8D76-8840B3551251} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {FADEFF09-9A52-4C29-969E-46176ED3336B} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

TcpipParameters: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{32432907-2cfa-431e-a897-987abd1b336c}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{3cac307d-b89a-4893-a974-1828a18d2b7d}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{69ccb325-6841-426e-ad94-5bfdbcc1bd59}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{6bd6236d-ca07-485a-979e-f45368cd3d9f}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{6bd6236d-ca07-485a-979e-f45368cd3d9f}: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{7fde3b8c-f5cd-40ab-a8cd-4215342a5165}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{bcde1329-d529-4cb1-9b63-f5d0203b4b2d}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{bf0542b7-72c2-41a8-a933-94397b3d3847}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{bf0542b7-72c2-41a8-a933-94397b3d3847}: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{e04fa201-296e-420b-b662-2c650074e5e4}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{eb2317ff-7436-4775-9f08-6944996f036f}: [NameServer] 109.236.87.2,144.217.75.55

Tcpip..Interfaces{eb2317ff-7436-4775-9f08-6944996f036f}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip..Interfaces{fcad18ea-fad8-41d1-8c29-1e2a518a7709}: [NameServer] 109.236.87.2,144.217.75.55

 

Edge: 

=======

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]

Edge DefaultProfile: Default

Edge Profile: C:UserslorasAppDataLocalMicrosoftEdgeUser DataDefault [2021-06-20]

 

FireFox:

========

FF HKLM…FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi

FF Extension: (McAfee® WebAdvisor) – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi [2021-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]

FF HKLM-x32…FirefoxExtensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] – C:Program FilesMcAfeeWebAdvisore10ssaffplg.xpi

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin: wacom.com/WacomTabletPlugin -> C:Program FilesTabletPluginsnpWacomTabletPlugin.dll [No File]

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:Program Files (x86)TabletPluginsnpWacomTabletPlugin.dll [No File]

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UserslorasAppDataLocalGoogleChromeUser DataDefault [2021-06-20]

CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.lieferando.de

CHR StartupUrls: Default -> “”,”hxxps://www.google.com/”

CHR DefaultSearchURL: Default -> hxxps://blobs.officehome.msocdn.com/versionless/webmanifestimages/OfficeDesktop_192.png

CHR Extension: (Slides) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-12-12]

CHR Extension: (Docs) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2019-12-12]

CHR Extension: (Google Drive) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-22]

CHR Extension: (YouTube) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-12]

CHR Extension: (Adblock Plus – free ad blocker) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2021-05-20]

CHR Extension: (Sheets) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-12-12]

CHR Extension: (Google Docs Offline) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-19]

CHR Extension: (Star Atlas) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsgheikhdfflhlbemfmhcfpeblehemeklp [2019-12-12]

CHR Extension: (Pinterest Save Button) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsgpdjojdkbbmdfjfahjcgigfpmkopogic [2021-06-16]

CHR Extension: (Grammarly for Chrome) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionskbfnbcaeplbcioakkpcpgfkobkghlhen [2021-06-17]

CHR Extension: (EasePDF – Free Online PDF Tools) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionskohliapjdgbifngpkckoajklhlmnngke [2020-11-07]

CHR Extension: (Chrome Web Store Payments) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Office) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsocdlmjhbenodhlknglojajgokahchlkk [2020-10-01]

CHR Extension: (Tumblr Savior) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsoefddkjnflmjbclpnnoegglmmdfkidip [2021-04-20]

CHR Extension: (Custom Cursor for Chrome™) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionsogdlpmhglpejoiomcodnpjnfgcpmgale [2021-05-05]

CHR Extension: (Gmail) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]

CHR Extension: (Chrome Media Router) – C:UserslorasAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-04]

CHR HKLM…ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM-x32…ChromeExtension: [fheoggkfdfchfphceeifdbepaooicaho]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdAppMgrSvc; C:Program Files (x86)AutodeskAutodesk Desktop AppAdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)

S2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)

R2 DolbyDAXAPI; C:WINDOWSsystem32dolbyaposvcDAX3API.exe [1641416 2019-05-15] (Dolby Laboratories, Inc. -> )

S3 EpicOnlineServices; C:Program Files (x86)Epic GamesEpic Online ServicesserviceEpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)

R2 GCUBridge; C:Program FilesOEMGaming CenterUniwillServiceGCUBridge.exe [54336 2019-10-25] (Uniwill Technology Inc. -> )

S3 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7391408 2021-06-17] (Malwarebytes Inc -> Malwarebytes)

R2 McAfee WebAdvisor; C:Program FilesMcAfeeWebAdvisorServiceHost.exe [973072 2021-06-11] (McAfee, LLC -> McAfee, LLC)

S3 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2546776 2021-04-22] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3486808 2021-04-22] (Electronic Arts, Inc. -> Electronic Arts)

R2 TZVPNCLIENT; C:Program FilesTrust.Zone VPN Clienttzclient_x64.exe [6412464 2020-04-05] (Tersys Group OÜ -> Trust.Zone VPN Project)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe [2644776 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe [136656 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WINDOWSSystem32DriverStoreFileRepositorynvtfi.inf_amd64_cd33f2b721c156e7Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WINDOWSSystem32DriverStoreFileRepositorynvtfi.inf_amd64_cd33f2b721c156e7Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 iaLPSS2_UART2_CNL; C:WINDOWSSystem32DriverStoreFileRepositoryialpss2_uart2_cnl.inf_amd64_f4d3fa40a0f0bb6aiaLPSS2_UART2_CNL.sys [306688 2019-12-25] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 inpoutx64; C:WINDOWSSystem32Driversinpoutx64.sys [15008 2019-10-08] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220752 2021-06-20] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-06-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-06-17] (Malwarebytes Inc -> Malwarebytes)

R3 MpKsl7a72f702; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{8469A68E-CABD-45BB-AC34-BBA4853E72D5}MpKslDrv.sys [107744 2021-06-20] (Microsoft Windows -> Microsoft Corporation)

R3 SparkIO; C:Windowssystem32SparkIO.sys [22128 2019-07-08] (Microsoft Windows Hardware Compatibility Publisher -> )

R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [39920 2019-12-13] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

R3 vhidmini; C:WINDOWSSystem32driversvhidmini.sys [22944 2019-07-08] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S3 vpnva; C:WINDOWSSystem32driversvpnva64-6.sys [74048 2021-01-22] (Cisco Systems, Inc. -> Cisco Systems, Inc.)

S3 WacHidRouterPro; C:WINDOWSSystem32driverswachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)

S3 wacomrouterfilter; C:WINDOWSSystem32driverswacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)

S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49568 2021-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [425184 2021-06-13] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [76000 2021-06-13] (Microsoft Windows -> Microsoft Corporation)

S1 amsdk; ??C:WINDOWSsystem32driversamsdk.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-06-20 16:15 – 2021-06-20 16:20 – 000049797 _____ C:UserslorasDownloadsAddition.txt

2021-06-20 16:14 – 2021-06-20 18:11 – 000028577 _____ C:UserslorasDownloadsFRST.txt

2021-06-20 16:11 – 2021-06-20 18:11 – 000000000 ____D C:FRST

2021-06-20 16:09 – 2021-06-20 16:09 – 002300416 _____ (Farbar) C:UserslorasDownloadsFRST64.exe

2021-06-20 02:20 – 2021-06-20 02:20 – 000000000 ____D C:ProgramDataEmsisoft

2021-06-20 02:19 – 2021-06-20 15:33 – 000000000 ____D C:EEK

2021-06-20 02:18 – 2021-06-20 02:19 – 294621376 _____ C:UserslorasDownloadsEmsisoftEmergencyKit.exe

2021-06-20 02:04 – 2021-06-20 02:04 – 000012872 _____ (SurfRight B.V.) C:WINDOWSsystem32bootdelete.exe

2021-06-20 01:54 – 2021-06-20 02:05 – 000000000 ____D C:ProgramDataHitmanPro

2021-06-20 01:51 – 2021-06-20 01:51 – 000000000 ____D C:AdwCleaner

2021-06-20 01:06 – 2021-06-20 02:27 – 000322461 _____ C:WINDOWSZAM.krnl.trace

2021-06-20 01:06 – 2021-06-20 02:27 – 000000000 ____D C:UserslorasAppDataLocalAMSDK

2021-06-20 01:06 – 2021-06-20 01:06 – 000000000 ____D C:UserslorasAppDataLocalZemana

2021-06-20 00:43 – 2021-06-20 00:44 – 001802704 _____ (Bleeping Computer, LLC) C:UserslorasDownloadsiExplore.exe

2021-06-20 00:38 – 2021-06-20 00:38 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-06-17 23:35 – 2021-06-17 23:35 – 000002037 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-06-17 23:35 – 2021-06-17 23:35 – 000002025 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-06-17 23:35 – 2021-06-17 23:35 – 000002025 _____ C:ProgramDataDesktopMalwarebytes.lnk

2021-06-17 23:35 – 2021-06-17 23:35 – 000000000 ____D C:UserslorasAppDataLocalmbam

2021-06-17 23:34 – 2021-06-17 23:34 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys

2021-06-17 23:34 – 2021-06-17 23:34 – 000199128 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys

2021-06-17 23:34 – 2021-06-17 23:34 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys

2021-06-17 23:34 – 2021-06-17 23:34 – 000000000 ____D C:ProgramDataMalwarebytes

2021-06-17 23:34 – 2021-06-17 23:34 – 000000000 ____D C:Program FilesMalwarebytes

2021-06-17 23:33 – 2021-06-17 23:34 – 002094168 _____ (Malwarebytes) C:UserslorasDownloadsMBSetup.exe

2021-06-17 20:17 – 2021-06-20 11:53 – 121372672 _____ C:WINDOWSsystem32configSOFTWARE

2021-06-17 20:14 – 2021-06-17 20:17 – 000000000 ____D C:WINDOWSMicrosoft Antimalware

2021-06-17 18:13 – 2021-06-17 18:13 – 000011453 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-06-17 13:58 – 2021-06-20 16:22 – 000007605 _____ C:UserslorasAppDataLocalresmon.resmoncfg

2021-06-17 00:22 – 2021-06-17 00:22 – 000000000 ____D C:UsersPublicDocumentsEpic

2021-06-17 00:22 – 2021-06-17 00:22 – 000000000 ____D C:UserslorasDocumentsKINGDOM HEARTS HD 1.5+2.5 ReMIX

2021-06-17 00:22 – 2021-06-17 00:22 – 000000000 ____D C:UserslorasAppDataLocalEpic Games

2021-06-17 00:22 – 2021-06-17 00:22 – 000000000 ____D C:ProgramDataDocumentsEpic

2021-06-17 00:15 – 2021-06-17 00:15 – 000003568 _____ C:WINDOWSsystem32TasksContentManagement

2021-06-17 00:15 – 2021-06-17 00:15 – 000003220 _____ C:WINDOWSsystem32TasksPCIeBusQueue

2021-06-17 00:15 – 2021-06-17 00:15 – 000003220 _____ C:WINDOWSsystem32TasksPCIeBus

2021-06-17 00:15 – 2021-06-17 00:15 – 000000000 ____D C:UserslorasAppDataRoamingUnarchiver

2021-06-15 18:19 – 2021-06-15 18:20 – 000000000 ____D C:UserslorasDownloads_Getintopc.com_Adobe_Photoshop_2021_v22.3.1.122x64_Multilingual

2021-06-15 16:51 – 2021-06-15 17:28 – 2440732644 _____ C:UserslorasDownloads_Getintopc.com_Adobe_Photoshop_2021_v22.3.1.122x64_Multilingual.rar

2021-06-15 16:23 – 2021-06-15 16:30 – 000000014 _____ C:ProgramDatakrosqm.txt

2021-06-15 16:23 – 2021-06-15 16:23 – 000000000 _RSHD C:UserslorasAppDataRoamingGoogle

2021-06-13 23:16 – 2021-06-16 16:10 – 000000000 ____D C:UserslorasDownloadsKingdom.Hearts.HD.1.5.and.2.5.ReMIX-CODEX RePack [FULL GAME]

2021-06-13 22:31 – 2021-06-13 22:50 – 000000000 ____D C:UserslorasDownloadsAdobe Photoshop Lightroom Classic 2021 v14.4 (x64) + Crack

2021-06-10 22:21 – 2021-06-20 17:54 – 000000000 ____D C:UserslorasAppDataRoamingdiscord

2021-06-10 22:21 – 2021-06-20 17:26 – 000000000 ____D C:UserslorasAppDataLocalDiscord

2021-06-10 22:21 – 2021-06-10 22:21 – 000000000 ____D C:UserslorasAppDataRoamingMicrosoftWindowsStart MenuProgramsDiscord Inc

2021-06-10 21:57 – 2021-06-10 21:57 – 000000371 _____ C:UserslorasDesktopDiscord.url

2021-06-09 11:50 – 2021-06-09 11:50 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-06-09 11:50 – 2021-06-09 11:50 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-06-09 11:50 – 2021-06-09 11:50 – 001314120 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-06-09 11:50 – 2021-06-09 11:50 – 000568832 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl

2021-06-09 11:50 – 2021-06-09 11:50 – 000451072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl

2021-06-09 11:49 – 2021-06-09 11:49 – 002260480 _____ (The ICU Project) C:WINDOWSsystem32icu.dll

2021-06-09 11:49 – 2021-06-09 11:49 – 001864192 _____ (The ICU Project) C:WINDOWSSysWOW64icu.dll

2021-06-09 11:49 – 2021-06-09 11:49 – 001823792 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-06-09 11:49 – 2021-06-09 11:49 – 001393496 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-06-09 11:49 – 2021-06-09 11:49 – 000657464 _____ C:WINDOWSsystem32WindowManagementAPI.dll

2021-06-09 11:49 – 2021-06-09 11:49 – 000563712 _____ (Microsoft Corporation) C:WINDOWSsystem32winspool.drv

2021-06-09 11:49 – 2021-06-09 11:49 – 000468440 _____ C:WINDOWSSysWOW64WindowManagementAPI.dll

2021-06-09 11:49 – 2021-06-09 11:49 – 000423936 _____ (Microsoft Corporation) C:WINDOWSSysWOW64winspool.drv

2021-06-09 11:49 – 2021-06-09 11:49 – 000287232 _____ C:WINDOWSsystem32CoreMas.dll

2021-06-09 11:49 – 2021-06-09 11:49 – 000272384 _____ C:WINDOWSsystem32TpmTool.exe

2021-06-09 11:49 – 2021-06-09 11:49 – 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe

2021-06-09 11:49 – 2021-06-09 11:49 – 000097280 _____ C:WINDOWSsystem32Driverscimfs.sys

2021-06-03 19:18 – 2021-06-03 20:55 – 000000000 ____D C:UserslorasAppDataRoamingAtom

2021-06-03 19:18 – 2021-06-03 20:55 – 000000000 ____D C:Usersloras.atom

2021-06-03 19:18 – 2021-06-03 19:18 – 000002185 _____ C:UserslorasDesktopAtom.lnk

2021-06-03 19:18 – 2021-06-03 19:18 – 000000000 ____D C:UserslorasAppDataRoamingMicrosoftWindowsStart MenuProgramsGitHub, Inc

2021-06-03 19:18 – 2021-06-03 19:18 – 000000000 ____D C:UserslorasAppDataLocalatom

2021-06-03 19:16 – 2021-06-03 19:17 – 199183008 _____ (GitHub Inc.) C:UserslorasDownloadsAtomSetup-x64.exe

2021-05-29 16:27 – 2021-05-29 16:27 – 000349410 _____ C:UserslorasDownloadsa4bd40b5-fa40-46a7-930a-8d1ed5371257.tmp

2021-05-29 16:26 – 2021-05-29 16:26 – 000349410 _____ C:UserslorasDownloads6f14a2a0-6b08-4fcf-8b7c-1c2a1c9f072f.tmp

2021-05-29 16:26 – 2021-05-29 16:26 – 000349410 _____ C:UserslorasDownloads63d4855c-dfa6-416f-8d1e-8ba79af9cfd1.tmp

2021-05-29 16:25 – 2021-05-29 16:25 – 000349410 _____ C:UserslorasDownloadse52c5e37-a61c-4f59-ba68-6e68450eff01.tmp

2021-05-29 16:25 – 2021-05-29 16:25 – 000349410 _____ C:UserslorasDownloads9d927026-4846-4e92-bfaf-a26e67c907a6.tmp

2021-05-29 16:24 – 2021-05-29 16:24 – 002059198 _____ C:UserslorasDownloads61bbcc8f-757c-41aa-901d-39b89edab649.tmp

2021-05-29 16:24 – 2021-05-29 16:24 – 002059198 _____ C:UserslorasDownloads