Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Concerned about PC security

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Concerned about PC security

Unread postby greenrhino43 » September 26th, 2022, 10:29 am

Hello,

I am concerned about my PC security / health from some recent downloads of files that windows defender immediately marked as a trojan and 2 backdoors and it tells me no actions are needed, but I am concerned and not sure if my PC is safe to use and would like someone to make sure I am ok with continuing to use my PC.

Addition.txt is attached because I've exceeded 100000 characters.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by Jeff GS1 MK3 (administrator) on LOUQE-S1 (Gigabyte Technology Co., Ltd. B550I AORUS PRO AX) (26-09-2022 10:21:10)
Running from C:\Users\Jeff GS1 MK3\Downloads
Loaded Profiles: Jeff GS1 MK3
Platform: Microsoft Windows 10 Home Version 21H2 19044.2006 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\90.0.4480.117\opera_crashreporter.exe
(C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\opera.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Xander Frangos) [File not signed] C:\Users\Jeff GS1 MK3\AppData\Local\Programs\twinkle-tray\Twinkle Tray.exe <5>
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Norway AS -> Opera Software) C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\opera.exe <54>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (ArcticLine Software -> ArcticLine Software) C:\Program Files (x86)\FileMarker.NET\FileMarkerService.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_6.69.19001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_6.69.19001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_647b4244e991951b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\Jeff GS1 MK3\AppData\Local\slack\app-4.28.171\slack.exe <6>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.5.6.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1090784 2020-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-20] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711328 2022-06-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [292120 2022-09-22] (Intel Corporation -> Intel)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [Opera GX Stable] => C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\launcher.exe [2474440 2022-09-16] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4230544 2022-07-26] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38502416 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Jeff GS1 MK3\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-03-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [electron.app.Twinkle Tray] => C:\Users\Jeff GS1 MK3\AppData\Local\Programs\twinkle-tray\Twinkle Tray.exe [136373248 2021-12-01] (Xander Frangos) [File not signed]
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-389301807-2965812550-3391386861-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Jeff GS1 MK3\AppData\Local\slack\slack.exe [309040 2022-08-31] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\105.0.5195.127\Installer\chrmstp.exe [2022-09-18] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08816EC3-4091-4E31-9ECC-1E9A30D76797} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {08DB7419-E130-4DE3-A043-AED571EA1EB0} - System32\Tasks\GoogleUpdateTaskMachineUA{E17924BF-AA56-457D-8923-FDEE6453FE0A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-25] (Google LLC -> Google LLC)
Task: {1CDE69E0-D3F9-49FE-9A37-C3018951550F} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3853952 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2031312E-970E-4743-BD8C-4B4F1D0F22EE} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-389301807-2965812550-3391386861-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165000 2022-09-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {25E99AB3-0FED-4E0E-BE64-A8523BE47F5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D8EF30F-76C6-49B5-BFB8-5024381732F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {385C0220-20BA-4574-9678-20D8B8F02560} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {417040CC-BBD3-4708-AB8B-A3FB31918B99} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [667832 2021-07-16] (Advanced Micro Devices INC. -> )
Task: {4ACC2535-A5E6-40E0-9C92-37784E5C3E67} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5A1ED03B-41B3-4126-ADA6-825C0224EDDD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {6727B0E9-C91D-4093-8922-031277F56BC0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {690A7B13-2D79-442A-A2A9-DA797AB2CDEB} - System32\Tasks\GoogleUpdateTaskMachineCore{B2386A6B-049D-406F-904C-A6B6C77066D5} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-25] (Google LLC -> Google LLC)
Task: {69915217-7CA2-4578-9B7E-BC8CA9E58C71} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F6B9D67-5E7E-47C0-BC4C-E4A4AB39E21C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {75AEAF6C-25E9-4E6E-B74B-555FA73A22EC} - System32\Tasks\CCleanerSkipUAC - Jeff GS1 MK3 => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {773EBEF4-1778-4B1A-B82A-BF225F1FAEBB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9300A7F1-E7B2-484C-8E90-EADC33E06F59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8517576 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AB41568-FE4A-43A8-8D87-741B98DE6D92} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4165000 2022-09-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BED0864-3A96-45CC-8EC0-4D854F1304A0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DDD62CB-87F8-4DB6-973F-1F556A5AF540} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A370F896-9532-46D4-A173-DF3A3628DF58} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {AA763036-9082-4595-9F3B-B6464F3CF33C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B467CFFF-864D-4730-979E-4CC87FB214F9} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "d5d835d2-f8bc-4389-af88-dda7fe50b766" --version "6.04.10044" --silent
Task: {B4722E05-6440-4152-92E7-84EB3C85E802} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BF198F40-5688-4DD4-BC9C-C2BFEAAFB137} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4852BCA-D46D-4FA3-A523-93360CFDC7A0} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1647924064 => C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\launcher.exe [2474440 2022-09-16] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {D3CECC2C-8203-47CD-AFA4-ECE85138340A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2B319CA-0C5A-4EF8-B4F6-9296ABF861BF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {EAC1F58B-ECA2-46E4-88A2-622BCB38B961} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F03BFB71-010B-436C-B430-DD22D1479FD7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F0D0F8FC-8AC3-43CE-806B-26B43B1F0548} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {F35675BD-06CC-43B5-B5E4-898E640B2831} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {F5EA6793-C39E-4900-8E03-C6A000C73DFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F63F3968-73E5-4343-B928-7724F88CD117} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F716D2E4-2A6A-474C-929D-389F16917639} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FC5E2DE7-84E0-49E3-B460-5D28DF9AEFCB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEE0B334-A287-4639-8815-C829D84CC50C} - System32\Tasks\Opera GX scheduled Autoupdate 1647614948 => C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\launcher.exe [2474440 2022-09-16] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84307573-a175-45bb-b490-63791ca04cae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{95432fa1-70e4-462a-a297-76349bd656a1}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: v56brsni.default
FF ProfilePath: C:\Users\Jeff GS1 MK3\AppData\Roaming\Mozilla\Firefox\Profiles\v56brsni.default [2022-03-19]
FF ProfilePath: C:\Users\Jeff GS1 MK3\AppData\Roaming\Mozilla\Firefox\Profiles\kshfi089.default-release [2022-09-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-04-03] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\dtplugin\npDeployJava1.dll [2022-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.341.2 -> C:\Program Files\Java\jre1.8.0_341\bin\plugin2\npjp2.dll [2022-08-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Jeff GS1 MK3\AppData\Local\Google\Chrome\User Data\Default [2022-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff GS1 MK3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff GS1 MK3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-25]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-389301807-2965812550-3391386861-1001) Opera GXStable - "C:\Users\Jeff GS1 MK3\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-17] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [41240 2022-09-22] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [198424 2022-09-22] (Intel Corporation -> Intel)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-06-16] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 FileMarkerApplyIconService; C:\Program Files (x86)\FileMarker.NET\FileMarkerService.exe [6245920 2019-07-20] (ArcticLine Software -> ArcticLine Software)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.181.0828.0002\FileSyncHelper.exe [3383688 2022-09-22] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-09] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.181.0828.0002\OneDriveUpdaterService.exe [3803528 2022-09-22] (Microsoft Corporation -> Microsoft Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2133968 2022-05-14] (Rockstar Games, Inc. -> Rockstar Games)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_647b4244e991951b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_647b4244e991951b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsld01320d2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E8EA14A-F1E8-4E2A-8FBC-A6811E3CF7F7}\MpKslDrv.sys [228600 2022-09-26] (Microsoft Windows -> Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2022-02-10] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0226; C:\Windows\System32\drivers\RzDev_0226.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 sshid; C:\Windows\system32\DRIVERS\sshid.sys [48800 2022-03-01] (SteelSeries ApS -> SteelSeries ApS)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-26 10:21 - 2022-09-26 10:21 - 000028017 _____ C:\Users\Jeff GS1 MK3\Downloads\FRST.txt
2022-09-26 10:21 - 2022-09-26 10:21 - 000000000 ____D C:\FRST
2022-09-26 10:12 - 2022-09-26 10:12 - 008551608 _____ (Malwarebytes) C:\Users\Jeff GS1 MK3\Downloads\AdwCleaner.exe
2022-09-26 09:32 - 2022-09-26 09:32 - 005659583 _____ (Swearware) C:\Users\Jeff GS1 MK3\Downloads\ComboFix.exe
2022-09-26 09:31 - 2022-09-26 09:31 - 002371072 _____ (Farbar) C:\Users\Jeff GS1 MK3\Downloads\FRST64.exe
2022-09-25 23:37 - 2022-09-25 23:37 - 000001136 _____ C:\Users\Public\Desktop\Macro Recorder.lnk
2022-09-25 23:37 - 2022-09-25 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2022-09-25 23:37 - 2022-09-25 23:37 - 000000000 ____D C:\Program Files (x86)\MacroRecorder
2022-09-23 22:41 - 2022-09-25 23:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-09-22 22:17 - 2022-09-22 22:17 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2022-09-20 21:39 - 2022-09-26 09:39 - 000003416 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-09-20 21:39 - 2022-09-26 09:39 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-09-15 15:34 - 2022-09-15 15:34 - 000413696 _____ C:\Windows\system32\AzureCheck.dll
2022-09-15 15:34 - 2022-09-15 15:34 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-09-15 15:34 - 2022-09-15 15:34 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-09-15 15:34 - 2022-09-15 15:34 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-09-15 15:34 - 2022-09-15 15:34 - 000011813 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-09-15 15:31 - 2022-09-15 15:31 - 000000000 ___HD C:\$WinREAgent
2022-09-14 10:53 - 2022-09-14 10:53 - 000125286 _____ C:\Users\Jeff GS1 MK3\Downloads\16001039.pdf
2022-09-14 10:52 - 2022-09-14 10:52 - 000107893 _____ C:\Users\Jeff GS1 MK3\Downloads\12009986.pdf
2022-09-14 10:52 - 2022-09-14 10:52 - 000103432 _____ C:\Users\Jeff GS1 MK3\Downloads\13000544.pdf
2022-09-13 18:25 - 2022-09-13 18:38 - 002046246 _____ C:\Users\Jeff GS1 MK3\Downloads\IMG_3366.HEIC
2022-09-13 18:25 - 2022-09-13 18:38 - 000669606 _____ C:\Users\Jeff GS1 MK3\Downloads\IMG_3370.HEIC
2022-09-08 23:11 - 2022-09-08 23:11 - 000012674 _____ C:\Users\Jeff GS1 MK3\Documents\Book1(AutoRecovered)_notes.xlsx
2022-09-02 11:05 - 2022-09-02 11:05 - 000921577 _____ C:\Users\Jeff GS1 MK3\Downloads\Official_Manual_Motor_Vehicle_Inspections.pdf
2022-09-01 13:18 - 2022-09-01 13:18 - 000070953 _____ C:\Users\Jeff GS1 MK3\Downloads\Gmail - Porch Stairs_.pdf
2022-09-01 13:18 - 2022-09-01 13:18 - 000030218 _____ C:\Users\Jeff GS1 MK3\Downloads\EST0046- Jeff.pdf
2022-08-29 16:03 - 2022-08-29 16:04 - 171929600 _____ C:\Users\Jeff GS1 MK3\Downloads\UPD09051.bin
2022-08-29 16:00 - 2022-08-29 16:03 - 000000000 ____D C:\Users\Jeff GS1 MK3\Downloads\USB
2022-08-27 14:29 - 2022-08-27 14:29 - 000000000 ____D C:\Users\Jeff GS1 MK3\.runex

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-26 10:10 - 2022-03-18 08:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-09-26 09:49 - 2022-06-09 10:15 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Roaming\Slack
2022-09-26 09:39 - 2022-03-19 12:38 - 000000000 ____D C:\Program Files\CCleaner
2022-09-26 09:28 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-26 09:24 - 2022-03-19 12:39 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-26 09:11 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-26 09:11 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2022-09-26 08:50 - 2022-03-18 08:34 - 000840662 _____ C:\Windows\system32\PerfStringBackup.INI
2022-09-26 08:50 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2022-09-26 08:49 - 2022-04-16 13:10 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Roaming\twinkle-tray
2022-09-26 08:49 - 2022-03-18 09:54 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-26 08:46 - 2022-03-18 08:28 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-26 08:46 - 2022-03-18 08:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-09-26 08:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2022-09-25 23:54 - 2022-03-22 00:40 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-09-25 23:54 - 2022-03-19 12:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-25 23:54 - 2019-12-07 05:03 - 000262144 _____ C:\Windows\system32\config\BBI
2022-09-25 23:53 - 2022-03-18 12:40 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Roaming\Notion
2022-09-25 23:51 - 2022-07-16 21:36 - 000000000 ____D C:\Users\Jeff GS1 MK3\.runelite
2022-09-25 23:40 - 2022-03-19 12:40 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\LocalLow\Mozilla
2022-09-25 11:10 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2022-09-24 10:14 - 2022-03-19 12:40 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-09-24 10:14 - 2022-03-19 12:40 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-09-22 22:17 - 2022-03-18 10:27 - 000000000 ____D C:\Program Files (x86)\Intel
2022-09-22 22:17 - 2022-03-18 09:29 - 000000000 ____D C:\ProgramData\Package Cache
2022-09-22 12:02 - 2022-03-20 22:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-389301807-2965812550-3391386861-1001
2022-09-22 12:02 - 2022-03-19 19:25 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-09-22 12:02 - 2022-03-19 19:25 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-22 09:43 - 2022-07-13 08:51 - 002835944 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000447976 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000234984 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000198096 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000153064 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2022-09-22 09:43 - 2022-07-13 08:51 - 000067048 _____ (Microsoft Corporation) C:\Windows\system32\gamemodcontrol.exe
2022-09-21 17:47 - 2022-03-18 10:49 - 000004232 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1647614948
2022-09-21 17:47 - 2022-03-18 10:49 - 000001527 _____ C:\Users\Jeff GS1 MK3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2022-09-20 21:39 - 2022-03-19 12:38 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-09-19 15:47 - 2022-03-18 09:42 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\D3DSCache
2022-09-18 10:34 - 2022-03-25 14:20 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-18 10:34 - 2022-03-25 14:20 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-09-17 21:38 - 2022-03-18 08:28 - 000439928 _____ C:\Windows\system32\FNTCACHE.DAT
2022-09-17 21:37 - 2022-03-19 18:43 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-17 21:37 - 2022-03-18 08:34 - 000000000 ____D C:\Users\Jeff GS1 MK3
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\Dism
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\Provisioning
2022-09-17 21:37 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2022-09-15 15:34 - 2022-03-18 08:31 - 003011072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-09-13 18:58 - 2022-03-19 12:19 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\Dungeons and Dragons Online
2022-09-13 18:40 - 2022-03-18 08:36 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\Packages
2022-09-13 16:02 - 2022-03-19 20:40 - 000000000 ____D C:\Windows\system32\MRT
2022-09-13 16:00 - 2022-03-19 20:40 - 141646296 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-09-07 08:10 - 2022-03-18 08:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-07 08:10 - 2022-03-18 08:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-08-31 14:58 - 2022-06-09 10:15 - 000002238 _____ C:\Users\Jeff GS1 MK3\Desktop\Slack.lnk
2022-08-31 14:58 - 2022-06-09 10:15 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2022-08-31 14:58 - 2022-06-09 10:15 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\slack
2022-08-31 14:58 - 2022-03-20 22:22 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\SquirrelTemp
2022-08-29 14:18 - 2022-03-25 14:20 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{E17924BF-AA56-457D-8923-FDEE6453FE0A}
2022-08-29 14:18 - 2022-03-25 14:20 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B2386A6B-049D-406F-904C-A6B6C77066D5}
2022-08-28 11:44 - 2022-08-12 12:48 - 000000000 ____D C:\Users\Jeff GS1 MK3\.runex-data
2022-08-28 11:33 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\NDF
2022-08-28 11:29 - 2022-03-18 09:13 - 000000000 ____D C:\Users\Jeff GS1 MK3\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2022-03-26 17:41 - 2022-03-26 17:41 - 000000000 _____ () C:\Users\Jeff GS1 MK3\AppData\Local\{33931F42-76EE-4505-9EBF-F8F069BCE6BB}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
You do not have the required permissions to view the files attached to this post.
greenrhino43
Active Member
 
Posts: 4
Joined: September 26th, 2022, 10:14 am
Advertisement
Register to Remove

Re: Concerned about PC security

Unread postby pgmigg » September 26th, 2022, 12:37 pm

Hello greenrhino43,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Concerned about PC security

Unread postby pgmigg » September 26th, 2022, 12:53 pm

Hello greenrhino43,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Concerned about PC security

Unread postby greenrhino43 » September 26th, 2022, 1:52 pm

CKFiles.txt:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\microtransactions\spell\cracklinglance.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\microtransactions\spell\cracklinglance_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\microtransactions\spell\cracklinglance_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\models\cinematic\facecrack.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\models\cinematic\facecrack\effects.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\models\cinematic\facecrack\facecracks.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\models\cinematic\facecrack\kitava_cracked.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\models\monsters\leagueheist\armoury\safecrackingtools.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_01.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_01_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_01_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_01_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_01_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_02.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_02_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_02_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_03.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_03_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_03_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_04.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_04_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_04_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_04_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_04_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_05.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_05_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_05_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_06.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_06_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_06_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_06_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_cone.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_cone_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_cone_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_cone_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_cone_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_rect.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_trl.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\crk_trl_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\rubble_01.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\rubble_01_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_01.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_01_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_01_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_01_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_01_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\particles\pom_cracks\tile_02.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_3.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_4.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_5.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_6.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\cinematic\facecrack_7.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\misc\cracks.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\misc\cracks_1.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\bundles2\art\textures\misc\cracks_2.bundle.bin
c:\program files (x86)\steam\steamapps\common\path of exile\fmod\desktop\automatoncracklinglance.bank
c:\program files (x86)\steam\steamapps\common\path of exile\fmod\desktop\celestialcracklinglance.bank
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1889.1.16\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1889.1.16\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.2006.1.7\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.2006.1.7\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
scanner sequence 3.ZZ.11.PLAPCZ
----- EOF -----

TSG = SysInfo Utility:

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19044, Installed 20220318082950.000000-240
Processor: AMD Ryzen 5 5600X 6-Core Processor, AMD64 Family 25 Model 33 Stepping 0, CPU Count: 12
Total Physical RAM: 32 GB
Graphics Card: NVIDIA GeForce RTX 3070
Hard Drives: C: 1862 GB (890 GB Free); D: 1862 GB (1862 GB Free);
Motherboard: Gigabyte Technology Co., Ltd. B550I AORUS PRO AX, ver x.x, s/n Default string
System: American Megatrends Inc., ver ALASKA - 1072009, s/n Default string
Antivirus: Windows Defender, Enabled and Updated

I had trouble with step 3 because windows defender detected it as a trojan, please advise.
greenrhino43
Active Member
 
Posts: 4
Joined: September 26th, 2022, 10:14 am

Re: Concerned about PC security

Unread postby pgmigg » September 26th, 2022, 2:07 pm

Hello greenrhino43,

greenrhino43 wrote:I had trouble with step 3 because windows defender detected it as a trojan, please advise.
Perhaps I am even glad that this happened - unfortunately, quite often the protection of our computers, including Windows Defender, gives false negative ratings to various tools, files, applications. I'm assuming the same thing happened with the download you described in your original explanation of your concern and suspicion.

Pleas skip the Step 3 and just answer to my question related to type of using of your computer.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Concerned about PC security

Unread postby greenrhino43 » September 26th, 2022, 2:19 pm

Actually, to be honest -

When I attempted to follow steps 1 and 2 I encountered a lot of trouble in both trying to download in Opera GX (my default browser) and also in google chrome where the download pop-ups would not even appear, instead it was lick a quick flash on the screen like a very fast refresh of the page. I then tried with firefox and it worked, but there were still some security warnings that I was at least able to bypass.

As for your question, this is my personal computer not education or business/work related, it is connected to a private home network, not a public or in academic/work network. From your end are there are any active malware threats present in the provided logs or concerns that you see?

Thank you,
R
greenrhino43
Active Member
 
Posts: 4
Joined: September 26th, 2022, 10:14 am

Re: Concerned about PC security

Unread postby pgmigg » September 26th, 2022, 10:34 pm

Hello greenrhino43,

Thank you for your answer!
greenrhino43 wrote:When I attempted to follow steps 1 and 2 I encountered a lot of trouble in both trying to download in Opera GX (my default browser) and also in google chrome where the download pop-ups would not even appear, instead it was lick a quick flash on the screen like a very fast refresh of the page. I then tried with firefox and it worked, but there were still some security warnings that I was at least able to bypass.
Unfortunately, all this is true. My default browser is Google Chrome and there, when I formally checked the links before sending them to you, I got the same picture as you described. Both Opera and Firefox worked for me much better. I believe that Google Chrome is now giving us a temporary inconvenience.

Returning to your original logs, they appear to be clean :cheers: as far as I can tell, of any signs of infection. However, I can give you a few recommendations.

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click on Entry below, choose Uninstall, and give permission to Continue:
    Java 8 Update 341
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart - if not, please do it manually. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Then:
A few words about defense software.

Window Defender is quite effective today, especially when compared to previous versions of Windows.
Nevertheless, if you asked me what I use, then I would definitely and without a shadow of a doubt call you MBAM, the latest version of which, by the way, is already installed on your computer.
The security program should be one and only one, but at the same time it should protect against all possible infections and misfortunes, be independent of the operating system, consume as few computer resources as possible, be accurate in assessments, concise in warnings and messages, controlled by the user, and have an easy available technical support. This is exactly what MBAM is.

The decision is yours...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Concerned about PC security

Unread postby greenrhino43 » September 28th, 2022, 8:43 am

Hello,

Sorry for the delayed response.

For Step 1. I actually removed Java 8 Update 341, but then re-installed it because I actually need it for one of the programs I use periodically like every now and then, so I decided to keep it, are there security loop-holes with java ? Just curious.

Step 2. FRST Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Jeff GS1 MK3 (28-09-2022 08:25:57) Run:1
Running from C:\Users\Jeff GS1 MK3\Downloads
Loaded Profiles: Jeff GS1 MK3
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82429751 B
Java, Discord, Steam htmlcache => 404807981 B
Windows/system/drivers => 130154867 B
Edge => 0 B
Chrome => 105338446 B
Firefox => 71147210 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 112973364 B
systemprofile32 => 112973364 B
LocalService => 112973364 B
NetworkService => 133527446 B
Jeff GS1 MK3 => 3967049369 B

RecycleBin => 27585200 B
EmptyTemp: => 4.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:26:38 ====


---
Regarding the last bit about MBAM, my only issue is that nowadays it prompts me with unsolicited pop-ups with its ads to upgrade to the premium version or when there is a % off sale, which is really quite annoying. I remember in the good old days it had a simpler UI and never spammed the user with its ads, but I will keep it and run the routine 30 day scans.
greenrhino43
Active Member
 
Posts: 4
Joined: September 26th, 2022, 10:14 am

Re: Concerned about PC security

Unread postby pgmigg » September 28th, 2022, 1:35 pm

Hello greenrhino43,

greenrhino43 wrote:For Step 1. I actually removed Java 8 Update 341, but then re-installed it because I actually need it for one of the programs I use periodically like every now and then, so I decided to keep it, are there security loop-holes with java ? Just curious.
Of course, you can use Java if you need it, but the version must be the latest. Old releases are a source of security problems of any kind. For your information, the latest Java update is Java SE 11.0.16.1.

greenrhino43 wrote:Regarding the last bit about MBAM, my only issue is that nowadays it prompts me with unsolicited pop-ups with its ads to upgrade to the premium version or when there is a % off sale, which is really quite annoying. I remember in the good old days it had a simpler UI and never spammed the user with its ads, but I will keep it and run the routine 30 day scans.
Yes, all this is true until you buy a subscription.

I use MBAM and feel like I'm paying an exceptionally low price for my computer security - you can't imagine how many times they've saved me, including ransom attack. In many years of using MBAM, I have never been disturbed by any advertisement or offer to do something that I do not need - only warnings about blocking infections or notifications about updates, which are minimal when automatically checked and installed. By the way, a full scan of my disks takes place daily and does not take much time, leaving the opportunity not to interrupt the work.

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Concerned about PC security

Unread postby pgmigg » October 7th, 2022, 3:03 pm

As the problems seem to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see
Feedback for Our Helpers - Say "Thanks" Here.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5321
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware