Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I think I have a Rootkit

Started by jeff matthews , Dec 03 2021 06:37 AM

  • This topic is locked This topic is locked
17 replies to this topic

#1 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 03 December 2021 - 06:37 AM

Hello,

 

I think I might have some sort of infection or malicious files on my computer that are deeply embedded in the operatying system because a few of my scanners was able to detect a few files that were not able to be removed completly with out causing damage or curroption to my OS. I have noticed that my microsoftword application and file explorer would start displaying scrambled graphics and images. Additionally my search file directory would stop working all togther to where I could not search for any files or folders until I rebooted my machine. Also some icons on the desktop would not launch correctly. Generally speaking, i usually use Maleware bytes, then Emisoft Emergency Kit to try and remove any maleware, then run a browser cleaner and rootkit scanner with Kaspersky, followed by a clean up program like JRT which is my normal removal process for infected machines. 

 

Here are my logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by Jeff (administrator) on DESKTOP-28LTCFK (MSI MS-7917) (03-12-2021 03:52:28)
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Corsair Memory, Inc. -> Elgato Systems GmbH) C:\Program Files\Elgato\GameCapture\GameCapture.exe
(Crystal Rich Ltd -> Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Crystal Rich Ltd -> Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(Discord Inc. -> Discord Inc.) C:\Users\Jeff\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <96>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\NVDisplay.Container.exe <2>
(Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(The CefSharp Authors) [File not signed] N:\VIDEO GAME ARCHIVE\LaunchBox\ThirdParty\Chromium\CefSharp.BrowserSubprocess.exe <2>
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Unbroken Software, LLC) [File not signed] N:\VIDEO GAME ARCHIVE\LaunchBox\Core\LaunchBox.exe <2>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068560 2019-08-18] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [Discord] => C:\Users\Jeff\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [6544992 2018-09-08] (Crystal Rich Ltd -> Crystal Rich Ltd)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-11-22] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [23147688 2021-10-22] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280440 2021-06-05] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2173443285-4263232512-4239572146-1001\...\MountPoints2: {9586f46a-25d9-11ea-9c47-4ccc6a67517a} - "R:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [23147688 2021-10-22] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Windows x64\Print Processors\Canon TR8500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDL.DLL [482816 2019-01-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor TR8500 series: C:\WINDOWS\system32\CNCALDL.DLL [254464 2019-01-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TR8500 series: C:\WINDOWS\system32\CNMLMDL.DLL [1302016 2019-01-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {009331CB-2A20-49B8-97A7-5000316FD7A5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0293C2C6-F08A-4DA4-ACA3-42E2A3F5CFBC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {04992726-9BDD-4D04-BA58-3471B8D2EC68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {07644EA1-49D6-4BB7-B13F-FE14D156D7E8} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {09EA4BF7-899C-459B-B050-2E281ABDA4D8} - System32\Tasks\AdwCleaner_onReboot => G:\Documents\Virus and Removal Tools\AdwCleaner.exe /r (No File)
Task: {1F17C371-5D56-4F56-AE48-3691B971B01C} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (No File)
Task: {339083D6-3981-48B1-AFA9-C9A4041D6AF7} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {4A14B8CB-8E69-44B1-A7EB-C75E8DA60FA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-15] (Google LLC -> Google LLC)
Task: {52F2E3EA-8800-4843-9569-BF0C5923646D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52F84053-87D8-4C60-A18D-097AD372F2CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {717C6F1A-121F-4F3A-979A-1F55CBCC029F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {746D096D-A3C1-4BC1-80D2-40254D13C753} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {80A27A26-C50B-4F74-ADC7-CCF177725980} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {831FEF0C-406A-4C04-BCF3-3AC28565BB3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-15] (Google LLC -> Google LLC)
Task: {846B3E2A-EBAC-4843-826E-6845A41DA0BC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {97B4AC6C-F7ED-4D80-96CA-B26E4F2AAFDB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C80972A-27DC-47F6-9910-C231EB00D9EA} - System32\Tasks\CCleanerSkipUAC - Jeff => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A2954202-4123-4116-BA92-A9DA35C8EBE4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2EC3278-C7D0-43B7-BED8-68C9E145D0FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1600416 2021-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2EF665D-8ACD-44F1-9A39-0BE32110EC00} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A75F0694-FDC8-4D6F-BAA4-51BA05BA7673} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A97797ED-542D-4368-9F9C-0D47B942C587} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ATTENTION
Task: {AF0B3FB5-6296-40F0-9A1D-B6F98985F7F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {B06EB09D-6F31-42EC-95FB-3A2E12F27390} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {BA2E10B4-BC2D-4790-A333-535736CD8E4D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BBF34666-208D-47EE-A855-C05E7FFACB4A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD9E2EB5-F686-4CC2-908A-602478BF92E1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {C5A5607C-4D11-4811-877E-D7AF9896ABD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5E8D07E-2A63-4BBD-8493-92377F17EACC} - \CCleaner Update -> No File <==== ATTENTION
Task: {D6BAD179-116A-4C18-8CBD-861466E0C0FA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB9D1EBF-EBB9-41ED-B220-EBD7C5389C2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB9094CD-E4FA-4F38-8077-248A20828B93} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-02-23] (NVIDIA Corporation -> NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c6b50efc-6210-473e-b22e-c6b4c3800167}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jeff\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-11]
 
FireFox:
========
FF DefaultProfile: zyy8cm08.default
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\zyy8cm08.default [2020-07-04]
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716 [2021-12-03]
FF DownloadDir: G:\HIDDEN\X\Stories\[[[[MR DOUBLE Archive]]]
FF Session Restore: Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716 -> hxxps://kissasian.nz; hxxps://y99.in; hxxps://www.netmums.com; hxxps://talkwithstranger.com; hxxps://chatrandom.com
FF Extension: (Simple mass downloader) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716\Extensions\gelprec.smd@gmail.com.xpi [2020-08-23]
FF Extension: (Open Multiple URLs) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716\Extensions\openmultipleurls@ustat.de.xpi [2021-03-30]
FF Extension: (Snap Links) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2021-08-17]
FF Extension: (Video DownloadHelper) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\iwvw2oej.default-release-1585113236716\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-24]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-13] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default [2021-12-03]
CHR DownloadDir: C:\Users\Jeff\Desktop\Torrent files\ANIME DATABASE\[anime torrrents need to finish]
CHR Notifications: Default -> hxxps://findmedia.biz; hxxps://spark.adobe.com; hxxps://starmode.biz; hxxps://turboflash.me; hxxps://watch-video.net; hxxps://www.cio.com; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.newsbreak.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR Session Restore: Default -> is enabled.
CHR Extension: (WOT Website Security & Browsing Protection) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-12-01]
CHR Extension: (uBlock Origin) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-12-03]
CHR Extension: (Linkclump) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Open Multiple URLs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifijhaokejakekmnjmphonojcfkpbbh [2021-05-03]
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-12-03]
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-26]
CHR Extension: (Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-27]
CHR Extension: (Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-27]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-27]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-27]
CHR Extension: (Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-27]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-27]
CHR Extension: (Chrome Media Router) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-27]
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-12-01]
CHR Extension: (Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-17]
CHR Extension: (Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-17]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-17]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-17]
CHR Extension: (Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-17]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-17]
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\System Profile [2021-12-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [280440 2021-06-05] (nordvpn s.a. -> TEFINCOM S.A.)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [536744 2021-10-22] (Plex, Inc. -> Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1736800 2018-09-08] (Crystal Rich Ltd -> Crystal Rich Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_272b5c540127d6d2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-07-02] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-01-25] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-08-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-08-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 ElgatoGC658Y; C:\WINDOWS\System32\Drivers\ElgatoGC658.sys [52848 2016-08-03] (Elgato Systems LLC -> UB658)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [128864 2021-06-12] (nordvpn s.a. -> Nordvpn S.A.)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-24] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 USB28xxBGA; C:\WINDOWS\System32\drivers\emBDA64.sys [981432 2018-11-25] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology Corp.)
R3 USB28xxOEM; C:\WINDOWS\System32\drivers\emOEM64.sys [1556920 2018-11-25] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology Corp.)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174008 2019-01-28] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-26] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2020-07-02] (Zemana Ltd. -> Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-12-03 03:52 - 2021-12-03 03:53 - 000031526 _____ C:\Users\Jeff\Desktop\FRST.txt
2021-12-03 03:52 - 2021-12-03 03:39 - 002311680 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2021-12-03 03:39 - 2021-12-03 03:52 - 000000000 ____D C:\FRST
2021-12-01 22:04 - 2021-12-01 22:04 - 000076820 _____ C:\Users\Jeff\Documents\1614976769587-c0aa9365-e13f-4ecf-8def-61eeb036a842.webp
2021-12-01 00:52 - 2021-12-01 00:52 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-30 12:45 - 2021-11-30 12:45 - 001218449 _____ C:\Users\Jeff\Documents\IMG_20211130_0001.pdf
2021-11-23 02:37 - 2021-12-01 01:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-17 17:00 - 2021-11-17 17:00 - 001148277 _____ C:\Users\Jeff\Documents\IMG_20211117_0002.pdf
2021-11-17 16:56 - 2021-11-17 16:56 - 000609607 _____ C:\Users\Jeff\Documents\IMG_20211117_0001.pdf
2021-11-13 04:35 - 2021-12-02 01:03 - 000000000 ____D C:\tmp
2021-11-10 23:56 - 2021-11-10 23:56 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-10 02:08 - 2021-11-10 02:08 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 02:07 - 2021-11-10 02:07 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 02:07 - 2021-11-10 02:07 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 02:07 - 2021-11-10 02:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 02:00 - 2021-11-10 02:00 - 000000000 ___HD C:\$WinREAgent
2021-11-06 17:25 - 2021-11-06 17:25 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-06 17:25 - 2021-11-06 17:25 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-03 12:16 - 2021-11-03 12:16 - 000460684 _____ C:\Users\Jeff\Documents\IMG_20211103_0001.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-12-03 03:53 - 2020-07-02 13:54 - 000972553 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-12-03 03:53 - 2020-07-02 13:40 - 000981768 _____ C:\WINDOWS\ZAM.krnl.trace
2021-12-03 03:53 - 2020-05-12 22:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-12-03 03:39 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-03 03:29 - 2019-12-28 19:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-03 03:12 - 2019-12-28 22:17 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\Discord
2021-12-03 03:08 - 2019-12-28 22:17 - 000000000 ____D C:\Users\Jeff\AppData\Local\Discord
2021-12-03 02:37 - 2020-11-17 12:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-03 01:49 - 2019-12-19 23:03 - 000000000 ____D C:\Users\Jeff\AppData\LocalLow\Mozilla
2021-12-02 21:40 - 2020-11-17 12:23 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2C57048F-A772-4420-AF5E-5105F8F52AD7}
2021-12-02 15:28 - 2019-12-28 19:20 - 000000000 ____D C:\Users\Jeff\AppData\Local\PlaceholderTileLogoFolder
2021-12-02 15:11 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-02 15:02 - 2019-12-28 17:35 - 000000000 ____D C:\Users\Jeff\AppData\Local\Packages
2021-12-02 15:02 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-02 14:39 - 2019-12-28 20:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-12-02 12:25 - 2021-03-15 15:17 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-02 04:08 - 2020-05-28 02:07 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-02 04:08 - 2020-05-28 02:07 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-02 01:25 - 2020-11-17 12:19 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-02 01:25 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-01 16:44 - 2020-08-22 17:17 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaunchBox
2021-12-01 01:18 - 2019-12-28 19:22 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-01 01:17 - 2021-10-25 14:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-01 01:17 - 2020-03-24 21:13 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-01 01:17 - 2019-12-28 19:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-01 01:16 - 2020-05-27 02:36 - 000000000 ____D C:\Users\Jeff\AppData\Local\Plex Media Server
2021-12-01 01:16 - 2019-12-28 22:20 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\USBSafelyRemove
2021-12-01 00:52 - 2020-11-17 12:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-01 00:52 - 2020-11-17 12:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-01 00:48 - 2020-07-02 12:06 - 000000000 ____D C:\WINDOWS\pss
2021-12-01 00:48 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-22 23:26 - 2019-12-29 16:13 - 000000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
2021-11-20 15:54 - 2019-12-28 17:51 - 000000000 ____D C:\ProgramData\Packages
2021-11-18 17:30 - 2020-07-15 23:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-18 17:30 - 2020-07-15 23:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-17 23:00 - 2020-11-17 12:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2173443285-4263232512-4239572146-1001
2021-11-17 23:00 - 2020-11-17 12:09 - 000002380 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-17 00:02 - 2020-11-27 20:15 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bd1e5b754b8a
2021-11-17 00:02 - 2020-11-17 12:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-14 00:33 - 2021-01-31 05:13 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\FileZilla
2021-11-14 00:31 - 2020-12-14 19:24 - 000001870 _____ C:\Users\Jeff\Desktop\Rkill.txt
2021-11-14 00:18 - 2019-12-28 22:17 - 000000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
2021-11-11 03:46 - 2021-07-29 09:30 - 000000128 _____ C:\Users\Jeff\AppData\Local\PUTTY.RND
2021-11-10 17:26 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-10 15:00 - 2020-09-24 02:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-11-10 15:00 - 2020-08-16 14:50 - 000001776 _____ C:\Users\Jeff\Desktop\NordVPN.lnk
2021-11-10 15:00 - 2020-08-16 14:50 - 000000000 ____D C:\Users\Jeff\AppData\Local\NordVPN
2021-11-10 15:00 - 2020-08-16 14:50 - 000000000 ____D C:\ProgramData\NordVPN
2021-11-10 15:00 - 2020-08-16 14:50 - 000000000 ____D C:\Program Files\NordVPN
2021-11-10 14:52 - 2020-11-17 12:07 - 000441760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-10 14:52 - 2019-12-28 22:25 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-10 14:49 - 2019-12-07 01:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-10 14:49 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-10 14:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-10 14:49 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-10 14:39 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-10 02:10 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 01:59 - 2019-12-28 23:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 01:57 - 2019-12-28 23:39 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2021-08-24 01:38 - 2021-10-29 02:06 - 000000128 _____ () C:\Users\Jeff\AppData\Roaming\PUTTY.RND
2020-10-04 18:04 - 2021-08-04 16:41 - 000006656 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-07-29 09:30 - 2021-11-11 03:46 - 000000128 _____ () C:\Users\Jeff\AppData\Local\PUTTY.RND
2021-01-29 22:51 - 2021-01-29 22:51 - 000000709 _____ () C:\Users\Jeff\AppData\Local\recently-used.xbel
2021-01-19 16:50 - 2021-01-19 16:50 - 000007605 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
 
==================== FCheck ================================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
FCheck: C:\WINDOWS\system32\Drivers\31401235.sys [2020-07-15] <==== ATTENTION (zero byte File/Folder)
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

 

Attached Files


    Advertisements

Register to Remove

#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 07 December 2021 - 08:14 AM

Nothing really stands out that would be malware related.

FF DownloadDir: G:\HIDDEN\X\Stories\[[[[MR DOUBLE Archive]]]
Any idea what the above might be? safe to keep?



I want to bring to your attention of the below
Faulty Device Manager Devices ============

Name: USB Attached SCSI (UAS) Mass Storage Device
Description: USB Attached SCSI (UAS) Mass Storage Device
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: USB Attached SCSI (UAS) Compatible Device
Service: UASPStor
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
I saw a couple of things which are minor



****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
Task: {09EA4BF7-899C-459B-B050-2E281ABDA4D8} - System32\Tasks\AdwCleaner_onReboot => G:\Documents\Virus and Removal Tools\AdwCleaner.exe /r (No File)
Task: {1F17C371-5D56-4F56-AE48-3691B971B01C} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (No File)
Task: {339083D6-3981-48B1-AFA9-C9A4041D6AF7} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {D5E8D07E-2A63-4BBD-8493-92377F17EACC} - \CCleaner Update -> No File <==== ATTENTION
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
FCheck: C:\WINDOWS\system32\Drivers\31401235.sys [2020-07-15] <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ShortcutWithArgument: C:\Users\Jeff\Desktop\Artimes - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Jeff\Desktop\Yahoo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bnpnjbjealcpabcenanokcflffolchnm
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Yahoo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bnpnjbjealcpabcenanokcflffolchnm
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [130]
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Return to the Farbar Recovery Scan Tool app
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Post these 2 logs when finished.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 07 December 2021 - 05:26 PM

The above folder directory is just stories, some of a more explicit and adult nature, so that is why they are hidden from younger viewers who share this machine.

 

 

Here is the Fix it Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by Jeff (07-12-2021 15:10:06) Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {09EA4BF7-899C-459B-B050-2E281ABDA4D8} - System32\Tasks\AdwCleaner_onReboot => G:\Documents\Virus and Removal Tools\AdwCleaner.exe /r (No File)
Task: {1F17C371-5D56-4F56-AE48-3691B971B01C} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (No File)
Task: {339083D6-3981-48B1-AFA9-C9A4041D6AF7} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {D5E8D07E-2A63-4BBD-8493-92377F17EACC} - \CCleaner Update -> No File <==== ATTENTION
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
FCheck: C:\WINDOWS\system32\Drivers\31401235.sys [2020-07-15] <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ShortcutWithArgument: C:\Users\Jeff\Desktop\Artimes - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Jeff\Desktop\Yahoo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bnpnjbjealcpabcenanokcflffolchnm
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Yahoo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bnpnjbjealcpabcenanokcflffolchnm
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\ProgramData\TEMP:4ABA35EE [130]
EmptyTemp:
C:\Windows\Temp\*.*
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09EA4BF7-899C-459B-B050-2E281ABDA4D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09EA4BF7-899C-459B-B050-2E281ABDA4D8}" => removed successfully
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1F17C371-5D56-4F56-AE48-3691B971B01C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F17C371-5D56-4F56-AE48-3691B971B01C}" => removed successfully
C:\WINDOWS\System32\Tasks\FreeDownloadManagerHelperService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDownloadManagerHelperService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{339083D6-3981-48B1-AFA9-C9A4041D6AF7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{339083D6-3981-48B1-AFA9-C9A4041D6AF7}" => removed successfully
C:\WINDOWS\System32\Tasks\NIUpdateServiceCheckTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceCheckTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D5E8D07E-2A63-4BBD-8493-92377F17EACC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5E8D07E-2A63-4BBD-8493-92377F17EACC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\Browser => removed successfully
Browser => service removed successfully
C:\WINDOWS\system32\Drivers\31401235.sys => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
C:\Users\Jeff\Desktop\Artimes - Chrome.lnk => Shortcut argument removed successfully
C:\Users\Jeff\Desktop\Yahoo.lnk => Shortcut argument removed successfully
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Yahoo.lnk => Shortcut argument removed successfully
C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk => Shortcut argument removed successfully
C:\ProgramData\TEMP => ":4ABA35EE" ADS removed successfully
 
=========== "C:\Windows\Temp\*.*" ==========
 
C:\Windows\Temp\0fb1c936-cf8f-44f3-ba16-d55b49a12aea.tmp => moved successfully
C:\Windows\Temp\3dfed642-5f05-4160-8557-0b37ff9cbb04.tmp => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211114-0036.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1537.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1645.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1650.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1809.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1906.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-1933.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-2032.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211124-2315.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0014.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0028.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0157.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0519.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0716.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-0949.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-1440.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-1611.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-1639.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-2021.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-2136.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211125-2239.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0025.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0107.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0145.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0238.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0515.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0538.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-0716.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1133.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1328.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1350.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1515.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1553.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1715.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1841.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-1916.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-2102.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-2244.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-2313.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211126-2357.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0104.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0225.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0302.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0408.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0507.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0515.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-0800.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1407.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1543.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1616.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1658.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1848.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1905.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-1949.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-2100.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211127-2222.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-0143.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-0216.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-0341.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-0800.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-0804.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1141.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1333.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1353.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1427.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1434.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1901.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211128-1924.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0012.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0158.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0208.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0411.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0441.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0528.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-0804.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-1526.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-1605.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-1633.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-1948.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2041.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2057.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2228.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2240.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2303.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2320.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211129-2348.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0012.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0111.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0132.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0158.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0411.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0423.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0539.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0548.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-0556.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1310.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1414.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1430.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1742.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1904.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1919.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-1957.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-2019.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-2045.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-2258.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211130-2328.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0021.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0052.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0102.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0121.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0143.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0154.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0316.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0408.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0512.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-0625.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1051.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1455.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1559.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1716.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1739.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1745.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-1949.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211201-2044.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211202-0404.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211202-0512.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211202-0754.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211203-0404.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211203-0744.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211203-0905.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211204-0314.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211204-0532.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211204-0905.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211205-0532.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211205-0629.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211205-0759.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211206-0431.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211206-0759.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211206-1248.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211207-0431.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211207-0656.log => moved successfully
C:\Windows\Temp\DESKTOP-28LTCFK-20211207-1407.log => moved successfully
Could not move "C:\Windows\Temp\DESKTOP-28LTCFK-20211207-1510.log" => Scheduled to move on reboot.
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20211201005202E0C).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202112071510073730).log" => Scheduled to move on reboot.
 
========= End -> "C:\Windows\Temp\*.*" ========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 259887946 B
Java, Flash, Steam htmlcache => 372590046 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 908665824 B
Firefox => 337152624 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 129076 B
Jeff => 437930623 B
 
RecycleBin => 899530684 B
EmptyTemp: => 3 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-12-2021 15:20:10)
 
C:\Windows\Temp\DESKTOP-28LTCFK-20211207-1510.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202112071510073730).log => Is moved successfully
 
==== End of Fixlog 15:20:10 ====
 
 
 
The ADV cleaner did not find anything so I don't think there is nothing to post. I do want to mention that the only scanner I ran which was able to detect a deeply embeded malicious file was ESET scanner, but after running it for hours. It may also be curropted software that is not working correctly. I just find it strange that I had these symptoms a few days ago where some apps I was not able to launch and other internet related issues.

Edited by jeff matthews, 07 December 2021 - 05:28 PM.

#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 07 December 2021 - 06:45 PM

I have no idea what Eset found, logs?
 
I did find a error report of faulty USB drive,  it said to unplug it.


Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Post the log when finished

 

Computer any better?


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 07 December 2021 - 06:52 PM

Just clicking on that external link, its not able to directly load the webpage. This is a problem I have been experiencing with various clickable URL's on specific websites and I never had this issue before. Also some of the applications especially when launching the start Menu at the bottom left of the screen, display as unknown file types. Specifically the Word Document program. 

 

In any case, i right click and save as in order to download the software and will post log shortly.


Edited by jeff matthews, 07 December 2021 - 06:56 PM.

#6 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 07 December 2021 - 07:07 PM

Yep, all clean. No logs to post. Is there away to locate the Old Logs of ESET online scanner. Maybe I can pull up an old log if its saved automatically. It would only be about a week old. 


Edited by jeff matthews, 07 December 2021 - 07:08 PM.

#7 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 07 December 2021 - 07:34 PM

Hmm the only thing I found was this 

 

17:10:35 can not get scanner. e_gle=1001
17:10:36 # product=EOS
# version=8
# esetonlinescanner.exe=3.4.1.0
# country="United States"
# lang=1033
17:11:25 can not get scanner. e_gle=1001
17:11:26 # product=EOS
# version=8
# ESETOnlineScanner.exe=3.6.3.0
# EOSSerial=5bf1944b14eec64a85f0a766e12fac7e
# end=init
# country="United States"
# lang=1033
17:12:38 can not get scanner. e_gle=1001
17:12:39 # product=EOS
# version=8
# ESETOnlineScanner.exe=3.6.3.0
# EOSSerial=5bf1944b14eec64a85f0a766e12fac7e
# end=init
# country="United States"
# lang=1033
 
 
Oh and Super AntiSpyware picked up alot of stuff from its last scan
 
SUPERAntiSpyware Scan Log
 
Generated 11/14/2021 at 00:32 AM
 
Application Version : 6.0.1258
Database Version : 16824
 
Scan type       : Quick Scan
Total Scan Time : 00:02:10
 
Operating System Information
Windows 10 Professional 64-bit (Build 10.00.19043)
UAC On - Limited User
 
Memory items scanned      : 1810
Memory items detected   : 0
Registry items scanned    : 52660
Registry items detected : 0
File items scanned        : 14091
File items detected     : 290
 
Adware.Tracking Cookie
.1rx.io\_rxuuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookieC:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie [ /company-target.com ]
.33across.com\33x_ps [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.acuityplatform.com\auid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.acuityplatform.com\aum [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net\C [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net\uid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adgrx.com\ADGRX_CM_PUBMATIC_BRIDGED [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adgrx.com\ADGRX_UID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adkernel.com\ADKUID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnxs.com\uuid2 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsrvr.org\TDCPM [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsrvr.org\TDID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adsymptotic.com\U [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com\APID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.agkn.com\ab [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.agkn.com\u [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com\ad-id [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com\ad-privacy [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avantlink.com\merchant_id_10248 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidr.io\bito [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidr.io\bitoIsSecure [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\c [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\tuuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bidswitch.net\tuuid_lu [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_maxage_1000361 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bnmla.com\rx_uuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.britepool.com\_temp_bpid_ [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bttrack.com\GLOBALID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMPRO [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMPS [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMRUM3 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com\CMST [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.chase.com\store~logon~overrideIsExtraSmallDevice [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\V [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.contextweb.com\pb_rtb_ev [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_aud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_cc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_dc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.crwdcntrl.net\_cc_id [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.deepintent.com\CDIUSER [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discover.com\secTrack [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net\IDE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eqads.com\EQUser [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.everesttech.net\everest_g_v2 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exelator.com\EE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exelator.com\ud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.go.sonobi.com\__uis [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.id5-sync.com\3pi [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.id5-sync.com\id5 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\33AUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\ANUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\EARNUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\IXUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\KADUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\OUTHUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\OXUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\PUBMUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\R1USERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\SONOBIUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\SOVRNUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\VRUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\ZMNUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.infolinks.com\ZTUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\ASDT [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\CSDT [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\IQAppnexusCookieSync [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\IQDatonicsCS [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\IQPData [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\IQver [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\intentIQ [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intentiq.com\intentIQCDate [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipredictive.com\cu [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.krxd.net\_kuid_ [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lijit.com\ljt_reader [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.livejournal.com\adtech_uid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\mt_mop [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mathtag.com\uuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mxptint.net\mxpim [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\i [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\pd [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openx.net\univ_id [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\p2 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\pmc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.owneriq.net\si [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.piano.io\__cf_bm [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pippio.com\did [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pippio.com\didts [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pippio.com\nnls [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pippio.com\pxrc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net\anProfile [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\DPSync3 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KADUSERCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_1003 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_107 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_148 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_153 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_188 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_22 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_27 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_279 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_286 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_32 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_377 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_391 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_466 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_469 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_52 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_57 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\KRTBCOOKIE_699 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\PUBMDCID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\PugT [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\SPugT [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\SyncRTB3 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\chkChromeAb67Sec [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pubmatic.com\pi [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quantserve.com\d [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.quantserve.com\mc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru\ruid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reddit.com\link9us_recentclicks2 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.reddit.com\session_tracker [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\eud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\rud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rfihub.com\ruds [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.richrelevance.com\mvtdebug [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.richrelevance.com\mvtid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rlcdn.com\pxrc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rlcdn.com\rlas3 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\audit [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rubiconproject.com\khaos [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.searchiq.co\__cf_bm [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\__uzma [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\__uzmb [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\__uzmc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\__uzmd [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\ias.fraud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\nuv [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\ramp_session [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\u [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.servebom.com\ud [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.simpli.fi\suid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sitescout.com\_ssuma [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sitescout.com\ssi [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spot.im\access_token [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spot.im\spotim-ab [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spot.im\spotim-device-v2 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.taboola.com\t_gid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_3WAY_SYNCS [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_DID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tapad.com\TapAd_TS [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.targeting.unrulymedia.com\_rxuuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com\tads_uid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com\tads_uid_cd [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com\tads_uidp_73 [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com\tads_zora [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.thrtle.com\mc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tinypass.com\LANG [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tinypass.com\LANG_CHANGED [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com\ANON_ID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.turn.com\uid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tynt.com\pids [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tynt.com\uid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viafoura.co\VfSess [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.viafoura.co\vfThirdpartyCookiesEnabled [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\matchpubmatic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w55c.net\wfivefivec [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.wikia.org\tracking_session_id [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.anysoftwaretools.com\PlatformAgnostincTrackingVisitorGUID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.avct.cloud\uuid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.playground.xyz\connect.sid [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
animeow.me\logglytrackingsession [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
animeow.me\logglytrackingsession [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bh.contextweb.com\INGRESSCOOKIE [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
citiretailservices.citibankonline.com\kampyleSessionPageCounter [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
e.serverbid.com\azk [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
gamerant.com\incomingTraffic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
issuetracker.google.com\OSID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
issuetracker.google.com\__Secure-OSID [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
recs.richrelevance.com\n [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
recs.richrelevance.com\pv [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
recs.richrelevance.com\uc [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
screenrant.com\incomingTraffic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
store.nisamerica.com\mage-banners-cache-storage [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
theculturetrip.com\TCTCookiePolicyBanner [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.cbr.com\incomingTraffic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.crunchyroll.com\blockTrack [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.google.com\S_adsense3-ui [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.makeuseof.com\incomingTraffic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.thegamer.com\incomingTraffic [ C:\USERS\JEFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aaxads.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.aaxads.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.aaxads.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.www.gaming-adult.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.teenvogue.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.teenvogue.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.tinypass.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.tinypass.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.smaato.net [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.smaato.net [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.placed.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.www.pornvideoxo.net [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sexufly.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.piano.io [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.xxxpornozone.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
go.xxxjmp.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.custora.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
www.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
www.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
www.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.aaxads.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
e.serverbid.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.www.gaming-adult.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.apxlv.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
www.adultempire.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.igodigital.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.igodigital.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.igodigital.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.easydmp.net [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.mediawallahscript.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.mediawallahscript.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.mediawallahscript.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.thrtle.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.tynt.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
freepornpicss.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.go.xxxjmp.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.sddan.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.pornhub.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.leadplace.fr [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.tynt.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
adserv.snigelweb.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.witskies.click [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.aaxads.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
ads.avct.cloud [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
deviceid.trueleadid.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
.zeotap.com [ C:\USERS\JEFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IWVW2OEJ.DEFAULT-RELEASE-1585113236716\COOKIES.SQLITE ]
 
============
 End of Log 
============
 

Edited by jeff matthews, 07 December 2021 - 07:37 PM.

#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 08 December 2021 - 06:26 AM

Let me see if I can answer some of this:
 

Just clicking on that external link, its not able to directly load the webpage

Myself, when I ran into this it was because of an addon through my browser.

What I found listed in yours
CHR Extension: (WOT Website Security & Browsing Protection) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-12-01]

If this addon prevents the site from opening, I'm not sure. If it doesn't then it makes me feel your computer security or an Update from Microsoft is interfering here.
 

Yep, all clean. No logs to post. Is there away to locate the Old Logs of ESET online scanner. Maybe I can pull up an old log if its saved automatically. It would only be about a week old.

I did a quick search and didn't find anything.
 

Also some of the applications especially when launching the start Menu at the bottom left of the screen, display as unknown file types. Specifically the Word Document program.

A couple of things can cause this, adobe, a change in file settings for security, Microsoft updates

Show hidden files
https://support.micr...51-9b7f9840fdb2


Restoring Previous Versions of Files and Folders (Windows)

Right-click the file or folder, and then click Restore previous versions. ...
Before restoring a previous version of a file or folder, select the previous version, and then click Open to view it to make sure it's the version you want.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Oh and Super AntiSpyware picked up alot of stuff from its last scan

Actually, it picked up on cookies to websites you visited.

Super AntiSpyware ==> GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES
Clear cache & cookies
https://support.goog...latform=Desktop

open Chrome's settings, click "History," press "Clear Browsing Data" and check "Empty the Cache"
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Try the above, Emsisoft Emergency Kit scan?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 08 December 2021 - 06:42 PM

I have no recollection of WOT causing that sort of behavior in terms of not allowing me to click on hyperlinks. I have used this addon for years and its actually a useful addon that helps safe search browsing because it pinpoints with a user based rating rather or not the site could contain malicious code of any type and is denoted by a RED link. Or GREEN which means safe. 

 

 

I just deleted all of my cache for google chrome so hopefully that helps some what. 

 

The EMS scan I did not feel the need to post, because the log didn't contain any results for infections. It was basically "nothing found".

 

It could be a windows update and I guess I can look into that. There does not seem to be any issues i am experiencing now but I dont know. its intermittent and usually comes and goes, thats why I initially thought it may be a rootkit embeded that is slowly changing system settings and parameters in the back end. I am a little concerned that one my virus scanners mentioned that there was a specific file that was not able to be removed or it could cause instability with the OS.

 

I don't remember what AV or maleware scanner i used for that. I used anything from superantispyware, Maleware Bytes, Kaspersky AV, TDS killer, EmsisoftEmergencyKit, and even Hitman Pro. I was considering a Tweaking.com Windows Repair scan, but I don't want to invertanetly cause more system problems with out being advised on how to properly use that program correctly because it can be tricky. 


Edited by jeff matthews, 08 December 2021 - 06:48 PM.

#10 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 09 December 2021 - 08:15 AM


WOT might not be the problem, in the past I used it too.
Clearing the cache of Chrome and Firefox will at least work with the browser.

Microsoft updates doesn't fit all computers like it used to, if it ever really did but, I've had to undo a few and prevent a few in the past.
All scans are turning up nothing so far and since we can't find the log created when you ran ESET theres only one option, run another scan when you can.

See if the below can help fin the Eset log, we've deleted temp files so it's very possible it's already gone.

https://support.eset...ine-scanner-faq
How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after it completes a scan. This log file can be reviewed or sent to ESET for further analysis. To save the log file, click Save scan log and select the save location. You can also click View scan details to see the information. To view the log after ESET Online Scanner has been closed, Show hidden files and folders must be enabled in File Explorer. New logs are appended to the existing log files when multiple scans are run. The path to the log file is the following: C:\Users\username\AppData\Local\Temp\log.txt


MalwareBytes has a built in rootkit scanner that needs a check place by the option.

Open the settings panel, then security
place a check by "Scan for rootkits", then allow it to scan your computer.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove

#11 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 09 December 2021 - 04:39 PM

Alright, will do. This will take me a little bit of time, but ill rescan with maleware bytes well using the rootkit detection and also ESET for a full scan. I will provide the logs for both of those in a bit. 


#12 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 09 December 2021 - 05:19 PM

OK


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 10 December 2021 - 07:20 AM

Ok so there is nothing to post for Malewarebytes, it did not find anything. ESET did find stuff but I think its mostly related to very old files in another one of my hard disk drives like some of the AV software i had and an old keygen from many years ago. Nothing spotted in the C drive though and I did a full scan so I guess im pretty Clean then. 

 

 

12/10/2021 5:15:35 AM
Files scanned: 2635935
Detected files: 10
Cleaned files: 10
Total scan time 07:53:31
Scan status: Finished
N:\VIDEO GAME ARCHIVE\[Vintage Emulators]\3DO ROMS\CR_Downloader_for_d-(disc-1)_1461996675.exe Win32/InstallCore.Gen.D potentially unwanted application cleaned by deleting
 
Q:\BACK UP Local Disk G Drive\Dennis Backup\Desktop\Avast Internet Security\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Desktop\Documents\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Documents\Avast Internet Security\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Documents\Clutter\Antivirus and maleware tools\Avast Internet Security\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Documents\Clutter\Antivirus and maleware tools\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Documents\Programs\CyberLink PowerDVD Ultra 15.0.2617.58 Beta Multilingual Incl Keygen [SadeemPC]\CyberLink PowerDVD Ultra 15.0.2617.58 Beta Multilingual Incl Keygen [SadeemPC]\SadeemPC.com.URL LNK/Agent.CH trojan cleaned by deleting
 
Q:\BACK UP Local Disk G Drive\Local Disk E Backup Files\Back up's\Back up K drive\Laptop Back up\Antivirus and maleware tools\Avast Internet Security\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Local Disk E Backup Files\Back up's\Back up K drive\avast_internet_security_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
Q:\BACK UP Local Disk G Drive\Local Disk E Backup Files\Back up's\Back Up Main Desktop Computer\Desktop\back up ashley\avast_free_antivirus_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted

Edited by jeff matthews, 10 December 2021 - 07:21 AM.

#14 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 10 December 2021 - 09:38 AM

Ok so there is nothing to post for Malewarebytes, it did not find anything. ESET did find stuff but I think its mostly related to very old files in another one of my hard disk drives like some of the AV software i had and an old keygen from many years ago. Nothing spotted in the C drive though and I did a full scan so I guess im pretty Clean then.

I agree, looks to be clean.
Do you keep USB drives connected at all times? If it's an old outdated usb drive, why not delete the info off?, use it for something else?
Not a good idea to keep one plugged in all the time.

I think we're done

Use this tool to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools
- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and delete itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.png Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

For those interested in how to make a backup of your computer
https://forums.malwa...ackup-software/


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#15 jeff matthews

jeff matthews

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 783 posts

Posted 10 December 2021 - 06:30 PM

Do you keep USB drives connected at all times? If it's an old outdated usb drive, why not delete the info off?, use it for something else?

 

 

 

 

 

 

Actually I do,  because my drives have multiple directories some of which are very old files and others I keep updated. Its just spread across many of my hard drives. Ideally I like to keep most of my personal files on a single internal drive, but there are some archives left over on some of these external drives that I have not used for years, specific Back-ups that I can probably remove. 

 

Outside of that, what are the negatives to having exteral devices plugged in all the time. I usually always have my usb devices connected, including my external drives but maybe that isn't a good idea? 

 

 

I sucessfully removed all the tools we used for this session. 


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·