View Full Version : Please help with the logs before i post them to detect suspicious activity
Joshuacm
2021-12-15, 06:51
I have the farbar logs, but the other program crashed my computer when I tried to run the full scan on the C: drive. I do have some strange activity on my computer, and already ran spybot's rootkit scan. Please advise whether I should run the quick scan for aswmbr or the full scan. I do not want Windows to go to the blue screen again. I do not recall what the error screen was.Thanks.
Don't worry about running aswmbr again
Copy and paste the 2 Farbar logs you have.
Joshuacm
2021-12-16, 06:42
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-11-2021 02
Ran by Joshua (administrator) on LAPTOP-2016B3GJ (HP HP Pavilion Notebook) (09-11-2021 16:33:17)
Running from C:\Users\Joshua\Downloads
Loaded Profiles: Joshua
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acresso Software Inc. -> Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <27>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvBugReport.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\Updater\EPNetUpdater.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam6\Youcam6_webcam_camera_video.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam6\YouCamService6.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Greatis Software LLC -> Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Greatis Software LLC -> Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe <2>
(Greatis Software LLC -> Greatis Software, LLC.) C:\Users\Joshua\AppData\Local\Temp\is-ITUUC.tmp\unhackme_setup.tmp
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.2-0\MsMpEng.exe
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(OOO "GREATIS SOFTVARYA" -> Greatis Software, LLC.) C:\Program Files (x86)\UnHackMe\unhackme_setup.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\VirtualShield\bin\openvpn.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(VirtualShield LLC -> ) C:\Program Files\VirtualShield\VirtualShield.exe
(VirtualShield LLC -> ) C:\Program Files\VirtualShield\VirtualShieldSvc.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9186816 2017-05-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [134936 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [VirtualShield] => C:\Program Files\VirtualShield\VirtualShield.exe [16780304 2021-11-03] (VirtualShield LLC -> )
HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [2023552 2021-10-22] (RCS LT, UAB -> RCS LT)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate Technology, LLC -> Seagate LLC)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4231392 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326152 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\RunOnceEx\@UnHackMe: [1] => C:\PROGRA~2\UnHackMe\UnHackMe.exe /p Partizan
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [AvastBrowserAutoLaunch_C883A7524CEADD572682E14163823878] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31171504 2021-07-02] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [Spotify] => C:\Users\Joshua\AppData\Roaming\Spotify\Spotify.exe [23592304 2021-01-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joshua\AppData\Local\Microsoft\Teams\Update.exe [2455248 2021-11-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\WINDOWS\system32\hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\WSPDFelementMonitor.dll [271360 2017-10-19] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\92.2.11577.159\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-01] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\Installer\chrmstp.exe [2021-11-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\87.0.7478.88\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2021-11-07]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (NETGEAR -> )
BootExecute: autocheck autochk * Partizan
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0688011A-71C3-4BA1-A415-0389FB6F5720} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108928 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {165F1A61-FCDE-4345-AE34-7855A0E9B7FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MpCmdRun.exe [533312 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B028D52-A472-402C-AE88-3509F84A4029} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MpCmdRun.exe [533312 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {269CFCDF-17BB-4778-A8C3-589D17449FEB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {2BC04A12-C060-48F2-AA6A-1ABCABFFBC54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MpCmdRun.exe [533312 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2E311562-33DA-414C-9E06-C4E1B159B151} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148080 2021-10-27] (HP Inc. -> HP Inc.)
Task: {337F0B6F-E1A8-46DE-9E52-B6D545A397CC} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {3A40FDB0-00C3-4D9A-A08E-45A9129586E5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {4E9CBD0F-B137-4662-ACF1-CB4C56FF557F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4929304 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65FAB8F9-644D-4984-A546-A8DF0D7264A4} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {6E2EBAD4-4BAD-4059-852F-84780E997EEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148080 2021-10-27] (HP Inc. -> HP Inc.)
Task: {75172C9B-5C68-471B-B396-C243496A0B2D} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {7DB616B1-10F6-4A56-9443-1A9540F4B309} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {894EFFDC-51E4-4B8D-ADF7-9E22F751E8C1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {93AF12C8-446D-43B4-89C2-46361686C271} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
Task: {947D87CC-510D-4689-A087-8D65ECEB3B40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-10-27] (HP Inc. -> HP Inc.)
Task: {983CAFAA-57A1-4CAD-9EEE-111C455FCCBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {9A771B20-91AC-4139-82A7-CAA24D6C7B65} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AE07BF1-6BC4-4450-AE5F-CC8FE7DC86F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2021-10-27] (HP Inc. -> HP Inc.)
Task: {AB26107F-5DFC-4C08-9B0C-5E0F129C1A00} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22655904 2021-10-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {B76101E7-BD4D-430A-AD2B-51E296D10B1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MpCmdRun.exe [533312 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC7D35DF-D868-4163-ADDB-7C7786403EFA} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [5079904 2021-10-04] (Greatis Software LLC -> Greatis Software)
Task: {BED75A86-B117-48AA-A18D-70E97A374D37} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108928 2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3151AF4-991A-4AD6-840C-758B87F4EA37} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {C3EA9680-6CEF-4BD8-8809-78AD3FE56A71} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
Task: {D9F1DDEB-2119-45D0-A043-1ADF87404D17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E1ED1521-0747-4DD2-883F-840D2541FAE8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\HPDIAGS-ffd3431d-4d9c-4c82-83a2-23abc7f977a4 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [62037168 2019-04-03] (HP Inc. -> )
Task: {E1F88DFD-83BB-4A45-BEFD-BD7B1E89D5BF} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-2016B3GJ-Joshua => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E358EC1D-C1A0-4F22-9F16-94171EB05936} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {EAA67AEA-5D14-46A7-8EE7-A38C399BE30F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2495608 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {ED33A3BE-CDDA-4498-811A-0B2DC99F0B26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-07-02] (Garmin International, Inc. -> )
Task: {F3DC88B3-389A-418F-A1E9-4852413BFCC2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {FE4AB7FA-559C-4C6E-AA78-44B042BE789F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{158fa440-5993-40c0-ad3b-b54f7783ca5e}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{248657bc-e7b7-40ce-94d9-b83e13a52576}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{248657bc-e7b7-40ce-94d9-b83e13a52576}: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{30c90d2f-2204-499f-9f6a-c56f5b8cf68e}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{40c7cea8-499e-4ab8-a5ac-2ccc21c53eb6}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{67d6d511-6e13-48be-b1af-839921e49981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a58121f-fc15-4f28-a66c-d42846b46403}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{8482639b-7bf6-43e9-8d46-bfa433dea6f0}: [NameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:\Users\Joshua\Downloads
Edge Notifications: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> hxxps://helpx.adobe.com
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-09-18]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-08]
Edge NewTab: Default -> Not-active:"chrome-extension://ohpagamjnemfmmgildfkjgbnabhojcdj/newtab.html"
Edge Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
Edge Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2021-08-08]
Edge Extension: (Save Tabs) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dhgkdkollobnolailbckohhaikklnnki [2021-08-08]
Edge Extension: (Avast Online Security & Privacy) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-10-29]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-09-03]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-22]
Edge Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2021-08-08]
Edge Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2021-08-08]
Edge Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2021-08-08]
Edge Extension: (Speed Dial 2 New tab) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ohpagamjnemfmmgildfkjgbnabhojcdj [2021-08-08]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-25] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-11-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-11-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-06-14] (WildTangent Inc -> )
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
Chrome:
=======
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2021-11-03]
CHR Notifications: Default -> hxxps://chatsupport.apple.com; hxxps://meet.google.com; hxxps://www.dmv.com; hxxps://www.instantcheckmate.com; hxxps://www.otterbox.com; hxxps://www.reddit.com; hxxps://www.theepochtimes.com
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://topsites.me/"
CHR NewTab: Default -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-18]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-06-01]
CHR Extension: (Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-06-01]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-06-01]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
CHR Extension: (HelloFax) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2019-03-01]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2021-08-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-04]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-08-15]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-06-01]
CHR Extension: (Save Tabs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgkdkollobnolailbckohhaikklnnki [2021-08-08]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-05-16]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-06-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-04]
CHR Extension: (Speed Dial 2 New tab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2020-04-25]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2021-08-15]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-06-01]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-06-01]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2020-07-06]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-06-01]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-15]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR HomePage: Default - Copy -> hxxp://www.facebook.com/
CHR StartupUrls: Default - Copy -> "hxxp://topsites.me/"
CHR NewTab: Default - Copy -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-06-01]
CHR Extension: (Google Slides) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-01]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-06-01]
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-01]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-06-01]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-06-01]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2017-06-01]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-06-01]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-06-01]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-06-01]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-06-01]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-06-01]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-01]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Sheets) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-06-01]
CHR Extension: (Speed Dial 2) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-06-01]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-06-01]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-06-01]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-06-01]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2017-06-01]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-06-01]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-01]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1 [2017-06-01] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-01]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-01]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
CHR HomePage: defaultold -> hxxp://www.facebook.com/
CHR StartupUrls: defaultold -> "hxxp://topsites.me/"
CHR NewTab: defaultold -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-09]
CHR Extension: (Google Slides) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-19]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-01-09]
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-20]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-19]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-01-09]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-01-09]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-01-09]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-19]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2017-01-09]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-05-05]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-13]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-01-09]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-05-08]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-09]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-23]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-04-17]
CHR Extension: (Speed Dial 2) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-01-09]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-01-09]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-01-09]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-01-09]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2017-05-31]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-01-09]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-01-09]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-07]
CHR HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpacaholihkepnhgeeiipghhgonbhdfb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8323664 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [630040 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [377624 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12827.70\elevation_service.exe [1713640 2021-11-01] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-04] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-12] (Microsoft Corporation -> Microsoft Corporation)
S4 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [143488 2021-10-22] (RCS LT, UAB -> RCS LT)
S4 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [151168 2021-10-22] (RCS LT, UAB -> RCS LT)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3274432 2021-04-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399208 2017-06-14] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [755704 2021-10-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [754184 2021-10-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [751104 2021-10-27] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-11-20] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [754688 2021-10-27] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
S4 hshld_10.22.4; C:\Program Files (x86)\Hotspot Shield\10.22.4\bin\cmw_srv.exe [242776 2021-10-22] (Pango Inc. -> Pango Inc.)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-05] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-03-29] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-03] (ADLICE (ASCOET JULIEN) -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [137920 2021-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 VirtualShieldService; C:\Program Files\VirtualShield\VirtualShieldSvc.exe [624656 2021-11-03] (VirtualShield LLC -> )
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4575688 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\NisSrv.exe [2372048 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MsMpEng.exe [128360 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] (NETGEAR -> )
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [51936 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [129216 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-03] (Avast Software s.r.o. -> AVAST Software)
S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [83248 2020-09-03] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [153040 2021-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [135984 2020-12-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195224 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
R3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [1044768 2021-09-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-11-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [94600 2021-10-22] (Pango Inc. -> Pango Inc)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [25312 2007-01-19] (NETGEAR -> Windows (R) Codename Longhorn DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2021-11-02] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-11-09] (Adlice -> )
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [641736 2021-02-26] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 iswSvc; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-09 16:33 - 2021-11-09 16:40 - 000063750 _____ C:\Users\Joshua\Downloads\FRST.txt
2021-11-09 16:28 - 2021-11-09 16:37 - 000000000 ____D C:\FRST
2021-11-09 16:12 - 2021-11-09 16:12 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-09 16:10 - 2021-11-09 16:10 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-11-09 15:51 - 2021-11-09 15:52 - 002312192 _____ (Farbar) C:\Users\Joshua\Downloads\FRST64.exe
2021-11-09 14:59 - 2021-11-09 14:59 - 000001234 _____ C:\Users\Joshua\Documents\malwarebytes.txt
2021-11-08 16:34 - 2021-11-09 16:09 - 000000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2021-11-08 16:23 - 2021-11-08 16:23 - 000000000 ____D C:\@RestoreQuarantine
2021-11-08 16:12 - 2019-08-13 18:36 - 000001367 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2021-11-08 15:33 - 2021-11-09 16:48 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-11-08 15:32 - 2021-11-09 16:49 - 000000000 ____D C:\Users\Joshua\AppData\Local\UnHackMe
2021-11-08 15:32 - 2021-11-09 16:41 - 000003422 _____ C:\WINDOWS\system32\Tasks\UnHackMe Task Scheduler
2021-11-08 15:31 - 2021-11-09 16:41 - 000001087 _____ C:\Users\Joshua\Desktop\UnHackMe.lnk
2021-11-08 15:31 - 2021-11-09 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2021-11-08 15:31 - 2021-11-09 16:41 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-11-08 15:31 - 2021-10-04 17:39 - 000015440 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2021-11-08 15:31 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2021-11-08 15:28 - 2021-11-08 15:28 - 000000000 ____D C:\Users\Joshua\Documents\unhackme
2021-11-07 18:36 - 2021-11-07 18:36 - 000088172 _____ C:\ProgramData\agent.update.1636335374.bdinstall.v2.bin
2021-11-07 17:44 - 2021-11-07 18:06 - 045081882 _____ C:\Users\Joshua\Downloads\unhackme-beta.zip
2021-11-07 17:26 - 2021-11-08 16:40 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-11-07 17:23 - 2021-11-07 17:23 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-07 16:46 - 2021-11-07 18:36 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-11-07 16:46 - 2021-11-07 16:46 - 000115432 _____ C:\ProgramData\agent.1636328801.bdinstall.v2.bin
2021-11-07 16:46 - 2021-11-07 16:46 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-11-07 16:42 - 2021-11-07 16:45 - 013543384 _____ C:\Users\Joshua\Downloads\bitdefender_online.exe
2021-11-07 16:19 - 2021-11-07 16:19 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\NCH Software
2021-11-07 16:15 - 2021-11-07 16:15 - 000000000 ____D C:\Users\Joshua\Documents\autoruns
2021-11-07 15:44 - 2021-11-07 15:45 - 003850414 _____ C:\Users\Joshua\Downloads\Autoruns.zip
2021-11-07 15:44 - 2021-11-07 15:44 - 000045023 _____ C:\Users\Joshua\Downloads\autoruns.htm
2021-11-07 15:36 - 2021-11-07 15:36 - 000000910 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
2021-11-07 15:36 - 2021-11-07 15:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2021-11-07 15:36 - 2021-11-07 15:36 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-11-07 15:36 - 2021-11-07 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
2021-11-07 15:36 - 2021-11-07 15:36 - 000000000 ____D C:\Program Files (x86)\NETGEAR
2021-11-07 15:36 - 2010-02-03 11:21 - 000281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2021-11-07 15:36 - 2010-02-03 11:21 - 000096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2021-11-07 15:36 - 2010-02-03 11:21 - 000053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
2021-11-07 15:36 - 2010-02-03 11:21 - 000047632 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2021-11-07 15:36 - 2009-11-06 08:40 - 000838136 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bcmwlhigh664.sys
2021-11-07 15:36 - 2009-11-06 08:34 - 003888128 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvsrv64.dll
2021-11-07 15:36 - 2009-11-06 08:34 - 003552768 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvui64.dll
2021-11-07 15:36 - 2009-11-06 08:34 - 000095472 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmwlcoi.dll
2021-11-07 15:36 - 2007-01-19 18:24 - 000025312 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2021-11-06 23:36 - 2021-11-06 23:59 - 249204696 _____ (HP Inc.) C:\Users\Joshua\Downloads\sp135762.exe
2021-11-06 14:20 - 2021-11-06 14:20 - 000001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2021-11-06 14:20 - 2021-11-06 14:20 - 000000000 ____D C:\Users\Joshua\AppData\Local\RCS_LT
2021-11-06 14:19 - 2021-11-06 15:09 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
2021-11-06 14:17 - 2021-11-06 14:18 - 003593000 _____ (RCS LT) C:\Users\Joshua\Downloads\CCSetup.exe
2021-11-06 13:53 - 2021-11-06 13:53 - 000001258 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2021-11-06 13:53 - 2021-11-06 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2021-11-06 13:53 - 2021-11-06 13:53 - 000000000 ____D C:\Program Files\HotspotShield TAP-Windows
2021-11-06 13:53 - 2021-10-22 10:08 - 000094600 _____ (Pango Inc) C:\WINDOWS\system32\Drivers\pango_netfilter2.sys
2021-11-04 11:35 - 2021-11-04 11:35 - 000002380 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-11-04 11:35 - 2021-11-04 11:35 - 000002372 _____ C:\Users\Joshua\Desktop\Microsoft Teams.lnk
2021-11-04 11:34 - 2021-11-04 11:34 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Teams
2021-11-04 11:33 - 2021-11-04 11:35 - 000000000 ____D C:\Users\Joshua\AppData\Local\SquirrelTemp
2021-11-03 23:02 - 2021-11-03 23:03 - 001004586 _____ C:\Users\Joshua\Downloads\Wub.zip
2021-11-03 22:24 - 2021-11-03 22:24 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-11-03 22:19 - 2021-11-03 22:22 - 041659160 _____ (Adlice Software ) C:\Users\Joshua\Downloads\RogueKiller_setup (1).exe
2021-11-03 14:08 - 2021-11-03 14:08 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-11-03 14:08 - 2021-11-03 14:08 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-03 14:07 - 2021-11-03 14:07 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-11-03 14:07 - 2021-11-03 14:07 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-11-03 14:07 - 2021-11-03 14:07 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-11-03 14:07 - 2021-11-03 14:07 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-11-03 14:07 - 2021-11-03 14:07 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-03 14:06 - 2021-11-03 14:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-11-03 14:05 - 2021-11-03 14:05 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-11-03 14:05 - 2021-11-03 14:05 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-11-03 14:05 - 2021-11-03 14:05 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-11-03 14:05 - 2021-11-03 14:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-03 14:05 - 2021-11-03 14:05 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-11-03 14:04 - 2021-11-03 14:04 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-11-03 13:16 - 2021-11-03 13:16 - 000000000 ___HD C:\$WinREAgent
2021-11-03 11:50 - 2021-11-03 11:50 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 11:50 - 2021-11-03 11:50 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-03 10:05 - 2021-11-03 10:05 - 000000000 ____D C:\Users\Joshua\AppData\Local\VirtualShield
2021-11-03 10:01 - 2021-11-03 10:01 - 000000886 _____ C:\Users\Joshua\Desktop\VirtualShield.lnk
2021-11-03 10:01 - 2021-11-03 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualShield
2021-11-03 09:55 - 2021-11-03 09:58 - 013618704 _____ () C:\Users\Joshua\Downloads\VirtualShieldSetup (1).exe
2021-11-02 10:58 - 2021-11-02 10:58 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2021-11-02 10:56 - 2021-11-03 10:01 - 000000000 ____D C:\Program Files\VirtualShield
2021-11-02 10:54 - 2021-11-02 10:55 - 013618704 _____ () C:\Users\Joshua\Downloads\VirtualShieldSetup.exe
2021-11-02 10:36 - 2021-11-02 10:36 - 000051503 _____ C:\Users\Joshua\Documents\joshmayeroverpaymentstatementnov12021.pdf
2021-10-30 15:44 - 2021-11-07 17:19 - 003370814 _____ C:\WINDOWS\ntbtlog.txt
2021-10-30 15:41 - 2021-10-30 15:41 - 013884680 _____ (NortonLifeLock Inc.) C:\Users\Joshua\Downloads\NPE.exe
2021-10-30 15:41 - 2021-10-30 15:41 - 000000000 ____D C:\Users\Joshua\AppData\Local\NPE
2021-10-30 15:41 - 2021-10-30 15:41 - 000000000 ____D C:\ProgramData\Norton
2021-10-29 15:18 - 2021-11-03 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-10-29 15:18 - 2021-11-03 22:24 - 000000000 ____D C:\Program Files\RogueKiller
2021-10-29 15:17 - 2021-10-29 15:19 - 000000000 ____D C:\ProgramData\RogueKiller
2021-10-29 15:12 - 2021-10-29 15:16 - 042005976 _____ (Adlice Software ) C:\Users\Joshua\Downloads\RogueKiller_setup.exe
2021-10-29 14:12 - 2021-10-29 14:12 - 000178674 _____ C:\Users\Joshua\Documents\activity.txt
2021-10-28 14:51 - 2021-10-28 15:08 - 000178674 _____ C:\WINDOWS\system32\activity.txt
2021-10-26 11:45 - 2021-10-26 11:46 - 000019781 _____ C:\Users\Joshua\Documents\headers1.txt
2021-10-24 22:30 - 2021-10-24 22:30 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLDC6B1.tmp
2021-10-24 22:30 - 2021-10-24 22:30 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLDC6B0.tmp
2021-10-24 22:30 - 2021-09-08 18:44 - 001044768 ____N (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-10-24 22:30 - 2021-09-08 18:44 - 000528680 ____N (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-10-24 22:20 - 2021-10-24 22:20 - 000000000 ____D C:\KVRT2020_Data
2021-10-24 22:12 - 2021-10-24 22:12 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLD23E7.tmp
2021-10-24 22:12 - 2021-10-24 22:12 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLD23E6.tmp
2021-10-24 22:10 - 2021-10-24 22:10 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLD4571.tmp
2021-10-24 22:10 - 2021-10-24 22:10 - 000000000 _____ C:\WINDOWS\system32\Drivers\OLD4570.tmp
2021-10-24 22:09 - 2021-10-24 22:32 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Installer for Kaspersky Anti-Ransomware Tool for Business
2021-10-24 22:09 - 2021-10-24 22:09 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Kaspersky Anti-Ransomware Tool for Business
2021-10-24 22:02 - 2021-10-24 22:13 - 109189624 _____ (AO Kaspersky Lab) C:\Users\Joshua\Downloads\KVRT.exe
2021-10-24 22:00 - 2021-10-24 22:09 - 094312000 _____ (AO Kaspersky Lab) C:\Users\Joshua\Downloads\KART_5.1.0.241021-Home.exe
2021-10-24 21:40 - 2021-10-24 21:40 - 000002495 _____ C:\Users\Joshua\Desktop\Resume ZoneAlarm Security Install.lnk
2021-10-23 00:22 - 2021-10-23 00:22 - 000359130 _____ C:\Users\Joshua\Documents\CSH-False-Claims-Summary_October-2019.pdf
2021-10-23 00:22 - 2021-10-23 00:22 - 000281282 _____ C:\Users\Joshua\Documents\DH_PatientRightsResponsibilitiesBrochure_v2.pdf
2021-10-23 00:22 - 2021-10-23 00:22 - 000087622 _____ C:\Users\Joshua\Documents\DH_AffiliatedCoveredEntities_2020.pdf
2021-10-23 00:21 - 2021-10-23 00:21 - 000139385 _____ C:\Users\Joshua\Documents\70 7 001 conflicts of interest institutional review boards facilities and investigators 022213.pdf
2021-10-16 10:33 - 2021-10-16 10:33 - 000048459 _____ C:\Users\Joshua\Documents\JoshuaMayerOverpaymentIncrease.pdf
2021-10-13 14:36 - 2021-10-13 14:44 - 100992816 _____ (HP Inc.) C:\Users\Joshua\Downloads\sp118349.exe
2021-10-10 22:25 - 2021-10-10 22:25 - 000102834 _____ C:\Users\Joshua\Documents\DxDiag.txt
2021-10-10 22:21 - 2021-10-10 22:21 - 006434896 _____ (Oleg N. Scherbakov) C:\Users\Joshua\Downloads\HPSupportSolutionsFramework-12.19.53.13 (1).exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-09 16:48 - 2021-08-05 15:40 - 000000000 ____D C:\Users\Joshua\Documents\YouCam
2021-11-09 16:35 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-09 16:15 - 2016-10-19 10:35 - 000000000 __SHD C:\Users\Joshua\IntelGraphicsProfiles
2021-11-09 16:12 - 2016-10-19 23:27 - 000000000 ____D C:\ProgramData\AVAST Software
2021-11-09 16:09 - 2020-09-17 12:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-09 16:09 - 2020-09-17 11:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-09 16:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-09 16:04 - 2019-12-07 02:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-11-09 16:03 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-09 14:57 - 2020-09-17 11:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-09 12:05 - 2020-09-17 12:57 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-11-08 17:47 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-08 16:50 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-08 16:42 - 2020-09-17 12:18 - 000007318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-08 16:17 - 2017-02-18 20:44 - 000000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2021-11-08 15:12 - 2020-09-17 12:57 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1001
2021-11-08 15:12 - 2020-09-17 12:02 - 000002393 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-08 00:21 - 2021-10-05 08:48 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7b0bdc32d6e20
2021-11-08 00:21 - 2021-08-07 16:54 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1004
2021-11-08 00:21 - 2021-05-24 16:38 - 000002490 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent
2021-11-08 00:21 - 2021-05-03 09:51 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1002
2021-11-08 00:21 - 2020-09-17 12:57 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-08 00:21 - 2020-09-17 12:57 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-08 00:21 - 2020-09-17 12:57 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-08 00:21 - 2020-09-17 12:57 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-08 00:21 - 2020-09-17 12:57 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-11-08 00:21 - 2020-09-17 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-11-07 16:28 - 2018-06-28 16:38 - 000000000 ____D C:\Users\Joshua\AppData\Local\D3DSCache
2021-11-07 16:15 - 2020-09-17 12:02 - 000000000 ____D C:\Users\Joshua
2021-11-07 15:36 - 2016-10-19 08:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-11-07 14:58 - 2018-07-25 17:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-11-07 01:15 - 2016-10-21 22:33 - 000000000 ____D C:\Users\Joshua\AppData\Local\Spotify
2021-11-07 01:15 - 2016-10-21 22:30 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Spotify
2021-11-07 00:03 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-07 00:02 - 2016-04-01 11:31 - 000000000 ____D C:\SWSetup
2021-11-06 13:54 - 2020-04-07 23:03 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2021-11-06 13:54 - 2020-04-07 23:02 - 000000000 ____D C:\ProgramData\Hotspot Shield
2021-11-06 13:54 - 2016-04-01 11:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-05 13:07 - 2018-05-25 14:52 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-11-05 13:07 - 2018-05-25 14:52 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-11-04 08:58 - 2016-10-19 10:38 - 000000000 ____D C:\Users\Joshua\AppData\Local\HP_Inc
2021-11-03 23:57 - 2018-02-24 18:03 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2021-11-03 23:45 - 2020-09-17 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-11-03 23:22 - 2020-09-17 11:54 - 010137352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-11-03 23:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-03 23:13 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-03 14:21 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-03 13:13 - 2016-04-01 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-03 11:49 - 2016-10-20 16:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-03 11:36 - 2016-10-20 16:25 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-03 11:31 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-03 11:16 - 2016-04-01 11:55 - 000000000 ____D C:\Program Files\HP
2021-11-02 23:09 - 2020-07-12 02:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-02 23:09 - 2020-07-12 02:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-02 22:32 - 2018-05-25 04:12 - 000000000 ____D C:\Users\Joshua\AppData\Local\Packages
2021-11-02 20:32 - 2016-11-10 14:10 - 000000000 ____D C:\Users\Joshua\AppData\Local\ElevatedDiagnostics
2021-11-02 12:20 - 2020-09-17 12:02 - 000000000 ____D C:\Users\DefaultAppPool
2021-10-26 11:50 - 2021-10-03 12:53 - 000143025 _____ C:\Users\Joshua\Documents\headers.txt
2021-10-26 00:50 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-21 14:24 - 2021-08-08 20:23 - 000441353 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2021-10-21 11:29 - 2021-08-07 16:06 - 000000000 ____D C:\Users\JoshuaCM
2021-10-21 11:29 - 2021-05-03 09:40 - 000000000 ____D C:\Users\musta
2021-10-10 22:22 - 2016-10-19 08:41 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-10-10 08:41 - 2016-11-08 18:54 - 000000000 ____D C:\Users\Public\CyberLink
2021-10-10 08:40 - 2016-11-08 18:54 - 000000000 ____D C:\Users\Joshua\Documents\CyberLink
2021-10-10 08:40 - 2016-11-07 14:55 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\CyberLink
2021-10-10 08:40 - 2016-10-19 09:00 - 000000000 ____D C:\ProgramData\CyberLink
==================== Files in the root of some directories ========
2017-01-17 10:29 - 2017-01-18 10:43 - 001221397 _____ () C:\Users\Joshua\AppData\Local\ars.cache
2017-01-17 10:31 - 2017-01-17 10:31 - 001286928 _____ () C:\Users\Joshua\AppData\Local\census.cache
2017-01-17 09:34 - 2017-01-17 09:34 - 000000036 _____ () C:\Users\Joshua\AppData\Local\housecall.guid.cache
2017-02-15 20:35 - 2017-02-15 20:35 - 000000600 _____ () C:\Users\Joshua\AppData\Local\PUTTY.RND
2017-01-17 09:56 - 2017-01-17 11:17 - 000000010 _____ () C:\Users\Joshua\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2021 02
Ran by Joshua (09-11-2021 16:51:54)
Running from C:\Users\Joshua\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2020-09-17 20:00:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3270737401-2542335873-2474156572-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3270737401-2542335873-2474156572-503 - Limited - Disabled)
Guest (S-1-5-21-3270737401-2542335873-2474156572-501 - Limited - Disabled)
Joshua (S-1-5-21-3270737401-2542335873-2474156572-1001 - Administrator - Enabled) => C:\Users\Joshua
JoshuaCM (S-1-5-21-3270737401-2542335873-2474156572-1004 - Administrator - Enabled) => C:\Users\JoshuaCM
musta (S-1-5-21-3270737401-2542335873-2474156572-1002 - Administrator - Enabled) => C:\Users\musta
WDAGUtilityAccount (S-1-5-21-3270737401-2542335873-2474156572-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-0a78c7b1-669e-4f9e-ac17-1f28212573b6) (Version: 3.0.2.118 - WildTangent) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_f21eef46ea86aded9ca3b6b966d08f5) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS4 (HKLM-x32\...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated)
Adobe InDesign CS5 (HKLM-x32\...\{F9766AC1-1461-1033-B862-DF8FE1C033BE}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{CBEE7F70-D77E-46DB-BB02-B64147DD6453}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnthemScore (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\{cc7b5290-b051-49d5-a512-7a358e8c30b0}) (Version: 1.0.1 - Lunaverus)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 95.0.12827.70 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-f84eb1b5-630a-489f-afc9-4bc13edf4512) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-8b3300fe-dd94-4484-9246-35cf5acf668b) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-35834c66-4765-4da3-b3c3-bb89e4146468) (Version: 3.0.2.48 - WildTangent) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Check Point SBA (HKLM\...\{405209A1-63AA-4AB5-A6A9-4F088BA951A3}) (Version: 86.6.8560 - Check Point Software Technologies Ltd.) Hidden
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.56.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.56.0 - RCS LT)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-b5c2f850-4a02-44f6-9c14-57c255fbd94b) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Elevated Installer (HKLM-x32\...\{0F6C59A2-5F1D-4D7C-BC90-A0A1A75F4EE9}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-2f4b574c-be67-42a2-993d-7d1c787a60cd) (Version: 3.0.2.59 - WildTangent) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.00 - NCH Software)
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
Garmin Express (HKLM-x32\...\{50DF005C-1D2C-467A-A39E-10ADEFA83A96}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{9e0ef45d-b10c-42da-9aab-16200df39d95}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries)
Glary Undelete 5.0.1.19 (HKLM-x32\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Green City: Go South (HKLM-x32\...\WTA-22174663-277b-4633-9cbc-f78e60a05a85) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-6f0c77f0-c3d3-4a97-8c6c-a354db55df4c) (Version: 3.0.2.59 - WildTangent) Hidden
Hotspot Shield 10.22.4 (HKLM-x32\...\{4de134ec-1612-4548-bed4-35bf05f8cfe2}) (Version: 10.22.4.12022 - Pango Inc.)
Hotspot Shield 10.22.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925F287F119}) (Version: 10.22.4.12022 - Pango Inc.) Hidden
Hotspot Shield 10.22.4 (HKLM-x32\...\HotspotShield) (Version: 10.22.4 - Pango Inc.) Hidden
HotspotShield TAP-Windows 9.24.4 (HKLM\...\HotspotShield TAP-Windows) (Version: 9.24.4 - Pango Inc.) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-320c3904-8380-4507-b121-7bf385dbde1e) (Version: 3.0.2.59 - WildTangent) Hidden
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{DF16F6E3-6550-468A-9C0C-306B4F60D501}) (Version: 1.5.8.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-eb2b4463-2adb-43a2-9b96-c2b19204c6c8) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-fed1670c-2eb5-49ba-8a5e-04a0a9038ddf) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.7.1051 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-87bd5869-8fd9-4a59-9e1b-68f630a053f7) (Version: 3.0.2.118 - WildTangent) Hidden
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-b69331d4-e992-441d-bc2a-a7a5f55b65c3) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-db7d8fac-a7ee-44ec-951c-3dbeaad8fd69) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-f700b5d2-fd93-4939-b81d-35d043ae1e37) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-98976e78-b6fd-4583-a34c-12ffe54a8dcc) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1002\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1004\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Teams) (Version: 1.4.00.22976 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFtoMusic (HKLM-x32\...\PDFtoMusic) (Version: 1.6.2 - Myriad SARL)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Plagiarii (HKLM-x32\...\WTA-e081b8eb-5a30-4e6d-861e-4931f50ca85d) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-a046ea40-c158-4605-8cd1-09c483ac5e32) (Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-afc05c19-8b00-451e-8256-4cc27fe4208f) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-aef96e02-0d2c-4648-8717-142b57b7d123) (Version: 3.0.2.59 - WildTangent) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8023 - Realtek Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-dceacd7e-f704-453f-888b-c1dbb95cd56b) (Version: 3.0.2.126 - WildTangent) Hidden
Roblox Player for Joshua (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\roblox-player) (Version: - Roblox Corporation)
RogueKiller version 15.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.2.0 - Adlice Software)
Runefall (HKLM-x32\...\WTA-846a3fa5-38fa-41bc-8b26-9e3c99c83611) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-38e4de1a-16a7-4ef9-a697-d8f2ad47f828) (Version: 3.0.2.59 - WildTangent) Hidden
Seagate Manager Installer (HKLM-x32\...\{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Sky High Farm (HKLM-x32\...\WTA-11acfc19-2dac-440a-9118-4e8e5305ef96) (Version: 3.0.2.59 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
Tasty Blue (HKLM-x32\...\WTA-edb5e308-daa5-44f4-9927-d681eea01e61) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-49767db4-87ed-450e-99db-535f65bc94dc) (Version: 1.1.2.4 - WildTangent) Hidden
UnHackMe 13.10 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
VirtualShield (HKLM\...\VirtualShield) (Version: 3.3.1 - VirtualShield LLC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Weeny Free PDF Password Remover 1.1 (HKLM-x32\...\Weeny Free PDF Password Remover_is1) (Version: - Weeny Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.30 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.3.3) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.3.3.2780 - Wondershare Software Co.,Ltd.)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.004.7033 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{7B46F664-5425-45D9-8761-E506F5D71D12}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.169.18768 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DD4F2B05-0B5A-4C76-AEFE-3C85E1064E57}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)
Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-09-18] (eyeo GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.205.200.0_x86__kgqvnymyfvs32 [2021-11-03] (king.com)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-11-07] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.10.85.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-03] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.55.42923.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Corporation) [Startup Task]
Movie Maker : Free Video Editor -> C:\Program Files\WindowsApps\39691Videopix.MovieMakerFreeVideoEditor_1.1.81.0_x64__dxz7h1qnd1pge [2021-10-09] (Videopix)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-08-07] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-11-02] (Random Salad Games LLC)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2021-08-08] (Snapfish)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-08-06] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-02-16] () [File not signed]
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-10-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-02-16] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
==================== Loaded Modules (Whitelisted) =============
2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2019-02-16 13:17 - 2019-02-16 13:17 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2021-11-07 15:36 - 2010-07-09 16:38 - 000331776 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2021-11-07 15:36 - 2010-02-03 11:31 - 000282624 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2007-01-19 04:23 - 2007-05-10 23:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2006-10-23 00:19 - 2006-10-23 00:19 - 000019968 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU
2006-10-23 00:10 - 2006-10-23 00:10 - 000019968 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA
2006-08-02 07:52 - 2006-08-02 07:52 - 000126976 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000212992 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
2006-09-14 23:46 - 2006-09-14 23:46 - 000208896 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000346112 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
2008-08-14 07:15 - 2008-08-14 07:15 - 000481792 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2021-11-07 15:36 - 2010-02-03 11:21 - 000204800 _____ (Broadcom Corporation) [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\wps_api.dll
2021-07-02 09:07 - 2021-07-02 09:07 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2016-10-19 12:12 - 2016-10-04 07:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2006-09-15 13:58 - 2006-09-15 13:58 - 000934400 _____ (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
2021-05-18 09:17 - 2021-05-18 09:17 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2020-09-17 12:06 - 2020-09-17 12:06 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-09-17 12:06 - 2020-09-17 12:06 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-04-19 06:12 - 2021-04-19 06:12 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\x86\SQLite.Interop.dll
2021-03-29 13:26 - 2021-03-29 13:26 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2021-07-02 09:04 - 2021-07-02 09:04 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2017-11-07 17:59 - 2017-10-19 10:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {2233F36F-8694-4A10-BA05-24726E79E791} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> {1AF7E331-D02A-419B-A537-337B148FBCAB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
SearchScopes: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> {2233F36F-8694-4A10-BA05-24726E79E791} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2021-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2021-10-27] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 00:24 - 2019-08-13 18:36 - 000001367 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3270737401-2542335873-2474156572-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3270737401-2542335873-2474156572-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.39.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
Network Binding:
=============
Ethernet: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Local Area Connection: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Wi-Fi: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Ethernet 3: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: ComboCleaner.Guard => 2
MSCONFIG\Services: ComboCleaner.WinService => 2
MSCONFIG\Services: hshld_10.22.4 => 2
HKLM\...\StartupApproved\Run: => "Combo Cleaner"
HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EDD5C8AD-1648-468A-9F50-9C71D60AE204}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{1DDA231A-E59B-4FD4-9EFE-BA7DD2AE6A67}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{846319F1-2155-4A4A-BA94-FA6411C67B20}] => (Allow) LPort=5353
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{A2015C8D-A9DE-4A20-AFF2-6D8D46F54C66}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{2EED8105-B297-4E28-9319-0144E1745619}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E6C2AA2-3424-4120-827B-ED23DD9C26E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E04A979-7A89-4A42-AC8B-B272C713AC98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D1C72FF-2FE3-4B14-86EF-1E9ECBF76FFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7359BE22-9A57-4340-8245-31944C1DD017}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2981CD2E-92C2-4080-AD50-499B1FD050CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{6E87650F-8C75-4D4D-A0E9-152F64978EAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{49779CF9-2316-4D34-B69E-79B452163541}] => (Block) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{EA1729C9-2C05-4489-80A8-1794616EF433}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [{8D69910A-3C45-47F5-9488-86C57F2CC348}] => (Block) C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems Incorporated -> Adobe Systems, Inc.)
FirewallRules: [{8D9B3B54-EC5D-46C5-983E-99D83CDACEF9}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{FCBF538E-5081-4297-9DF6-D295D2E7E340}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{05FE341D-F79B-4F3B-BACF-60BAFD3CBC8D}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{CDF1094B-CA15-49E8-BD31-DDEFAF820AC2}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{F25D9D7A-D123-462A-9D70-92604289F4EE}C:\users\joshua\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\joshua\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [UDP Query User{0D04B413-2BC0-4535-BF87-C94307C0BC8B}C:\users\joshua\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\joshua\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{D39EE741-7955-4878-9BB2-A2DE19CB3A25}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3F87442-BB6F-496F-9EFB-EF94628DE9B0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46F397D8-5CB1-4193-AB98-C0E21298CF0B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{64F94B27-3379-4B7C-A1EB-BEDBA502FA6F}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{32845121-7AC0-4048-9E18-8D08AB0CC880}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6891CC8A-DD29-45D9-A0D4-7C1F21257B86}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1BBF807F-A43C-4DF8-AEAA-3583A61260CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B476B8D-F02D-4C47-9467-65D41123E6FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FD0C4512-220A-4EEA-A0B2-26F2EA11AABC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{07923603-A7BF-4138-9628-B2028FEF5914}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6EF085B-7D11-4261-AC15-321300623B47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{284143B4-6704-4C03-BDA5-1EE57C5D2217}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47FB16DB-FB46-49F3-A6E0-7CD614FC8B7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DD662B0D-8BCD-49CA-9395-395549DDDEC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F37EC8C8-5B8A-47E0-B001-D87FF06D2D59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
FirewallRules: [{F199E468-5EAE-4E14-AAC0-183AA40A4396}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{69311BBF-82B2-49E1-A468-B57CBFB1567A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{4356C251-2997-4229-9835-3A73A3381BC2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9916C7FD-B699-4591-BF6B-6E6DF42405CF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{37B33414-4697-4B08-9C5D-AA844C7DBCE5}] => (Allow) LPort=57209
FirewallRules: [{31FBF2B2-EFCC-4D2B-BF0E-9C04B7A3D050}] => (Allow) LPort=57209
FirewallRules: [{3FB5E1AD-37AB-43EE-8494-75B17DFE22A5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2FE183F7-E8FC-4F2C-BA3E-F8504189C712}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4A8BA1CA-D15E-4B4D-8870-9B51B3775437}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7DB4C7AC-A3D9-4801-B3D9-8B6288A1DB22}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{AFB856C0-56E4-403D-B1F3-CA03290BA1C9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2CA63D2-5DCA-4E02-8BB5-E78FCAE8A5B0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5860F3F-3C82-4438-9CDF-07A80C13DAEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2482B2A-E8D7-401B-9A1C-1E8401B4698C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8346E007-936B-4DEF-8B7B-93A4F850126A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33A9EF43-238F-4DA2-B0CA-65995BD92673}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{3562B4F3-95FD-44EF-AE85-1E1D39906D0F}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{7B0497EC-2FC6-4F11-8EF7-4C27E7477304}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{30DF26CB-6DF5-41E7-9604-E48FBF5780BA}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{3D2E529B-5AA1-40AC-88E7-FD62CF3ADEAF}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{D192103A-704A-444B-9FB2-0E7D8CA10A68}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{2550D2C3-6523-4949-BE53-97B27E317ED0}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{56DDA718-FABC-46DB-970F-EDC0ABCB3B0E}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{A3E31E51-7E4C-4B62-9C51-95A38FD88E5A}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{07C9DC81-A46B-4912-A3A5-B78CC9EF1776}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{CFF49608-034B-4723-BAEA-6B4B129268E3}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{0AB0898B-8194-4559-98CB-9711B8AA9AFB}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{36BCC70B-0E81-474D-BE21-151593909423}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AFE61C7E-B28F-423C-8680-AF9812E8ADED}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
07-11-2021 01:24:53 prebiosupdate11/7/2021
09-11-2021 15:57:55 prebios update 11/9/2021
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/09/2021 04:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WUDFHost.exe, version: 10.0.19041.1, time stamp: 0xe092f869
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process id: 0x7a0
Faulting application start time: 0x01d7d5bee879a8c0
Faulting application path: C:\Windows\System32\WUDFHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c3a9d69d-914f-4fa0-9072-6e0446ea8740
Faulting package full name:
Faulting package-relative application ID:
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-2016B3GJ.local already in use; will try LAPTOP-2016B3GJ-2.local instead
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 LAPTOP-2016B3GJ.local. Addr 172.16.128.122
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.16.128.122:5353 16 LAPTOP-2016B3GJ.local. AAAA FD00:0000:0000:0000:0000:0000:0000:0001
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-2016B3GJ.local. AAAA FE80:0000:0000:0000:6135:CB72:0A04:DB41
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.16.128.122:5353 16 LAPTOP-2016B3GJ.local. AAAA FD00:0000:0000:0000:0000:0000:0000:0001
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 LAPTOP-2016B3GJ.local. Addr 172.16.128.122
Error: (11/09/2021 04:18:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.16.128.122:5353 16 LAPTOP-2016B3GJ.local. AAAA FD00:0000:0000:0000:0000:0000:0000:0001
System errors:
=============
Error: (11/09/2021 04:36:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll
Error Code: 21
Error: (11/09/2021 04:33:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Check Point Endpoint EFR service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
Error: (11/09/2021 04:33:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CPEFR service.
Error: (11/09/2021 04:20:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service hung on starting.
Error: (11/09/2021 04:18:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/09/2021 04:18:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect.
Error: (11/09/2021 04:17:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/09/2021 04:10:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2020-09-26 21:40:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-24 21:36:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-23 22:14:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-22 15:46:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-09-21 15:21:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-11-09 16:39:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\setup\uat_3860.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-11-09 16:38:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-11-09 16:38:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.
Date: 2021-11-09 16:35:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.56 12/22/2020
Motherboard: HP 820B
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 12177.91 MB
Available physical RAM: 4835.61 MB
Total Virtual: 19345.91 MB
Available Virtual: 11665.98 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:693.51 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{7fa2447e-8971-47d6-b319-bab457e9d71c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{2eb2561d-35a1-42b7-ae9b-56b280e0f6dc}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 775F3BD2)
Partition: GPT.
==================== End of Addition.txt =======================
Note: This was run over a month ago. Some things may have changed more than I am aware of. I am pretty sure that some things have changed due to Windows Updates. I have turned off virtual shield, and have a new VPN, and I do not recall ever using firefox. Some other software in there has been disabled. Please let me know if anything looks like malware or a virus. To me it looks like software, missing files, and registry keys. Then errors. I wonder what @restorequarantine is. I have been looking for a way to detect something that is probably hidden on my laptop due to suspicious activity.
Joshuacm
2021-12-16, 06:45
note: since i don't know how to edit, it is not virtual shield that is off, but something else.
I saw a couple of things which are minor
ZoneAlarm Anti-Ransomware with Firewall, Avast Software, Bitdefender Agent, UnHackMe and Combo Cleaner anti-malware capabilities, all have browser guards and similar duties....possibly causing a conflict.
~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Do you have any logs from running RogueKiller?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@restorequarantine appears to come from UnHackMe
due to suspicious activity <== whats been happening?
If you did not download or use Firefox, uninstall from the control panel programs list.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Return to the Farbar Recovery Scan Tool app
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download and run AdwCleaner
Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.
============================================
Please post these 2 logs when finished.
Joshuacm
2021-12-16, 22:59
i don't have firefox in programs and features. That could be potentially from copying data from a previous computer several years ago. Something on the system may have been copied, but I don't have it installed. Nothing is in any program files directory or programdata. I would like to ask some questions prior to doing those steps. Will running a fix after running farbar again potentially mess up anything such as conflicting programs, or anything that Windows Update may have messed up, or that the program does not understand? I do not understand this completely, but I understand that some programs that I tried to run in the past would not function (speficifically some security programs). I know that Windows Update deleted some software, hid some software, and it also corrupted and changed Windows settings at times. It also seems like it likely removed some options to update certain drivers. Do you know what farbar would fix? I am not sure that farbar has detected any viruses or malware, but it has shown that there is software, errors, and registration keys. Can I choose what to fix? How do I know what needs to be fixed and what is actually harmful?
What is the difference between adwcleaner and regular malwarebytes? I see that they are both made by the same company. Does the program give an option for the user to tell it what to delete and not to delete/quarantine? I am aware also that PUPs and PUAs are not all dangerous programs. Some program told me before that my Garmin software was such a program. I see a lot of false positives with some software.
Files transfered over can be removed using Farbar, what we find for Firefox can be removed.
Will running a fix after running farbar again potentially mess up anything such as conflicting programs, or anything that Windows Update may have messed up, or that the program does not understand?
No.
What I had scripted for the tool to remove was a tidy up of missing file extensions, EmptyTemps and remove policy restrictions.
Looking at your logs I see what looks like an abundance of security apps, possibly not a good idea to have so many and if Windows updates are toying around with system settings theres really not much I can do about that.
The tools we use to help remove adware/malware has nothing to do with Windows updates or any features it provides your machine.
As for driver updates, it's always best to go to the manufacturers web site and enter info for your machine there to see whats available or needed, that's the most trusted way.
Can I choose what to fix? How do I know what needs to be fixed and what is actually harmful?
Unless you've been schooled in how to use this tool don't make the mistake of doing as you asked.
If your not satisfied here that I can help you I can refer you to a different site that also assists in malware removal.
What is the difference between adwcleaner and regular malwarebytes? I see that they are both made by the same company. Does the program give an option for the user to tell it what to delete and not to delete/quarantine? I am aware also that PUPs and PUAs are not all dangerous programs. Some program told me before that my Garmin software was such a program. I see a lot of false positives with some software.
Adwcleaner and regular malwarebytes are 2 different tools used to help dig into certain areas common to find hidden malicious items.
Originally not made by the same company, one bought out the other to make it a short comment.
Both of these tools have been used by millions and have a high standard of quality backed by many researchers to keep the data bases updated. There are options in the tool settings that allow you to see what was found and allow you to remove or leave.
Questions on some findings refered to as a false positives can be argued at the tool web site, but typically they were in the past to have a shady history of what the tools also downloaded and connected to that might have added them to the list of PUPs and PUA.
I personally have used these tools and have not experienced problems, my machine was clean but, I understand you might have reason to hold off.
I had set Farbar's to create a restore point first in case of error.
Let me know if you want to proceed with the scans.
Joshuacm
2021-12-17, 21:34
i noticed that i did not reply about rogue killer. if i had logs, they would be from a long time ago. I would not be able to provide logs for that.
What kind of scripts do you mean for Farbar? Or is it for the other program? I am a little worried about how it fixes things, as sometimes security programs might erase or correct something that does not need to be fixed, because it sees it as problematic. Perhaps, even though I am not an expert on the program, if it shows what needs fixed, i could see a listing, and have it fix specific things? But are you able to tell me from the list if anything might be more than a conflict?
I suppose that i could set a restore point for either program, yet sometimes I have noticed that restore points disappeared, even if I did not restore Windows. This may be due to a windows update.
I suppose that i could set a restore point for either program, yet sometimes I have noticed that restore points disappeared, even if I did not restore Windows. This may be due to a windows update. Windows has a way of pruning out old restore points, it can't save them all but hold to the newest.
i noticed that i did not reply about rogue killer. if i had logs, they would be from a long time ago. I would not be able to provide logs for that. It's listed I think in your add remove programs list in the control panel, you should uninstall/remove that in case it should prevent you from trying to use the tool again.
What kind of scripts do you mean for Farbar? Or is it for the other program? I am a little worried about how it fixes things, as sometimes security programs might erase or correct something that does not need to be fixed, because it sees it as problematic. Perhaps, even though I am not an expert on the program, if it shows what needs fixed, i could see a listing, and have it fix specific things? But are you able to tell me from the list if anything might be more than a conflict?
Early on I commented on the amount of security apps you have on your machine,
ZoneAlarm Anti-Ransomware with Firewall, Avast Software, Bitdefender Agent, UnHackMe and Combo Cleaner anti-malware capabilities, all have browser guards and similar duties....possibly causing a conflict.
With all the above and Windows updates being applied it can have the possibilities of issues happening. IF their happening, I have no way of knowing.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
If you have concerns over doing these things I have listed I need to know. If your uncomfortable here I can list other web sites that assist in malware removals.
Can I always fix things?, NO. I can't but. I try to.
I can suggest a windows forum that deals mostly with Windows performance if needed or if you think that's the cause of your issues?
And if thats what you decide you just copy and paste the link from here for those to see what tools and scripts show.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Below is the script I created for Farbar Recovery Scan Tool if you look back to post #5
I had scripted in for the machine to create a restore point.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Return to the Farbar Recovery Scan Tool app
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshuacm
2021-12-18, 23:45
Something that I should mention is that it appears that after one of the Windows Updates recently, is that it changed my main account so that it is not an administrator account anymore. It does appear that sometimes I can run some programs as an administrator, but most of the times, I cannot. I think it is because of Wi dundows Update. Sometime recently, I was able to run Powershell with administrator privileges, but not long after that, Windows tried to get me to by Office 365 in order to use administrator privileges. I also noticed that I often cannot use them anymore, and that this profile no longer shows it is an administrator account.
Rogue Killer does not seem to be running automatically. I find that Unhackme and some registry scanner will run at startup until I turn them off. They appear to be 32-bit and not in Programs and Features. I would have to uninstall them manually. One of the other security programs that was previously mentioned, I made it so it will not run.
I do think that i may have changed Chrome so it will not automatically update, due to it causing Windows to crash. Is there a way to restore administrator privileges? I do have alternate administrator accounts. I know there is a built-in account, and i have an alternate administrator account.
OK
I think we're at a point where I am not able to help but, I can refer you to sites that possibly can.
https://answers.microsoft.com/en-us/windows/forum/all/administrative-privileges-lost-on-windows-10/4ae13a5f-f10b-4c0f-9505-f1cd6a9dfd64
Microsoft has an article to reclaim administrator rights to a profile, you will have to go into recovery mode to get there.
https://www.sysnative.com/forums/forums/windows-10.148/
Login or register, also this site is more likely to help with lost privileges then I am.
Login or register to the below site if you think there is still something malicious on your machine.
https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/
Joshuacm
2021-12-20, 06:43
i will try those threads. However, i have noticed that i can run farbar in administrator mode. But it is true that i cannot run some things in administrator mode. My other profile shows it is still an administrator account. However, there are multiple problems on this system such as the other profile cannot connect to the internet..... i found that on that profile, if i go to airplane mode, i cannot get out of it, and when i switched profiles, i was in airplane mode automatically while the other one was not, and when i turned off airplane mode in the main one, it was still showing the icon, after it said it was off. Temporarily, it also could not go to the control panel or settings. I wonder if it had anything to do with logging into a specific account. That should not have anything to do with windows settings. Also, the keyboard buttons should not be disabled in one profile, and then when i login to the other profile after logging off of the account in the other profile and not having airplane mode on, i should not be automatically in airplane mode and stuck in it.
Joshuacm
2021-12-20, 07:31
Note: I did find that when I ran farbar in admin mode, it updated and IDP.HELU.AID15 was detected after updating it. Is that a false positive, or is that a serious threat?
Note: I did find that when I ran farbar in admin mode, it updated and IDP.HELU.AID15 was detected after updating it. Is that a false positive, or is that a serious threat?
That is a false-positive
https://www.bleepingcomputer.com/forums/t/728113/puawin32driverupdater-and-help-ruling-out-virus/
AVAST pinged the program as a virus called IDP.HELU.AID15.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program you can add it to the trusted list or delete it and download it again from the link I provide.
Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
And since you have opened a new topic asking for help at BleepingComputers, I will close this topic.
https://www.bleepingcomputer.com/forums/t/765542/i-have-a-problem-ran-farbar-as-admin-but-it-updated-and-was-infected/