PDA

View Full Version : Is this machine hopeless?



1oldman
2022-05-02, 04:56
Hello again, as the title suggests, this may be hopeless but I'd like to see if there is chance that this machine can be salvaged.
First, a brief history of the computer in question. I was given the computer by an IT department, they were upgrading so the price was right. Since I first started it up there has been no account password on either of the user accounts I see, they will load automatically when one is chosen. I try to sign in to set basic account security and get told I don't have the proper password...
No one that I've contacted has been able to come up with login info, still working on that. Also worth noting that when I downloaded and tried to run FRST, I was told on both user accounts that I didn't have permission. I was finally able to download and run it from the Bleeping Computer site today although the update failed.
The first thing that made me suspicious of the computer (besides the lack of log in credentials) was that while messing around with the ProcMon64 tool I noticed "Name collisions" and then a series of "buffer overflows" that, in spite of my lack of skill jumped out at me. After finally getting the FRST results, I'm wondering if, well, see thread title.
My hope is that at some point I can get control of the user accounts, short of that I'll likely throw the hard drive in the trash and plug in a different one. Thanks very much in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Home-Pc (administrator) on DESKTOP-8AQ2J5E (Dell Inc. OptiPlex 790) (01-05-2022 18:11:47)
Running from C:\Users\Home-Pc\Desktop
Loaded Profiles: Home-Pc
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\.Battle.net.exe.432.7740.temp <3>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7661\Agent.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_61da2dd1459ab6aa\RstMwService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe
(services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3392528 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012D26CF-2A06-46B3-8BF8-7A7EAA84BB46} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {0FE33493-0C13-41BA-8EC3-92E5CFC9656A} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3632112 2022-02-03] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {10D091C1-065B-4CDD-BDAD-38939FDF37FA} - System32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {28B45BB2-5879-43F4-AAE8-3056FB922BD1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {3936847A-B7F8-45BF-BA97-8FAE27DEEC2C} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {3F76B022-96FF-4052-AA80-652748168243} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
Task: {61BE0A07-17F1-4DCE-B80E-13A89EC08615} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {6618C710-DC33-436F-86A2-2983395514E1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {6E00F8AF-E3A8-425E-8648-D899028D0E21} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8DC83BD6-52C3-485F-B048-C810B628AB69} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {CC2EF7FB-3A4B-4955-9B0A-577F4B3B4D56} - System32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {F697D847-1477-468A-AA32-7B45615973C1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.3.9\WSCStub.exe [646520 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {FF8C1F4C-E262-43A0-B91D-5D1EA7809799} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{a7f57898-8771-4266-ba31-8849f416c369}: [DhcpNameServer] 192.168.0.1 205.171.3.65

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]
Edge NewTab: Default -> Active:"chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html"
Edge DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
Edge DefaultSearchKeyword: Default -> nortonsafe
Edge DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}
Edge Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-04-20]
Edge Extension: (Norton Safe Search) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2022-04-20]
Edge Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2022-04-20]
Edge Extension: (Norton Home Page) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2022-04-20]

FireFox:
========
FF DefaultProfile: 9pveu3z0.default
FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\9pveu3z0.default [2021-12-05]
FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release [2022-05-01]
FF Extension: (Facebook Container) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@contain-facebook.xpi [2022-03-17]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@testpilot-containers.xpi [2022-04-22]
FF Extension: (HTTPS Everywhere) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\https-everywhere@eff.org.xpi [2021-12-05]
FF Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\idsafe@norton.com.xpi [2022-04-18]
FF Extension: (VT4Browsers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\info@virustotal.com.xpi [2022-04-05]
FF Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2022-03-11]
FF Extension: (Firefox Relay) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\private-relay@firefox.com.xpi [2022-04-27]
FF Extension: (Privacy Possum) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2021-12-05]
FF Extension: (NoScript) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-01-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2022-01-22] <==== ATTENTION

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe [344888 2022-04-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe [1059176 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [360976 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\BASHDefs\20220428.021\BHDrvx64.sys [1672184 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S4 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-27] (Microsoft Corporation) [File not signed]
S4 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\ccSetx64.sys [191200 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 GKUPRO2D; C:\Windows\System32\drivers\GKUPRO2D.sys [146320 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 GSCAuxDriver; C:\Windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_fe9355c6b52fb409\GSCAuxDriverx64.sys [71432 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
S3 GSCx64; C:\Windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_e0a6bd87d5543f55\TeeDriverGSCW8x64.sys [243976 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2021-09-21] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2021-09-21] (Intel Corporation -> Intel Corporation)
S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1489272 2021-09-21] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\IPSDefs\20220429.061\IDSvia64.sys [1515512 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2021-09-21] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [84144 2020-09-10] (LSI Corporation -> LSI Corporation)
S0 megasas2; C:\Windows\System32\drivers\megasas2.sys [57520 2020-09-10] (LSI Corporation -> LSI Corporation)
S0 megasas35; C:\Windows\System32\drivers\megasas35.sys [112632 2020-09-10] (Avago Technologies U.S. Inc. -> Avago Technologies)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\nsvst.sys [56080 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [95632 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [229384 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSP64.SYS [941256 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSPX64.SYS [50376 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1616030.009\SYMEFASI64.SYS [2030768 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1616030.009\SymELAM.sys [31984 2022-04-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93120 2022-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.21.11.46\SymPlatform\SymEvnt.sys [712432 2021-06-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1616030.009\Ironx64.SYS [319152 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1616030.009\symnets.sys [575344 2022-04-04] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\wpCtrlDrv.sys [1015760 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-01 18:11 - 2022-05-01 18:13 - 000018459 _____ C:\Users\Home-Pc\Desktop\FRST.txt
2022-05-01 18:06 - 2022-05-01 18:06 - 002366976 _____ (Farbar) C:\Users\Home-Pc\Desktop\FRST64.exe
2022-05-01 17:45 - 2022-05-01 17:45 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2022-05-01 16:14 - 2022-05-01 16:15 - 009786184 _____ C:\Users\Home-Pc\Desktop\5-1.pcapng
2022-05-01 14:11 - 2022-05-01 14:11 - 108750612 _____ C:\Users\Home\Documents\Home 5-1 install start-up.pcapng
2022-05-01 14:04 - 2022-05-01 14:04 - 000000000 ____D C:\Users\Home\Desktop\SysinternalsSuite
2022-05-01 14:01 - 2022-05-01 14:01 - 047840922 _____ C:\Users\Home\Desktop\SysinternalsSuite.zip
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Roaming\Mozilla
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\LocalLow\Mozilla
2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Local\Mozilla
2022-05-01 13:28 - 2022-05-01 14:11 - 000000000 ____D C:\Users\Home\AppData\Roaming\Wireshark
2022-05-01 13:27 - 2022-04-30 21:28 - 000455527 ____R C:\Windows\system32\Drivers\etc\hosts.20220501-132723.backup
2022-04-30 22:33 - 2022-04-30 22:33 - 000000000 ____D C:\Users\Home\AppData\Local\Norton
2022-04-30 22:26 - 2022-04-30 22:26 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1001
2022-04-30 22:26 - 2022-04-30 22:26 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1001
2022-04-30 22:15 - 2022-04-30 22:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Norton
2022-04-30 22:05 - 2022-04-30 22:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-8AQ2J5E-Windows-10-Pro-(64-bit).dat
2022-04-30 22:05 - 2022-04-30 22:05 - 000000000 ____D C:\RegBackup
2022-04-30 22:04 - 2022-04-30 22:04 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2022-04-30 22:02 - 2022-04-30 22:04 - 000019843 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2022-04-30 21:52 - 2022-04-30 21:52 - 007333288 _____ (Tweaking.com) C:\Users\Home-Pc\Desktop\tweaking.com_registry_backup_setup.exe
2022-04-30 21:28 - 2022-01-22 23:56 - 000116156 _____ C:\Windows\system32\Drivers\etc\hosts.20220430-212806.backup
2022-04-29 13:15 - 2022-04-29 13:15 - 003769764 _____ C:\Users\Home-Pc\Desktop\4-29.pcapng
2022-04-28 20:36 - 2022-04-28 20:36 - 001849712 _____ C:\Users\Home-Pc\Desktop\4-28.pcapng
2022-04-28 01:04 - 2022-04-28 01:04 - 007889156 _____ C:\Users\Home-Pc\Documents\DESKTOP-8AQ2J5E.arn
2022-04-26 02:48 - 2022-04-26 02:48 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-04-26 02:47 - 2022-04-26 02:47 - 000011821 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-04-26 02:45 - 2022-04-26 02:45 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-04-26 02:45 - 2022-04-26 02:45 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-04-26 02:06 - 2022-04-26 02:06 - 000000000 ___HD C:\$WinREAgent
2022-04-25 01:14 - 2022-04-25 01:14 - 000000360 _____ C:\Users\Home-Pc\Desktop\4-25.txt
2022-04-23 05:41 - 2022-04-23 05:41 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-04-21 02:04 - 2022-04-21 02:04 - 000000796 _____ C:\Users\Home-Pc\Desktop\Manage Storage Spaces - Shortcut.lnk
2022-04-18 22:34 - 2022-04-18 22:34 - 001616921 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_18_2022.zip
2022-04-18 19:20 - 2022-04-18 19:25 - 000000000 ___HD C:\ProgramData\CanonIJMIG
2022-04-18 19:20 - 2022-04-18 19:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
2022-04-18 19:19 - 2022-04-18 19:20 - 000000000 ___HD C:\ProgramData\CanonIJScan
2022-04-18 19:18 - 2022-04-18 19:20 - 000000000 ____D C:\Users\Home-Pc\AppData\Roaming\Canon
2022-04-18 19:18 - 2022-04-18 19:18 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2022-04-18 19:08 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
2022-04-18 19:08 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\SysWOW64\CNC176DD.TBL
2022-04-18 19:08 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2022-04-18 19:07 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
2022-04-18 19:06 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2022-04-18 19:06 - 2022-04-18 19:06 - 000002094 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX2
2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX
2022-04-18 19:01 - 2022-04-18 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2022-04-18 19:01 - 2022-04-18 19:06 - 000000000 ____D C:\Program Files\Canon
2022-04-18 19:00 - 2022-04-18 19:00 - 000002435 _____ C:\Users\Public\Desktop\Canon MG2500 series On-screen Manual.lnk
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\ProgramData\CanonBJ
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\Program Files\CanonBJ
2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
2022-04-18 19:00 - 2013-03-24 05:00 - 000391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
2022-04-18 19:00 - 2013-02-04 15:12 - 000367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
2022-04-18 19:00 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\system32\CNC176DD.TBL
2022-04-18 19:00 - 2012-11-08 13:04 - 000282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
2022-04-18 19:00 - 2012-11-08 13:03 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
2022-04-18 19:00 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2022-04-18 18:56 - 2022-04-18 19:08 - 000000000 ____D C:\Program Files (x86)\Canon
2022-04-18 18:55 - 2022-04-18 18:55 - 049442352 _____ C:\Users\Home-Pc\Downloads\win-mg2500-1_1-ucd.exe
2022-04-18 18:28 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBX.DLL
2022-04-18 12:57 - 2022-04-18 12:57 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2022-04-18 12:57 - 2022-04-18 12:57 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2022-04-18 12:57 - 2022-04-18 12:57 - 000000000 ____D C:\Program Files\Google
2022-04-16 20:49 - 2022-04-16 20:50 - 045712100 _____ C:\Users\Home-Pc\Downloads\1_xilns5nx.webm
2022-04-14 13:56 - 2022-04-14 13:56 - 000179913 _____ C:\Users\Home-Pc\Downloads\or-mt-access-designated-record-set.pdf
2022-04-12 18:11 - 2022-04-12 18:11 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Spoon
2022-04-12 17:52 - 2022-04-12 17:52 - 000000000 ____D C:\Users\Home-Pc\Desktop\HealthSummary_Apr_12_2022(1)
2022-04-12 17:47 - 2022-04-12 17:47 - 000619385 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_12_2022(1).zip
2022-04-12 17:46 - 2022-04-12 17:46 - 000619385 _____ C:\Users\Home-Pc\Downloads\HealthSummary_Apr_12_2022.zip
2022-04-12 11:12 - 2022-04-12 11:12 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-04-12 11:12 - 2022-04-12 11:12 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2022-04-10 20:53 - 2022-04-10 20:53 - 008400790 _____ C:\Users\Home-Pc\Downloads\CL#21-0804.pdf
2022-04-06 09:30 - 2022-05-01 16:34 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2022-04-06 09:30 - 2022-04-06 20:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-04-06 09:30 - 2022-04-06 09:30 - 000003374 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2022-04-05 14:32 - 2022-04-12 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-01 18:12 - 2021-12-16 11:31 - 000000000 ____D C:\FRST
2022-05-01 18:11 - 2021-12-06 15:28 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Battle.net
2022-05-01 18:09 - 2021-12-05 21:40 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Mozilla
2022-05-01 17:42 - 2022-02-10 15:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-01 17:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-01 17:26 - 2022-02-03 22:11 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-01 16:57 - 2021-04-27 21:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-05-01 16:33 - 2021-12-06 15:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-05-01 16:26 - 2021-12-08 16:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-05-01 16:26 - 2021-04-27 21:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-01 16:26 - 2021-04-27 21:49 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-01 16:25 - 2019-12-07 03:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-05-01 16:24 - 2022-01-23 00:03 - 000000085 _____ C:\Windows\wininit.ini
2022-05-01 16:24 - 2021-12-08 16:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-05-01 15:39 - 2022-01-13 17:50 - 000015568 _____ C:\Windows\SysWOW64\bddel.dat
2022-05-01 14:05 - 2021-12-09 12:23 - 000095632 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2022-05-01 11:26 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home
2022-04-30 22:55 - 2021-11-24 13:49 - 000000000 ____D C:\Users\Home-Pc
2022-04-30 22:47 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2022-04-30 22:39 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home\AppData\Local\Packages
2022-04-30 22:34 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2022-04-30 22:26 - 2021-04-27 14:56 - 000002376 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-30 22:15 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-30 22:00 - 2022-03-14 09:17 - 000000000 ____D C:\Users\Home-Pc\Documents\Georgia
2022-04-30 21:58 - 2022-03-11 17:32 - 000000000 ____D C:\Users\Home-Pc\Desktop\moms stuff
2022-04-30 21:57 - 2022-03-02 10:49 - 000000000 ____D C:\Users\Home-Pc\Desktop\Useful command lines
2022-04-30 12:15 - 2022-03-14 09:19 - 000000000 ____D C:\Users\Home-Pc\Documents\Physics Forums
2022-04-30 11:39 - 2021-04-27 16:04 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-30 11:39 - 2021-04-27 16:04 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-29 00:29 - 2022-01-21 11:28 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2022-04-28 21:30 - 2021-11-29 13:09 - 000000000 ____D C:\ProgramData\Norton
2022-04-28 19:04 - 2019-12-07 03:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-04-28 17:36 - 2022-02-03 12:35 - 000000000 ____D C:\Program Files\Norton Utilities
2022-04-28 11:12 - 2022-02-03 12:36 - 000001921 _____ C:\Users\Home-Pc\Desktop\Norton Utilities.lnk
2022-04-28 11:05 - 2021-04-27 16:04 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-28 11:05 - 2021-04-27 16:04 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-27 18:24 - 2021-12-12 21:19 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1003
2022-04-27 18:24 - 2021-11-24 13:53 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1003
2022-04-27 18:24 - 2021-11-24 13:49 - 000002385 _____ C:\Users\Home-Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-26 03:20 - 2021-04-27 14:57 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-04-26 03:11 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2022-04-26 03:09 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2022-04-25 02:31 - 2022-03-14 10:28 - 000000000 ____D C:\Users\Home-Pc\Documents\Moms Meme's
2022-04-23 05:41 - 2021-11-24 13:57 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-04-21 19:26 - 2021-12-06 15:38 - 000000000 ____D C:\Program Files (x86)\Diablo III
2022-04-20 02:01 - 2021-12-08 18:04 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\CrashDumps
2022-04-19 17:20 - 2022-02-03 22:14 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05}
2022-04-19 17:20 - 2022-02-03 22:14 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6}
2022-04-18 19:10 - 2021-11-24 13:53 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\PlaceholderTileLogoFolder
2022-04-18 19:10 - 2021-11-24 13:50 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Packages
2022-04-18 19:08 - 2019-12-07 03:14 - 000000000 __RSD C:\Windows\Media
2022-04-18 18:44 - 2021-12-17 19:25 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\ElevatedDiagnostics
2022-04-12 18:50 - 2021-04-27 21:49 - 000451392 _____ C:\Windows\system32\FNTCACHE.DAT
2022-04-12 18:49 - 2021-12-05 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-12 16:43 - 2021-04-27 14:59 - 000000000 ____D C:\Windows\system32\MRT
2022-04-12 16:41 - 2021-04-27 14:59 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-04-12 11:13 - 2021-12-09 22:19 - 000000000 ____D C:\Program Files\Wireshark
2022-04-12 09:22 - 2021-12-05 21:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-12 09:22 - 2021-12-05 21:40 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-04-06 20:35 - 2022-02-04 15:20 - 000002409 _____ C:\Users\Public\Desktop\Norton Security.lnk
2022-04-06 15:06 - 2021-12-05 20:21 - 000000000 ____D C:\Program Files\Common Files\AV
2022-04-06 09:30 - 2022-02-04 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2022-04-04 21:35 - 2021-04-27 15:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2022-01-23 00:04 - 2022-01-23 00:04 - 000000063 _____ () C:\Users\Home-Pc\AppData\Roaming\Safer-Networking.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Home-Pc (01-05-2022 18:14:41)
Running from C:\Users\Home-Pc\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) (2021-11-24 16:57:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2199619703-1585671556-87930541-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2199619703-1585671556-87930541-503 - Limited - Disabled)
Guest (S-1-5-21-2199619703-1585671556-87930541-501 - Limited - Disabled)
Home (S-1-5-21-2199619703-1585671556-87930541-1001 - Administrator - Enabled) => C:\Users\Home
Home-Pc (S-1-5-21-2199619703-1585671556-87930541-1003 - Administrator - Enabled) => C:\Users\Home-Pc
WDAGUtilityAccount (S-1-5-21-2199619703-1585671556-87930541-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google)
inSSIDer (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\inSSIDer) (Version: 5.5.0 - MetaGeek, LLC)
IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
Ksanka-Punctuation Keys (HKLM\...\{7218FCE2-2B46-4CB5-ADE6-6B215388C930}) (Version: 1.0.3.40 - Languagegeek.com)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.3.9 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.5.428 - NortonLifeLock Inc)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.55 - Nmap Project)
Sandboxie 5.53.3 (64-bit) (HKLM\...\Sandboxie) (Version: 5.53.3 - sandboxie-plus.com)
TreeSize Free V4.5.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.3 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-18] (Canon Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.27.1.0_x64__6rarf9sa4v8jt [2022-04-19] (Disney)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-24] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0 [2022-04-28] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers4: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-21 19:24 - 2022-04-21 19:25 - 104871424 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libcef.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libegl.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libglesv2.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\chrome_elf.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\audio\qtaudio_windows.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qgif.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qico.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qjpeg.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qmng.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qsvg.dll
2022-04-21 19:24 - 2022-04-21 19:24 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qtiff.dll
2022-04-21 19:25 - 2022-04-21 19:25 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\platforms\qwindows.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Core.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Gui.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Multimedia.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Network.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Qml.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Quick.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Svg.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Widgets.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5WinExtras.dll
2022-04-21 19:26 - 2022-04-21 19:26 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 03:14 - 2022-05-01 13:27 - 000455527 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 ecyb.com
127.0.0.1 www.edbay.it
127.0.0.1 edbay.it
127.0.0.1 www.edgealive.ru
127.0.0.1 edgealive.ru
127.0.0.1 www.edgeoffice.ru
127.0.0.1 edgeoffice.ru
127.0.0.1 edgestorm.net
127.0.0.1 www.edgestorm.net
127.0.0.1 edhq.com
127.0.0.1 www.edietprogram.com
127.0.0.1 edietprogram.com
127.0.0.1 www.edonkey.ca
127.0.0.1 edonkey.ca
127.0.0.1 www.edsex.info
127.0.0.1 edsex.info
127.0.0.1 www.edsex4.info
127.0.0.1 edsex4.info
127.0.0.1 www.edsherebuy.com
127.0.0.1 edsherebuy.com
127.0.0.1 edty.com
127.0.0.1 eduy.com
127.0.0.1 eebay.it
127.0.0.1 www.eebay.it
127.0.0.1 eeev.com
127.0.0.1 eepubblica.it
127.0.0.1 www.eepubblica.it
127.0.0.1 www.efbay.it
127.0.0.1 efbay.it
127.0.0.1 www.efbsex2.info

There are 15631 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F1095F8-C6D5-436A-970D-70FA42C1DB36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F0AAE6D-2E60-43BC-AA99-C093D33A7159}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FA23D43E-F872-42B6-BBA6-70FEF45C2966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7879EC4A-840A-43F9-8C18-FA79663ED3A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13173DB8-E639-451C-9191-2C44925C1D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8508CFC0-7B99-445E-85DC-025F488CAF48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4BA05DF9-A168-4249-94AF-4F0F9A62E881}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{305C3059-F2BE-4B67-8AAB-0B098AB50530}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1E0C5A5-309A-4A0B-B2EF-8FBD2E6342CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49F160EA-1B77-4F09-B0E1-677AB8B29D51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCC8D1AC-454C-417A-A73A-761451E4A93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C3B6544-6C58-4DB6-8E29-244429881B9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C5953C42-DB4D-469C-A03F-97E6033D7BD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{17E13EF3-999E-4179-9A71-CD0CDA384C21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

12-04-2022 17:18:02 Windows Modules Installer
20-04-2022 21:57:13 Scheduled Checkpoint
26-04-2022 02:01:21 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/01/2022 02:12:30 PM) (Source: Spybot Auto Update) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/30/2022 11:16:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 11:16:43 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 11:16:29 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

Error: (04/30/2022 09:21:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (05/01/2022 05:36:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Error: (05/01/2022 05:23:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.


Windows Defender:
================
Date: 2021-11-29 11:12:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 10:46:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-29 10:15:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-27 16:25:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-05-01 16:29:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2022-05-01 16:28:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A05 05/28/2011
Motherboard: Dell Inc. 0HY9JP
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 56%
Total physical RAM: 3976.93 MB
Available physical RAM: 1729.48 MB
Total Virtual: 7120.32 MB
Available Virtual: 4172.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.34 GB) (Free:88.45 GB) NTFS

\\?\Volume{35d99af4-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{35d99af4-0000-0000-0000-00193a000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 35D99AF4)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=505 MB) - (Type=27)

==================== End of Addition.txt =======================

Juliet
2022-05-02, 15:36
If it's hopeless or not?, I don't know.


brief history of the computer in question. I was given the computer by an IT department, they were upgrading so the price was right. Since I first started it up there has been no account password on either of the user accounts I see, they will load automatically when one is chosen. I try to sign in to set basic account security and get told I don't have the proper password...
This can be a problem. There have been restrictions placed on the computer we can attempt to fix but, not sure if the computers security app placed them or if the 'Company" placed them there.

As seeing obvious malware no, mainly restrictions but nothing that would point to not being able to sign in.
Have you tried to create a new user account?

Also possible, since it wasn't happy to allow Farbar Recovery Tool to be downloaded we might run into problems trying to run a script or download other tools to scan with.


Did you download or are you going to use:
Battle.net
Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\.Battle.net.exe.432.7740.temp <3>
Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7661\Agent.exe
NortonLifeLock Inc. -> NortonLifelock Inc
Norton 360

The term "name collision" refers to the nomenclature problem that occurs in computer programs when the same variable name is used for different things in two separate areas that are joined, merged, or otherwise go from occupying separate namespaces to sharing one.


Let's see if we can temporarily disable Norton Lifelock and Norton 360, it will need to be enabled back after you run the FRST script.
https://support.norton.com/sp/en/us/home/current/solutions/v116457581


Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*
SystemRestore:
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Press the Fix button.
FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

1oldman
2022-05-02, 21:39
Thank you very much for the fast reply. I'll answer your questions in order so as not to confuse responses.

I'll check on restrictions that may have been placed by the previous owners.

I have previously tried to create a new user account, that failed due to password restrictions. I will certainly give that another try very soon.

The FRST loaded and ran nominally, with the exception of the same update fail. I don't know how to interpret the fix results but I believe it ran okay.

The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?

Thank you for the info on name collisions, very useful perspective.

I wanted to get the fixlog posted asap but haven't had time to check out the account access issues yet,
I'll work on it this evening and let you know the results in my next reply.

Again, thank you so much for your help not to mention time.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Home-Pc (02-05-2022 11:55:31) Run:1
Running from C:\Users\Home-Pc\Desktop
Loaded Profiles: Home & Home-Pc
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*
SystemRestore:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google => removed successfully
HKLM\System\CurrentControlSet\Services\nhi => removed successfully
nhi => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

not found

========= End -> "C:\Windows\Temp\*.*" ========

SystemRestore: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 225854014 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Firefox => 52281891 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 527700 B
NetworkService => 548714 B
Home => 64307295 B
Home-Pc => 66811315 B

RecycleBin => 0 B
EmptyTemp: => 392.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:56:47 ====

Juliet
2022-05-03, 00:33
The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?Yes and no.
I've seen big name software and hardware names that I know are legal and non-malicious have 'file not signed" So a lot of research goes into logs to make sure if we see something we're not familiar with is checked.


Please download AdwCleaner (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your Desktop
Close all open programs and browsers
Right click on the icon and select Run as administrator
Click Scan now
Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
When completed click View Scan Log File
Copy and paste the contents in your reply
Click Skip Basic Repair if it appears then close the program

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

1oldman
2022-05-03, 10:11
Hi, I was very surprised to find that after running the FRST fix, I was suddenly able to set passwords and log into my MS account that I use on another computer. I'm not certain what exactly went right but your fix on the restrictions was most likely just what I needed. Thank you, I now have my computer back. One item that I noticed was that right after my MS account logged in through this computer, my entire network crashed. This computer, on the task bar, said it was connected to internet but couldn't connect through the browser or AV updates, everything else just lost internet. I logged out of my other MS account, switched back to this "local" account and everything is working fine (after a router reboot). Not sure what went on with the internet but I'll work on figuring that out later.

Here are the scan logs requested, thanks again for your help.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/3/22
Scan Time: 12:20 AM
Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.54478
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1682)
CPU: x64
File System: NTFS
User: DESKTOP-8AQ2J5E\Home-Pc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318564
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/3/22
Scan Time: 12:20 AM
Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.54478
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1682)
CPU: x64
File System: NTFS
User: DESKTOP-8AQ2J5E\Home-Pc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318564
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Juliet
2022-05-03, 15:17
It must had been the policy restrictions....my guess?

I don't think the machine is infected, and if you think we need to continue and do an online scan we can?

ESET Online Scanner:

Download ESET Online Scanner from the ESET website (https://www.eset.com/int/home/online-scanner/) by clicking the ONE-TIME-SCAN button on that webpage
Double-click the esetonlinescanner.exe file you downloaded to run the application
Select product language
Click Get started and confirm the User access control dialog of Windows
In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
Click Get started in the welcome screen
Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
Select the Full Scan type
Select the choice to enable detections of potentially unwanted applications (https://help.eset.com/getHelp?product=glossary&lang=1033&topic=unwanted_application) (PUA)
After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt then click Continue.
Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
The following steps are optional and are not required

If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback

Click Finish to exit ESET Online Scanner

1oldman
2022-05-06, 02:38
Hi, sorry about the delay in replying. It took several tries to get the scan complete but I finally managed it today. The computer is working great at this point, I assume it's not hopeless at all. Here are the ESET results, things look good from my end, Thank you again. I'll watch for your reply, take care.

5/5/2022 17:23:35 PM
Files scanned: 527774
Detected files: 0
Cleaned files: 0
Total scan time: 03:59:57
Scan status: Finished

Juliet
2022-05-06, 16:37
Nothing found was what I expected.

Your good to go.

Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools
- Delete now

Click the "Run" button.

https://github.com/KernelPan1k/KpRm/raw/master/screenshots/automatic.png


When the tool has finished, it will create and open a log report and delete itself.

1oldman
2022-05-08, 00:59
See title. :)

Juliet
2022-05-08, 14:30
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.