Results 1 to 7 of 7

Thread: All program shortcuts not working

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jan 2021
    Posts
    3

    Default All program shortcuts not working

    Hi,
    I ran Spybot one day and it found PU.SpeedTest 131 (which it was able to remove) and six PUPS-004 (which it said were not possible to remove since they were still working in memory or something like that - and that Spybot would start up again after a reboot and remove them)
    Next morning Spybot did start up automatically like it had said it would, and when I ran it again I got the same message that the PUPS could not be removed due to being active in memory.

    So I ran Bleachbit after first updating it and restarting. I ran it with the same settings I always use every morning. But this time after it was done I was not able to open any programs with any shortcuts anywhere - not even SpyBot - even if I go into Programs - it appears the programs are no longer there, but the names and the shortcuts are still visible.

    I don't know if the PUPS caused this or if something was changed in the update and Bleachbit caused this, but please help
    Thank you for being here!



    The logs are as follows:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
    Ran by V (administrator) on VENDELA-DESKTOP (08-01-2021 22:59:16)
    Running from H:\Farbar Recovery Scan Tool Bleeping Computer
    Loaded Profiles: V
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
    (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Andrew Ziem -> ) C:\Program Files (x86)\BleachBit\bleachbit.exe
    (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
    (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
    (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
    (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
    (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
    (Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
    (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Tresorit Kft. -> Tresorit) C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    HKLM-x32\...\Run: [IMSS] => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
    HKLM-x32\...\Run: [ExpressVPNNotificationService] => "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [File not signed]
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Zoom] => [X]
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [Tresorit] => C:\Users\V\AppData\Local\Tresorit\v0.8\Tresorit.exe [32804376 2020-12-10] (Tresorit Kft. -> Tresorit)
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [1161440 2020-09-15] (Express Vpn LLC -> ExpressVPN)
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\MountPoints2: {80b1b2c4-3037-11e2-8b00-806e6f6e6963} - D:\SETUP.EXE
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
    HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\Windows\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\87.1.18.78\Installer\chrmstp.exe [2021-01-08] (Brave Software, Inc. -> Brave Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk.disabled [2013-12-13]
    ShortcutTarget: ImageBrowser EX Agent.lnk.disabled -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2015-05-05]
    ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (No File)
    Startup: C:\Users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk.disabled [2014-12-30]
    ShortcutTarget: EvernoteClipper.lnk.disabled -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (No File)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0635FD96-1F8D-4513-80FA-193194F4DF4F} - System32\Tasks\{068590DC-6521-4BA5-8EF5-5893A2969D69} => C:\Windows\system32\pcalua.exe -a C:\Users\V\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_6.5.4.4720.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
    Task: {0E250BC7-950C-42A3-B186-FD9B6DF92A51} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
    "C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d" was unlocked. <==== ATTENTION
    Task: {12DF64C9-2537-4846-994B-A2A56DD47137} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {1E97F4FF-4D5A-4284-962A-9FE97BE7F343} - System32\Tasks\{A2A5DDC7-FC65-4D4C-8BD2-322C87E57169} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Desktop\shb_kortlasare.exe -d C:\Users\V\Desktop
    Task: {245D3C31-2C5E-4EEF-95C5-8E69FB8EF5BE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
    Task: {260A87B6-2C85-4FE1-AACA-211C3E96A52B} - System32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {3C2B5431-B579-4F1B-9454-8E8430DFCB69} - System32\Tasks\{A45E7AF1-28B8-45C3-9CC9-8CA857FF4B28} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    "C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" was unlocked. <==== ATTENTION
    Task: {3F784A64-5FBC-487E-B26E-99232C30D96C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {41218B50-BD6D-471B-AE39-155B7440B10B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    Task: {4A5D48AC-1DC3-45B7-B303-CCB695ADB9B7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Task: {4E628E33-1E42-4066-9EA1-4DE1625B66E9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
    Task: {5A2D3CA9-CEC3-4841-8666-05A29A00F605} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
    Task: {5F745D9A-EDA3-42FF-AFF4-E7F464DB4147} - System32\Tasks\{97BEA7E4-3AF6-41F3-984A-66FB5B6B9B13} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {69FC1478-9C17-4120-A999-49539B1C98D2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1738504 2015-09-04] (Intel(R) Software -> Intel Corporation)
    Task: {6D394EE7-BD9B-40B6-B61C-7CF6CC1A4C56} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    Task: {76E40658-CEF7-4D11-91E4-01D35F44E2AF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    Task: {8137D42F-EB2F-43EB-A776-698CFA2A5D46} - System32\Tasks\{0878759E-89D7-4069-B304-85D5D1B02C6E} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {81C69542-D639-40A3-99C3-F9D47C0C6F41} - System32\Tasks\{57CB18CA-18C0-493E-A4F6-DD23C9EDBF15} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {8B52CFBB-8C4D-40A1-B67C-63788D4F751A} - System32\Tasks\{038683BD-D6E7-4614-8F07-D83EFC18DE21} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {94E2556A-C0F9-4FE0-BDD8-F444A162B982} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
    Task: {98B2959C-01C8-4617-81D2-5EC6E2E8E2AD} - System32\Tasks\{32BE4989-89FF-4CC1-BB55-973B84FA440A} => C:\Program Files (x86)\Audacity\audacity.exe
    Task: {A3C4ACF0-AC34-41F0-8167-EECB0392FBD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: {A92F73A6-0A57-43EE-8959-9AEFFC179F24} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    "C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" was unlocked. <==== ATTENTION
    Task: {ACA3BC47-EF9B-4935-9A4A-F896A8477028} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {AD7C1240-808A-4303-8D50-E6EC258C6120} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
    Task: {B29627B2-EA18-4E20-B34F-4C0E6E26267E} - System32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000 => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2021-01-08] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {B3019D79-FC95-41DD-B7F2-3B546B4FF91F} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Task: {B68F01B8-621D-42B7-ACEE-B3FC2605B7EE} - System32\Tasks\{30435168-8CAF-444D-94F5-4D669F89C5EE} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {BA2DDE11-C344-4ABC-9146-88FEA55CE291} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
    Task: {BD567324-A810-4394-8B3F-058A3E77075C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe
    Task: {C4893018-60F6-4F9F-8E33-50F6071C75CC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
    Task: {C62AF088-E3F2-43FB-8A08-022D620D7AA9} - System32\Tasks\{A6DF4408-4142-4855-8631-2B2BA2AE6D41} => C:\Windows\system32\pcalua.exe -a C:\Users\V\Evernote\AutoUpdate\Evernote_6.7.5.5825.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
    Task: {CD09FD93-E87B-4664-84FD-2299C48AFDA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
    "C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" was unlocked. <==== ATTENTION
    Task: {D3A93B1C-C69A-4C08-B641-AC55B169CDFE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {D83096CF-3B85-4C58-AA89-C852E6433A9F} - \Pokki -> No File <==== ATTENTION
    Task: {E065CF8E-8874-4A8A-A7AC-24C504278088} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {E6DDB849-6882-4897-9C89-7BADFAEECD37} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
    Task: {ECC27D1A-6331-4650-8153-1DCA60106C7C} - System32\Tasks\{5E702ED3-50CE-4900-B756-967F080E98E9} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.0.0.126/e...LastError=1603
    Task: {ED50A085-D013-4D6C-A13E-EA8BE6524530} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
    Task: {F3B5B6BC-C515-4887-B390-63D660553792} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {F61F2334-028A-4CD4-AF1B-36FBB2F64CDA} - System32\Tasks\AdobeAAMUpdater-1.0-Vendela-Desktop-V => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
    "C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" was unlocked. <==== ATTENTION
    Task: {FEDBC755-CE2E-4D86-8000-A649856819E3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job => C:\Users\V\AppData\Local\GoToMeeting\19228\g2mupload.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
    Tcpip\..\Interfaces\{E0B65D48-D961-4B66-B151-B123EA3FD5BC}: [DhcpNameServer] 192.168.10.1

    Edge:
    ======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\V\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-21]

    FireFox:
    ========
    FF DefaultProfile: uc0ymu7c.default-1574636001328
    FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release [2021-01-08]
    FF Extension: (ETP Search Volume Study) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\jygdiui4.default-release\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-08-14]
    FF ProfilePath: C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 [2021-01-08]
    FF Session Restore: Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328 -> is enabled.
    FF Extension: (uBlock Origin) - C:\Users\V\AppData\Roaming\Mozilla\Firefox\Profiles\uc0ymu7c.default-1574636001328\Extensions\uBlock0@raymondhill.net.xpi [2020-12-19]
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [No File]
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
    FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
    FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\V\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-12-18] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: pokki.com/PokkiDownloadHelper -> C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
    FF Plugin HKU\S-1-5-21-558363904-2571121243-1357282318-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\tossc32.dll [No File]

    Chrome:
    =======
    CHR Profile: C:\Users\V\AppData\Local\Google\Chrome\User Data\Default [2021-01-08]
    CHR Notifications: Default -> hxxps://www.reddit.com
    CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> duckduckgo.com
    CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
    CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
    CHR Session Restore: Default -> is enabled.
    CHR Extension: (Google Drive) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
    CHR Extension: (DuckDuckGo) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-17]
    CHR Extension: (YouTube) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-05]
    CHR Extension: (Web Media Center) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\boahfmccdndnpmlllehgfkpeoccmkedj [2017-06-03]
    CHR Extension: (Cloud Audio Recorder) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\coiefjfjbldcapekmclpdfemapaifbmh [2018-07-16]
    CHR Extension: (ZIP Extractor) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2019-11-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
    CHR Extension: (Gmail) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
    CHR Extension: (Chrome Media Router) - C:\Users\V\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
    S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
    S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-21] (Brave Software, Inc. -> BraveSoftware Inc.)
    R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-09-15] (Express Vpn LLC -> ExpressVPN)
    S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
    R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
    R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Technology Access -> Intel(R) Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
    S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
    S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
    S3 GoogleChromeElevationService; "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\elevation_service.exe" [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
    S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\elevation_service.exe" [X]
    S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrfl.sys [41176 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
    S3 NetTap60; C:\Windows\System32\DRIVERS\nettap60.sys [51416 2015-04-30] (Intel(R) Technology Access -> Intel Corporation)
    S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2020-09-15] (ExprsVPN LLC -> The OpenVPN Project)
    S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Todos Data System AB)
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
    U3 aswbdisk; no ImagePath
    U3 aswblog; no ImagePath
    S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
    S3 expressvpnsplittunnel; \??\C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-01-08 22:57 - 2021-01-08 22:59 - 000000000 ____D C:\FRST
    2021-01-08 15:20 - 2021-01-08 15:20 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut (2).lnk
    2021-01-08 15:18 - 2021-01-08 15:18 - 000001587 _____ C:\Users\V\Desktop\SDWinSec.exe - Shortcut.lnk
    2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\Users\Public\Desktop\BleachBit.lnk
    2021-01-08 05:47 - 2021-01-08 05:47 - 000000985 _____ C:\ProgramData\Desktop\BleachBit.lnk
    2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BleachBit
    2021-01-08 05:47 - 2021-01-08 05:47 - 000000000 ____D C:\Program Files (x86)\BleachBit
    2020-12-31 08:42 - 2020-12-31 08:43 - 002148720 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST – 2022(1).pdf
    2020-12-28 08:31 - 2020-12-28 08:31 - 002188612 _____ C:\Users\V\Downloads\Vendela Mitchel -FORECAST-2021.pdf
    2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\Documents\Solar Fire User Files
    2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Roaming\Esoteric Technologies
    2020-12-24 17:48 - 2020-12-24 17:48 - 000000000 ____D C:\Users\V\AppData\Local\Esoteric Technologies
    2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\Users\Public\Desktop\Solar Fire v9.lnk
    2020-12-24 16:30 - 2020-12-24 16:30 - 000001902 _____ C:\ProgramData\Desktop\Solar Fire v9.lnk
    2020-12-24 16:30 - 2020-12-24 16:30 - 000000731 _____ C:\Windows\Solfire9.ini
    2020-12-24 16:30 - 2020-12-24 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Esoteric Technologies
    2020-12-23 08:18 - 2020-12-23 08:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (3).pdf
    2020-12-22 18:28 - 2020-12-22 18:28 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (3).pdf
    2020-12-21 19:15 - 2020-12-21 19:15 - 000215019 _____ C:\Users\V\Downloads\2018_12_Statement.pdf
    2020-12-21 18:36 - 2020-12-21 18:36 - 000145702 _____ C:\Users\V\Downloads\2020_1_Statement.pdf
    2020-12-21 17:53 - 2020-12-21 17:53 - 000143007 _____ C:\Users\V\Downloads\2019_12_Statement (2).pdf
    2020-12-21 16:26 - 2020-12-21 16:26 - 000053942 _____ C:\Users\V\Downloads\taxdocument (2).pdf
    2020-12-19 17:18 - 2020-12-19 17:18 - 000053942 _____ C:\Users\V\Downloads\taxdocument (1).pdf
    2020-12-19 17:16 - 2020-12-19 17:16 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement (1).pdf
    2020-12-18 19:38 - 2020-12-18 19:39 - 000067663 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.13151.20534.pdf
    2020-12-18 19:35 - 2020-12-18 19:35 - 000067102 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12915.13786.pdf
    2020-12-18 19:27 - 2020-12-18 19:27 - 000067113 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden.12461.24375.pdf
    2020-12-17 13:36 - 2020-12-17 13:37 - 000143008 _____ C:\Users\V\Downloads\2019_12_Statement.pdf
    2020-12-14 20:28 - 2020-12-14 20:28 - 000067549 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.16128.6810.pdf
    2020-12-14 19:19 - 2020-12-14 19:19 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11953.17654.pdf
    2020-12-14 19:15 - 2020-12-14 19:15 - 000067753 _____ C:\Users\V\Downloads\astro_2anz_vendela_sweden.11723.36641.pdf
    2020-12-14 19:13 - 2020-12-14 19:13 - 000067107 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hp.11595.16754.pdf
    2020-12-14 19:03 - 2020-12-14 19:03 - 000077153 _____ C:\Users\V\Downloads\astro_22anz_vendela_sweden_hw.11000.16897.pdf
    2020-12-14 07:10 - 2020-12-14 07:10 - 001072300 _____ C:\Users\V\Downloads\Vendela-REKTIF.pdf
    2020-12-14 07:10 - 2020-12-14 07:10 - 000308813 _____ C:\Users\V\Downloads\Vendela-Natal Chart Report.pdf

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-01-08 22:58 - 2009-07-13 21:13 - 000784326 _____ C:\Windows\system32\PerfStringBackup.INI
    2021-01-08 22:58 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
    2021-01-08 22:50 - 2015-05-29 20:34 - 000000610 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
    2021-01-08 22:20 - 2014-03-04 14:03 - 000000514 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000.job
    2021-01-08 21:20 - 2019-06-21 05:56 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
    2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\Users\Public\Desktop\Brave.lnk
    2021-01-08 21:20 - 2019-06-21 05:56 - 000002266 _____ C:\ProgramData\Desktop\Brave.lnk
    2021-01-08 21:03 - 2019-06-21 05:54 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
    2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2021-01-08 19:52 - 2009-07-13 20:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2021-01-08 19:44 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\Registration
    2021-01-08 18:45 - 2020-05-28 16:51 - 000000000 ____D C:\Users\V\.dbus-keyrings
    2021-01-08 06:24 - 2017-07-07 22:47 - 000000000 ____D C:\Users\V\AppData\Local\GoToMeeting
    2021-01-08 06:24 - 2015-05-29 20:34 - 000003642 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-558363904-2571121243-1357282318-1000
    2021-01-08 06:24 - 2014-03-04 14:03 - 000003546 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-558363904-2571121243-1357282318-1000
    2021-01-08 05:48 - 2020-03-03 18:21 - 000000000 ____D C:\Users\V\AppData\Roaming\discord
    2021-01-08 05:42 - 2020-09-22 15:59 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
    2021-01-08 05:42 - 2020-04-18 10:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2021-01-08 05:42 - 2012-11-16 13:46 - 000000000 ____D C:\Program Files (x86)\Intel
    2021-01-08 05:40 - 2012-11-19 09:57 - 000000000 ____D C:\Program Files (x86)\Adobe
    2021-01-08 05:30 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2021-01-06 17:57 - 2017-05-05 15:15 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-01-06 17:57 - 2017-05-05 15:15 - 000002189 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
    2021-01-06 06:13 - 2019-10-01 07:29 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2021-01-03 09:32 - 2019-03-10 10:05 - 000000000 ____D C:\Users\V\Downloads\New
    2020-12-26 09:25 - 2012-11-19 09:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-12-25 09:20 - 2012-11-16 13:51 - 000033992 _____ C:\Users\V\AppData\Local\GDIPFONTCACHEV1.DAT
    2020-12-25 09:16 - 2009-07-13 20:45 - 000250288 _____ C:\Windows\system32\FNTCACHE.DAT
    2020-12-23 15:18 - 2013-05-05 13:30 - 000001456 _____ C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
    2020-12-23 15:01 - 2019-11-25 09:02 - 000000000 ____D C:\Users\V\AppData\Local\CrashDumps
    2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\Users\Public\Desktop\TradeLog.lnk
    2020-12-21 20:20 - 2020-07-13 17:01 - 000001013 _____ C:\ProgramData\Desktop\TradeLog.lnk
    2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\Users\V\Documents\tradelog
    2020-12-21 20:20 - 2020-07-13 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeLog
    2020-12-19 23:15 - 2016-11-18 06:13 - 000000000 ____D C:\Users\V\AppData\LocalLow\Mozilla
    2020-12-19 11:24 - 2020-10-19 16:05 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2020-12-19 11:24 - 2020-10-19 16:05 - 000002188 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2020-12-16 05:58 - 2020-09-22 16:54 - 000000000 ____D C:\Users\V\AppData\Local\Downloaded Installations
    2020-12-16 05:58 - 2020-09-22 16:40 - 000000000 ____D C:\Users\V\AppData\Local\Tresorit

    ==================== Files in the root of some directories ========

    2016-07-31 16:29 - 2016-07-31 16:29 - 000000027 ____H () C:\ProgramData\.d59546f61165ae53742c10f688282916.dat
    2020-05-28 16:39 - 2020-05-28 16:39 - 000169554 _____ (BleachBit.org) C:\Program Files (x86)\uninstall.exe
    2020-06-12 18:36 - 2020-06-12 18:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2014-01-13 14:22 - 2015-05-23 23:36 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2015-11-25 22:12 - 2020-06-12 18:38 - 000000132 _____ () C:\Users\V\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2014-07-20 10:38 - 2017-11-22 10:43 - 000000034 _____ () C:\Users\V\AppData\Roaming\AdobeWLCMCache.dat
    2013-01-09 22:46 - 2013-01-14 20:43 - 000003072 _____ () C:\Users\V\AppData\Roaming\Photobook Designer Prefsv3
    2020-05-01 18:26 - 2020-05-01 18:26 - 000018408 _____ () C:\Users\V\AppData\Roaming\UserTile.png
    2014-09-30 19:21 - 2014-12-03 10:21 - 000000156 _____ () C:\Users\V\AppData\Roaming\WB.CFG
    2013-05-05 13:30 - 2020-12-23 15:18 - 000001456 _____ () C:\Users\V\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-10-09 23:21 - 2014-12-01 16:21 - 000000010 _____ () C:\Users\V\AppData\Local\DSI.DAT
    2018-09-26 09:18 - 2018-09-26 09:18 - 000000000 _____ () C:\Users\V\AppData\Local\oobelibMkey.log
    2018-01-06 23:16 - 2020-05-02 08:48 - 000007611 _____ () C:\Users\V\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2021-01-02 10:15
    ==================== End of FRST.txt ========================







    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
    Ran by V (08-01-2021 23:00:25)
    Running from H:\Farbar Recovery Scan Tool Bleeping Computer
    Windows 7 Home Premium Service Pack 1 (X64) (2012-11-16 21:35:26)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-558363904-2571121243-1357282318-500 - Administrator - Disabled)
    Guest (S-1-5-21-558363904-2571121243-1357282318-501 - Limited - Enabled)
    V (S-1-5-21-558363904-2571121243-1357282318-1000 - Administrator - Enabled) => C:\Users\V

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0_1) (Version: 19.0.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
    Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1939737088.1637808.1637864.0 - Audible, Inc.)
    BleachBit 4.2.0.1795 (HKLM-x32\...\BleachBit) (Version: 4.2.0.1795 - BleachBit)
    Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 87.1.18.78 - Brave Software Inc)
    Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - )
    Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
    Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
    Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
    Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.1.0 - Canon Inc.)
    ClamAV (HKLM\...\ClamAV_is1) (Version: 0.102.3 - Cisco Systems, Inc.)
    darktable (HKLM\...\darktable) (Version: 3.0.2 - the darktable project)
    Discord (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
    Evernote v. 6.22.3 (HKLM-x32\...\{B212CBD0-20F1-11EA-B312-005056951CAD}) (Version: 6.22.3.8816 - Evernote Corp.)
    ExpressVPN (HKLM-x32\...\{50a2d477-790e-4407-bd6a-06a5c5ce3c1d}) (Version: 8.0.0.1381 - ExpressVPN)
    ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B856CD7D96}) (Version: 8.0.0.1381 - ExpressVPN) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
    GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
    GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{1709a432-4aab-4ad0-870d-ff74abc41bdd}) (Version: 1.9.0.1021 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
    Intel(R) Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
    Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
    Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
    Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
    Mozilla Firefox 81.0 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0 (x64 en-US)) (Version: 81.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.2 - OBS Project)
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
    RescueTime 2.12.4.1450 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
    Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
    Security Task Manager 2.3e (HKLM-x32\...\Security Task Manager) (Version: 2.3e - Neuber Software)
    Shooter Suite v12.3.2 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 12.3.2 - Red Giant, LLC)
    Solar Fire v9 (HKLM-x32\...\{93397832-4E51-47E9-A10D-6C17C50E1F17}) (Version: 9.0.25 - Esoteric Technologies Pty Ltd)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Tradelog (HKLM-x32\...\TradeLog_is1) (Version: 15 - Cogenta Computing, Inc.)
    Tresorit (HKLM-x32\...\{1C482EFC-5175-48D4-B57D-0C2F160936B2}) (Version: 3.5.2432.1370 - Tresorit)
    Tresorit for Outlook (HKLM-x32\...\{814BC99F-BCBF-4A8B-BBB8-1B216DCA8921}) (Version: 1.0.85.85 - Tresorit)
    Zoom (HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{1B8DEAA1-E192-429B-89A7-89BD19183A67} -> [Tresorit Drive] => T:\0
    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{822B485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll (Tresorit Kft. -> )
    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\V\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
    CustomCLSID: HKU\S-1-5-21-558363904-2571121243-1357282318-1000_Classes\CLSID\{D6EB3938-8CBE-4CC5-8CFA-C89750619193} -> [Synced Tresors] => %USERPROFILE%\.tresorit\Tresors0
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
    ContextMenuHandlers1_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
    ContextMenuHandlers4_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )
    ContextMenuHandlers5_S-1-5-21-558363904-2571121243-1357282318-1000: [TresoritExt] -> {822B4859-CCDD-476C-ABDF-7F7A894A3CB7} => C:\Users\V\AppData\Local\Tresorit\v0.8\TresoritExt64_4.dll [2020-09-22] (Tresorit Kft. -> )

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::
    WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
    WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

    ==================== Loaded Modules (Whitelisted) =============

    2021-01-02 13:40 - 2021-01-02 13:40 - 000027136 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_bz2.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000035328 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ctypes.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000067072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_decimal.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000368128 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_hashlib.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_scandir.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000019968 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_socket.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000020480 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_sqlite3.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000537600 _____ () [File not signed] C:\Program Files (x86)\BleachBit\_ssl.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000082944 _____ () [File not signed] C:\Program Files (x86)\BleachBit\gi._gi.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000592384 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libcairo-gobject-2.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000287744 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libepoxy-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libffi-6.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000106496 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfontconfig-1.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000266752 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libfreetype-6.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000070656 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libgirepository-1.0-1.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000237568 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libharfbuzz-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000102400 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjasper-1.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libjpeg-8.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000093184 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libpng16-16.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000098816 _____ () [File not signed] C:\Program Files (x86)\BleachBit\librsvg-2-2.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000197632 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libtiff-5.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000118272 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libwebp-5.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000448512 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libxmlxpat.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000130560 _____ () [File not signed] C:\Program Files (x86)\BleachBit\libzzz.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000052224 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pyexpat.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000131072 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pythoncom34.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000050688 _____ () [File not signed] C:\Program Files (x86)\BleachBit\pywintypes34.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000299008 _____ () [File not signed] C:\Program Files (x86)\BleachBit\unicodedata.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000034304 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32api.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000118784 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32com.shell.shell.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000037888 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32file.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000047616 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32gui.pyd
    2021-01-02 13:40 - 2021-01-02 13:40 - 000036352 _____ () [File not signed] C:\Program Files (x86)\BleachBit\win32security.pyd
    2015-07-07 10:44 - 2015-07-07 10:44 - 000088064 _____ () [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000044544 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\libintl-8.dll
    2015-02-08 09:53 - 2015-02-08 09:53 - 000501248 _____ (iMatix Corporation) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\libzmq-v120-mt-3_2_4.dll
    2019-12-11 17:57 - 2019-12-11 17:57 - 000019968 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\381150874a7d9193173a6be9ae02975a\IAStorCommon.ni.dll
    2020-01-16 10:00 - 2020-01-16 10:00 - 000379392 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a172f6a28e83f214403475f218a838a8\IAStorUtil.ni.dll
    2015-02-08 10:20 - 2015-02-08 10:20 - 000111840 _____ (Intel(R) Technology Access -> NT Kernel Resources) [File not signed] C:\Program Files\Intel Corporation\Intel(R) Technology Access\ndisapi.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000346112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\BleachBit\MSVCR100.dll
    2019-12-11 17:57 - 2019-12-11 17:57 - 000027136 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\1940d3df103eed000444fff76f95a709\IAStorDataMgrSvcInterfaces.ni.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000022528 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\BleachBit\libwinpthread-1.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 001084928 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\BleachBit\python34.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000104960 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpango-1.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000021504 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangocairo-1.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000030208 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangoft2-1.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000025600 _____ (Red Hat Software) [File not signed] C:\Program Files (x86)\BleachBit\libpangowin32-1.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000424373 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\BleachBit\sqlite3.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000039424 _____ (Sun Microsystems Inc.) [File not signed] C:\Program Files (x86)\BleachBit\libatk-1.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000411136 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgio-2.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000455168 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libglib-2.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000009728 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgmodule-2.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000099840 _____ (The GLib developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgobject-2.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000093696 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk_pixbuf-2.0-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 000249344 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgdk-3-0.dll
    2021-01-02 13:40 - 2021-01-02 13:40 - 001592320 _____ (The GTK developer community) [File not signed] C:\Program Files (x86)\BleachBit\libgtk-3-0.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Version 11) (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKU\S-1-5-21-558363904-2571121243-1357282318-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho_64.dll => No File
    BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho.dll => No File
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll => No File
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll => No File

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-558363904-2571121243-1357282318-1000\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2020-04-26 20:45 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-558363904-2571121243-1357282318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\V\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.10.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: TrustedInstaller => 3

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{9D9D0D71-7A2F-4094-A325-E252B4A5CF3B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
    FirewallRules: [UDP Query User{0B460939-4E96-425F-9261-84096B29EBD3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
    FirewallRules: [TCP Query User{3CF95B4F-EBE8-4F56-AA30-8C00212BD5B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
    FirewallRules: [UDP Query User{A1CF92F9-057B-424F-B27C-A7EF26CCE676}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe => No File
    FirewallRules: [{E57D21BF-A810-4C86-BBDF-A46A9648DA7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{546A1AA9-E650-4ED1-ABC6-8794F448F702}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A644EC56-B3A9-41A7-A24D-4025BC0073FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
    FirewallRules: [{A46E5391-EB86-49EE-8DAE-1E7F48422899}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
    FirewallRules: [TCP Query User{157883BD-BC7F-4409-865F-CB9012E3CAAE}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
    FirewallRules: [UDP Query User{699998A5-9C8D-4943-8215-D5853B4C1C2E}C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe] => (Allow) C:\users\v\appdata\local\temp\bduninstall\x32\pcsftool.exe => No File
    FirewallRules: [TCP Query User{B73FF379-3BB4-4BCA-8202-7AAE65CF27B4}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
    FirewallRules: [UDP Query User{EB9035D6-B08D-4019-AD9F-DAF1578CA1EE}C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe] => (Block) C:\users\v\appdata\local\temp\bduninstall\x64\pcsftool.exe => No File
    FirewallRules: [{3CCB747D-B09A-49C5-8C9D-A197D5F2FCE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
    FirewallRules: [{BBF3C7D9-F91A-4910-86E8-60094468FBD7}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

    ==================== Restore Points =========================

    21-12-2020 05:48:52 Intel(R) Technology Access
    24-12-2020 16:28:10 Installed Solar Fire v9.
    26-12-2020 08:39:53 Revo Uninstaller's restore point - Adobe Flash Player 32 ActiveX
    31-12-2020 19:46:38 Intel(R) Technology Access
    01-01-2021 15:19:44 Intel(R) Technology Access

    ==================== Faulty Device Manager Devices ============

    Name: ExpressVPN TAP Adapter
    Description: ExpressVPN TAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ExpressVPN
    Service: tapexpressvpn
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (01/08/2021 03:22:43 PM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
    Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.

    Error: (01/08/2021 03:21:31 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/08/2021 03:21:16 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/08/2021 03:20:44 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/08/2021 03:16:22 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/08/2021 03:13:53 PM) (Source: SDWinSec.exe) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/08/2021 06:04:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: V-Desktop)
    Description: Product: Evernote v. 6.22.3 -- Error 1706. An installation package for the product Evernote v. 6.22.3 cannot be found. Try the installation again using a valid copy of the installation package 'Evernote.msi'.

    Error: (01/08/2021 06:01:29 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


    System errors:
    =============
    Error: (01/08/2021 02:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (01/08/2021 05:33:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/07/2021 05:49:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/06/2021 05:57:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/05/2021 06:00:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/04/2021 06:00:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/03/2021 09:27:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/02/2021 09:48:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).


    Windows Defender:
    ===================================
    Date: 2015-10-30 09:22:58.550
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...hreatid=223536
    Name:BrowserModifier:Win32/Pokki
    ID:223536
    Severity:High
    Category:Browser Modifier
    Path Found:file:C:\Users\V\AppData\Local\Pokki\analytics.db;file:C:\Users\V\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll;file:C:\Users\V\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe;file:C:\Users\V\AppData\Local\Pokki\Engine-old\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\avcodec-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avformat-54.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\avutil-51.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_100_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_140_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\chrome_touch_180_percent.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\content_resources.pak;file:C:\Users\V\AppData\Local\Pokki\Engine\D3DCompiler_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\d3dx9_43.dll;file:C:\Users\V\AppData\Local\Pokki\Engine\en
    Detection Type:Concrete
    Detection Source:Real-Time Protection
    Status:Unknown
    Process Name:

    Date: 2015-10-30 09:20:28.246
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...hreatid=223536
    Name:BrowserModifier:Win32/Pokki
    ID:223536
    Severity:High
    Category:Browser Modifier
    Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe;file:C:\Users\V\AppData\Local\Pokki\Engine\StartMenuIndexer.exe;process:pid:2052,ProcessStart:130906945176976917;process:pid:3908,ProcessStart:130906945356642270;process:pid:6296,ProcessStart:130906946407782392;process:pid:6700,ProcessStart:130906947794091684
    Detection Type:Concrete
    Detection Source:Real-Time Protection
    Status:Unknown
    Process Name:

    Date: 2015-10-30 09:12:03.987
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...hreatid=223536
    Name:BrowserModifier:Win32/Pokki
    ID:223536
    Severity:High
    Category:Browser Modifier
    Path Found:file:C:\Users\V\AppData\Local\Pokki\Engine\HostAppService.exe
    Detection Type:Concrete
    Detection Source:Real-Time Protection
    Status:Unknown
    Process Name:

    Date: 2015-07-03 04:40:17.005
    Description:
    Windows Defender has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...hreatid=211888
    Name:BrowserModifier:Win32/AlterbookSP
    ID:211888
    Severity:High
    Category:Browser Modifier
    Path Found:file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe;file:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\;folder:C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\
    Detection Type:Concrete
    Detection Source:System
    Status:Unknown
    Process Name:c:\program files\windows defender\MpCmdRun.exe

    Date: 2014-02-01 13:04:01.918
    Description:
    Windows Defender scan has been stopped before completion.
    Scan ID:{0E46452A-003F-4FF3-9081-6409DA766EC7}
    Scan Type:AntiSpyware
    Scan Parameters:Quick Scan

    Date: 2015-10-30 09:24:57.357
    Description:
    Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...hreatid=223536
    Name:BrowserModifier:Win32/Pokki
    ID:223536
    Severity:High
    Category:Browser Modifier
    Path:
    Action:Remove
    Error Code:0x80070005
    Error description:Access is denied.
    Status:

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. P1.50 09/12/2012
    Motherboard: ASRock B75 Pro3
    Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
    Percentage of memory in use: 88%
    Total physical RAM: 7877.16 MB
    Available physical RAM: 914.12 MB
    Total Virtual: 15752.47 MB
    Available Virtual: 8882.83 MB

    ==================== Drives ================================

    Drive c: (System) (Fixed) (Total:931.51 GB) (Free:469.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (Storage1) (Fixed) (Total:931.51 GB) (Free:182.36 GB) NTFS
    Drive g: (Storage 3) (Fixed) (Total:3725.9 GB) (Free:3113.76 GB) NTFS
    Drive h: () (Removable) (Total:1.9 GB) (Free:1.84 GB) FAT
    Drive k: (Storage2) (Fixed) (Total:3725.9 GB) (Free:311.8 GB) NTFS


    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0D487958)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: C92B546C)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==========================================================
    Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==========================================================
    Disk: 8 (Size: 1.9 GB) (Disk ID: 02F4D469)
    Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

    ==================== End of Addition.txt =======================







    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2021-01-08 23:33:40
    -----------------------------
    23:33:40.306 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:33:40.307 Number of processors: 4 586 0x3A09
    23:33:40.307 ComputerName: VENDELA-DESKTOP UserName: V
    23:33:41.637 Initialize success
    23:33:41.669 VM: initialized successfully
    23:33:41.670 VM: Intel CPU supported
    23:33:54.888 VM: disk I/O iaStorA.sys
    23:53:28.096 AVAST engine defs: 17030301
    23:54:04.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
    23:54:04.957 Disk 0 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
    23:54:04.960 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005d
    23:54:04.963 Disk 1 Vendor: ATA_____ 1V02 Size: 953869MB BusType: 11
    23:54:04.967 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000060
    23:54:04.971 Disk 2 Vendor: ATA_____ 1K02 Size: 3815447MB BusType: 11
    23:54:04.975 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
    23:54:04.979 Disk 3 Vendor: WDC_WD4000FYYZ-01UL1B2 01.01K03 Size: 3815447MB BusType: 11
    23:54:05.091 Disk 0 MBR read successfully
    23:54:05.095 Disk 0 MBR scan
    23:54:05.160 Disk 0 Windows 7 default MBR code
    23:54:05.164 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
    23:54:05.168 Disk 0 default boot code
    23:54:05.184 Disk 0 scanning C:\Windows\system32\drivers
    23:54:12.059 Service scanning
    23:54:26.620 Modules scanning
    23:54:26.627 Disk 0 trace - called modules:
    23:54:26.666 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    23:54:26.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80094e4060]
    23:54:26.677 3 CLASSPNP.SYS[fffff88000c7643f] -> nt!IofCallDriver -> [0xfffffa800931f8d0]
    23:54:26.682 5 iaStorF.sys[fffff880019e8168] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80072659c0]
    23:54:27.909 AVAST engine scan C:\Windows
    23:54:29.976 AVAST engine scan C:\Windows\system32
    23:56:43.233 AVAST engine scan C:\Windows\system32\drivers
    23:56:52.526 AVAST engine scan C:\Users\V
    00:01:26.553 Disk 0 MBR has been saved successfully to "H:\Post 2021-01-09\MBR.dat"
    00:01:26.569 The log file has been saved successfully to "H:\Post 2021-01-09\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Why would you use BleachBit?
    My opinion on the app is that it should only be used by those who know how to use it.

    Secondly, this machine is a windows 7, tools mostly used today are not adapted to outdated systems.

    I can see errors that if I work at trying to remove them I haven't any idea what will happen?

    Point to ponder here:
    Have you tried to use system restore?, Farbar scan has shown you have restore points
    21-12-2020 05:48:52 Intel(R) Technology Access
    24-12-2020 16:28:10 Installed Solar Fire v9.
    26-12-2020 08:39:53 Revo Uninstaller's restore point - Adobe Flash Player 32 ActiveX
    31-12-2020 19:46:38 Intel(R) Technology Access
    01-01-2021 15:19:44 Intel(R) Technology Access

    Also, we might try
    LastRegBack: 2021-01-02 10:15
    FRST looks into the system and lists the last registry backup made by the system. The registry backup contains a backup of all the hives. It is different from the LKGC (Last Known Good Configuration) backup of the ControlSet.


    https://www.sevenforums.com/tutorial...ons.html?ltr=A

    The above link supplies info on how to get to this startup option.
    Please try this and let's see if it helps.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2021
    Posts
    3

    Default Thank you Julie

    Thank you Julie, that worked! (when I tried before it told me Windows Backup had not been set up, so I didn't think that was an option)

    Yeah I obviously have no clue about this kind of stuff so thank you for letting know not to use Bleachbit! I started using it after some sort of scripts from FB etc slowed down my computer to the point where it was unusable, and Bleachbit seemed to take care of that.

    Are you saying I should not use Spybot because my Windows 7 is too old for that?

    I tried to run Spybot again after the Restore - but it said first I had to Update and when I tried that the boxes were not clickable for the 3 updates available. When I try again it says "No newer updates available". Can you help me with this? Again, thank you so much for your help!!

  4. #4
    Junior Member
    Join Date
    Jan 2021
    Posts
    3

    Default Can't open some programs...

    Oops, I spoke too soon - most programs open fine, but some do not open now:

    Open Office & Chrome - nothing happens
    (I notice a file called Chrome_proxy.exe in both Chrome and Brave program files - not sure if those are trojans or something?)

    Firefox says "Couldn't load XPOM"

    Evernote is taking forever to open the database - it's just spinning and nothing is happening...

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Let's try a quick scan with a malware remover....
    Now this wont probably have an effect on apps not opening but at least it will show if thats a problem.

    Download Malwarebytes Anti-Malware and save it to your desktop.

    • Right-click on the Malwarebytes icon and select Run as Administrator. <== since this is Windows 7 it might not apply.
      Follow the on-screen prompts to install Malwarebytes Anti-Malware.
    • Once the installation has finished, launch Malwarebytes.
    • Click on Scan Now and wait for the scan to complete.
    • Malwarebytes will update its databases, then start scanning.
    • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
    • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
    • Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
    • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.


    ~~~~~~~~~~~~~~~~~~~`

    Let's troubleshoot a few things.

    Are you saying I should not use Spybot because my Windows 7 is too old for that?
    I tried to run Spybot again after the Restore - but it said first I had to Update and when I tried that the boxes were not clickable for the 3 updates available. When I try again it says "No newer updates available". Can you help me with this? Again, thank you so much for your help!!
    Not saying that but it might be for newer versions of windows.
    After we finish here I can send you to another forum here that probably can answer that.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Firefox says "Couldn't load XPOM"
    https://support.mozilla.org/en-US/questions/1229392

    ~~~~~~~~~~~~~~~~~~~

    For Google Chrome
    from what I'm finding an uninstall and reinstall might fix the corrupt version you have now.
    Was it working before you used BleachBit?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Bump.......
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •