Results 1 to 10 of 10

Thread: Is this machine hopeless?

  1. #1
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Is this machine hopeless?

    Hello again, as the title suggests, this may be hopeless but I'd like to see if there is chance that this machine can be salvaged.
    First, a brief history of the computer in question. I was given the computer by an IT department, they were upgrading so the price was right. Since I first started it up there has been no account password on either of the user accounts I see, they will load automatically when one is chosen. I try to sign in to set basic account security and get told I don't have the proper password...
    No one that I've contacted has been able to come up with login info, still working on that. Also worth noting that when I downloaded and tried to run FRST, I was told on both user accounts that I didn't have permission. I was finally able to download and run it from the Bleeping Computer site today although the update failed.
    The first thing that made me suspicious of the computer (besides the lack of log in credentials) was that while messing around with the ProcMon64 tool I noticed "Name collisions" and then a series of "buffer overflows" that, in spite of my lack of skill jumped out at me. After finally getting the FRST results, I'm wondering if, well, see thread title.
    My hope is that at some point I can get control of the user accounts, short of that I'll likely throw the hard drive in the trash and plug in a different one. Thanks very much in advance.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
    Ran by Home-Pc (administrator) on DESKTOP-8AQ2J5E (Dell Inc. OptiPlex 790) (01-05-2022 18:11:47)
    Running from C:\Users\Home-Pc\Desktop
    Loaded Profiles: Home-Pc
    Platform: Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\.Battle.net.exe.432.7740.temp <3>
    (Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7661\Agent.exe
    (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
    (explorer.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
    (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_61da2dd1459ab6aa\RstMwService.exe
    (services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe <2>
    (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe
    (services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3392528 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
    HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {012D26CF-2A06-46B3-8BF8-7A7EAA84BB46} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
    Task: {0FE33493-0C13-41BA-8EC3-92E5CFC9656A} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3632112 2022-02-03] (NortonLifeLock Inc. -> NortonLifeLock Inc)
    Task: {10D091C1-065B-4CDD-BDAD-38939FDF37FA} - System32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
    Task: {28B45BB2-5879-43F4-AAE8-3056FB922BD1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {3936847A-B7F8-45BF-BA97-8FAE27DEEC2C} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)
    Task: {3F76B022-96FF-4052-AA80-652748168243} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
    Task: {61BE0A07-17F1-4DCE-B80E-13A89EC08615} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
    Task: {6618C710-DC33-436F-86A2-2983395514E1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    Task: {6E00F8AF-E3A8-425E-8648-D899028D0E21} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {8DC83BD6-52C3-485F-B048-C810B628AB69} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1050096 2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
    Task: {CC2EF7FB-3A4B-4955-9B0A-577F4B3B4D56} - System32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
    Task: {F697D847-1477-468A-AA32-7B45615973C1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.3.9\WSCStub.exe [646520 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    Task: {FF8C1F4C-E262-43A0-B91D-5D1EA7809799} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
    Tcpip\..\Interfaces\{a7f57898-8771-4266-ba31-8849f416c369}: [DhcpNameServer] 192.168.0.1 205.171.3.65

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-01]
    Edge NewTab: Default -> Active:"chrome-extension://okplngpklcjmpdemleibnhidjihcobef/homePageRedirect.html"
    Edge DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
    Edge DefaultSearchKeyword: Default -> nortonsafe
    Edge DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}
    Edge Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-04-20]
    Edge Extension: (Norton Safe Search) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2022-04-20]
    Edge Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2022-04-20]
    Edge Extension: (Norton Home Page) - C:\Users\Home-Pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okplngpklcjmpdemleibnhidjihcobef [2022-04-20]

    FireFox:
    ========
    FF DefaultProfile: 9pveu3z0.default
    FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\9pveu3z0.default [2021-12-05]
    FF ProfilePath: C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release [2022-05-01]
    FF Extension: (Facebook Container) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@contain-facebook.xpi [2022-03-17]
    FF Extension: (Firefox Multi-Account Containers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\@testpilot-containers.xpi [2022-04-22]
    FF Extension: (HTTPS Everywhere) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\https-everywhere@eff.org.xpi [2021-12-05]
    FF Extension: (Norton Password Manager) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\idsafe@norton.com.xpi [2022-04-18]
    FF Extension: (VT4Browsers) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\info@virustotal.com.xpi [2022-04-05]
    FF Extension: (Norton Safe Web) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2022-03-11]
    FF Extension: (Firefox Relay) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\private-relay@firefox.com.xpi [2022-04-27]
    FF Extension: (Privacy Possum) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2021-12-05]
    FF Extension: (NoScript) - C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Profiles\loqhn0a5.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-18]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2022-01-22] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2022-01-22] <==== ATTENTION

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe [344888 2022-04-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
    R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe [1059176 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [360976 2021-11-01] (Tonalio GmbH -> sandboxie-plus.com)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\BASHDefs\20220428.021\BHDrvx64.sys [1672184 2022-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S4 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-27] (Microsoft Corporation) [File not signed]
    S4 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
    R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\ccSetx64.sys [191200 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S3 GKUPRO2D; C:\Windows\System32\drivers\GKUPRO2D.sys [146320 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
    S3 GSCAuxDriver; C:\Windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_fe9355c6b52fb409\GSCAuxDriverx64.sys [71432 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
    S3 GSCx64; C:\Windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_e0a6bd87d5543f55\TeeDriverGSCW8x64.sys [243976 2021-09-21] (Intel(R) pGFX 2020 -> Intel Corporation)
    S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2021-09-21] (Intel Corporation -> Intel Corporation)
    S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2021-09-21] (Intel Corporation -> Intel Corporation)
    S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2021-09-21] (Intel Corporation -> Intel Corporation)
    S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2021-09-21] (Intel Corporation -> Intel Corporation)
    S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1489272 2021-09-21] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.21.11.46\Definitions\IPSDefs\20220429.061\IDSvia64.sys [1515512 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2021-09-21] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [84144 2020-09-10] (LSI Corporation -> LSI Corporation)
    S0 megasas2; C:\Windows\System32\drivers\megasas2.sys [57520 2020-09-10] (LSI Corporation -> LSI Corporation)
    S0 megasas35; C:\Windows\System32\drivers\megasas35.sys [112632 2020-09-10] (Avago Technologies U.S. Inc. -> Avago Technologies)
    R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
    S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
    S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\nsvst.sys [56080 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [95632 2022-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [229384 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
    R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSP64.SYS [941256 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1616030.009\SRTSPX64.SYS [50376 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1616030.009\SYMEFASI64.SYS [2030768 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1616030.009\SymELAM.sys [31984 2022-04-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93120 2022-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.21.11.46\SymPlatform\SymEvnt.sys [712432 2021-06-15] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1616030.009\Ironx64.SYS [319152 2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
    R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1616030.009\symnets.sys [575344 2022-04-04] (Symantec Corporation -> Symantec Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-24] (Microsoft Windows -> Microsoft Corporation)
    R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1616030.009\wpCtrlDrv.sys [1015760 2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-05-01 18:11 - 2022-05-01 18:13 - 000018459 _____ C:\Users\Home-Pc\Desktop\FRST.txt
    2022-05-01 18:06 - 2022-05-01 18:06 - 002366976 _____ (Farbar) C:\Users\Home-Pc\Desktop\FRST64.exe
    2022-05-01 17:45 - 2022-05-01 17:45 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
    2022-05-01 16:14 - 2022-05-01 16:15 - 009786184 _____ C:\Users\Home-Pc\Desktop\5-1.pcapng
    2022-05-01 14:11 - 2022-05-01 14:11 - 108750612 _____ C:\Users\Home\Documents\Home 5-1 install start-up.pcapng
    2022-05-01 14:04 - 2022-05-01 14:04 - 000000000 ____D C:\Users\Home\Desktop\SysinternalsSuite
    2022-05-01 14:01 - 2022-05-01 14:01 - 047840922 _____ C:\Users\Home\Desktop\SysinternalsSuite.zip
    2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Roaming\Mozilla
    2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\LocalLow\Mozilla
    2022-05-01 13:31 - 2022-05-01 13:31 - 000000000 ____D C:\Users\Home\AppData\Local\Mozilla
    2022-05-01 13:28 - 2022-05-01 14:11 - 000000000 ____D C:\Users\Home\AppData\Roaming\Wireshark
    2022-05-01 13:27 - 2022-04-30 21:28 - 000455527 ____R C:\Windows\system32\Drivers\etc\hosts.20220501-132723.backup
    2022-04-30 22:33 - 2022-04-30 22:33 - 000000000 ____D C:\Users\Home\AppData\Local\Norton
    2022-04-30 22:26 - 2022-04-30 22:26 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1001
    2022-04-30 22:26 - 2022-04-30 22:26 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1001
    2022-04-30 22:15 - 2022-04-30 22:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Norton
    2022-04-30 22:05 - 2022-04-30 22:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-8AQ2J5E-Windows-10-Pro-(64-bit).dat
    2022-04-30 22:05 - 2022-04-30 22:05 - 000000000 ____D C:\RegBackup
    2022-04-30 22:04 - 2022-04-30 22:04 - 000002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2022-04-30 22:04 - 2022-04-30 22:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2022-04-30 22:02 - 2022-04-30 22:04 - 000019843 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2022-04-30 21:52 - 2022-04-30 21:52 - 007333288 _____ (Tweaking.com) C:\Users\Home-Pc\Desktop\tweaking.com_registry_backup_setup.exe
    2022-04-30 21:28 - 2022-01-22 23:56 - 000116156 _____ C:\Windows\system32\Drivers\etc\hosts.20220430-212806.backup
    2022-04-29 13:15 - 2022-04-29 13:15 - 003769764 _____ C:\Users\Home-Pc\Desktop\4-29.pcapng
    2022-04-28 20:36 - 2022-04-28 20:36 - 001849712 _____ C:\Users\Home-Pc\Desktop\4-28.pcapng
    2022-04-28 01:04 - 2022-04-28 01:04 - 007889156 _____ C:\Users\Home-Pc\Documents\DESKTOP-8AQ2J5E.arn
    2022-04-26 02:48 - 2022-04-26 02:48 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
    2022-04-26 02:47 - 2022-04-26 02:47 - 000011821 _____ C:\Windows\system32\DrtmAuthTxt.wim
    2022-04-26 02:45 - 2022-04-26 02:45 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
    2022-04-26 02:45 - 2022-04-26 02:45 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
    2022-04-26 02:06 - 2022-04-26 02:06 - 000000000 ___HD C:\$WinREAgent
    2022-04-25 01:14 - 2022-04-25 01:14 - 000000360 _____ C:\Users\Home-Pc\Desktop\4-25.txt
    2022-04-23 05:41 - 2022-04-23 05:41 - 000000000 ____D C:\Program Files\PCHealthCheck
    2022-04-21 02:04 - 2022-04-21 02:04 - 000000796 _____ C:\Users\Home-Pc\Desktop\Manage Storage Spaces - Shortcut.lnk
    2022-04-18 22:34 - 2022-04-18 22:34 - 001616921 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_18_2022.zip
    2022-04-18 19:20 - 2022-04-18 19:25 - 000000000 ___HD C:\ProgramData\CanonIJMIG
    2022-04-18 19:20 - 2022-04-18 19:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
    2022-04-18 19:19 - 2022-04-18 19:20 - 000000000 ___HD C:\ProgramData\CanonIJScan
    2022-04-18 19:18 - 2022-04-18 19:20 - 000000000 ____D C:\Users\Home-Pc\AppData\Roaming\Canon
    2022-04-18 19:18 - 2022-04-18 19:18 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
    2022-04-18 19:08 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BXL.dll
    2022-04-18 19:08 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\SysWOW64\CNC176DD.TBL
    2022-04-18 19:08 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
    2022-04-18 19:07 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
    2022-04-18 19:06 - 2022-04-18 19:07 - 000000000 ____D C:\ProgramData\CanonIJWSpt
    2022-04-18 19:06 - 2022-04-18 19:06 - 000002094 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
    2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX2
    2022-04-18 19:06 - 2022-04-18 19:06 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Canon Easy-WebPrint EX
    2022-04-18 19:01 - 2022-04-18 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2022-04-18 19:01 - 2022-04-18 19:06 - 000000000 ____D C:\Program Files\Canon
    2022-04-18 19:00 - 2022-04-18 19:00 - 000002435 _____ C:\Users\Public\Desktop\Canon MG2500 series On-screen Manual.lnk
    2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\ProgramData\CanonBJ
    2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ___HD C:\Program Files\CanonBJ
    2022-04-18 19:00 - 2022-04-18 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
    2022-04-18 19:00 - 2013-03-24 05:00 - 000391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBX.DLL
    2022-04-18 19:00 - 2013-02-04 15:12 - 000367104 _____ (CANON INC.) C:\Windows\system32\CNC_BXL.dll
    2022-04-18 19:00 - 2012-11-09 10:43 - 000088064 _____ C:\Windows\system32\CNC176DD.TBL
    2022-04-18 19:00 - 2012-11-08 13:04 - 000282624 _____ (CANON INC.) C:\Windows\system32\CNC_BXC.dll
    2022-04-18 19:00 - 2012-11-08 13:03 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNC_BXI.dll
    2022-04-18 19:00 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
    2022-04-18 18:56 - 2022-04-18 19:08 - 000000000 ____D C:\Program Files (x86)\Canon
    2022-04-18 18:55 - 2022-04-18 18:55 - 049442352 _____ C:\Users\Home-Pc\Downloads\win-mg2500-1_1-ucd.exe
    2022-04-18 18:28 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) C:\Windows\system32\CNMXLMBX.DLL
    2022-04-18 12:57 - 2022-04-18 12:57 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
    2022-04-18 12:57 - 2022-04-18 12:57 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
    2022-04-18 12:57 - 2022-04-18 12:57 - 000000000 ____D C:\Program Files\Google
    2022-04-16 20:49 - 2022-04-16 20:50 - 045712100 _____ C:\Users\Home-Pc\Downloads\1_xilns5nx.webm
    2022-04-14 13:56 - 2022-04-14 13:56 - 000179913 _____ C:\Users\Home-Pc\Downloads\or-mt-access-designated-record-set.pdf
    2022-04-12 18:11 - 2022-04-12 18:11 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Spoon
    2022-04-12 17:52 - 2022-04-12 17:52 - 000000000 ____D C:\Users\Home-Pc\Desktop\HealthSummary_Apr_12_2022(1)
    2022-04-12 17:47 - 2022-04-12 17:47 - 000619385 _____ C:\Users\Home-Pc\Documents\HealthSummary_Apr_12_2022(1).zip
    2022-04-12 17:46 - 2022-04-12 17:46 - 000619385 _____ C:\Users\Home-Pc\Downloads\HealthSummary_Apr_12_2022.zip
    2022-04-12 11:12 - 2022-04-12 11:12 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2022-04-12 11:12 - 2022-04-12 11:12 - 000001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
    2022-04-10 20:53 - 2022-04-10 20:53 - 008400790 _____ C:\Users\Home-Pc\Downloads\CL#21-0804.pdf
    2022-04-06 09:30 - 2022-05-01 16:34 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
    2022-04-06 09:30 - 2022-04-06 20:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2022-04-06 09:30 - 2022-04-06 09:30 - 000003374 _____ C:\Windows\system32\Tasks\Norton WSC Integration
    2022-04-05 14:32 - 2022-04-12 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-05-01 18:12 - 2021-12-16 11:31 - 000000000 ____D C:\FRST
    2022-05-01 18:11 - 2021-12-06 15:28 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Battle.net
    2022-05-01 18:09 - 2021-12-05 21:40 - 000000000 ____D C:\Users\Home-Pc\AppData\LocalLow\Mozilla
    2022-05-01 17:42 - 2022-02-10 15:49 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
    2022-05-01 17:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-05-01 17:26 - 2022-02-03 22:11 - 000000000 ____D C:\Program Files (x86)\Google
    2022-05-01 16:57 - 2021-04-27 21:49 - 000000000 ____D C:\Windows\system32\SleepStudy
    2022-05-01 16:33 - 2021-12-06 15:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2022-05-01 16:26 - 2021-12-08 16:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2022-05-01 16:26 - 2021-04-27 21:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2022-05-01 16:26 - 2021-04-27 21:49 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-05-01 16:25 - 2019-12-07 03:03 - 000786432 _____ C:\Windows\system32\config\BBI
    2022-05-01 16:24 - 2022-01-23 00:03 - 000000085 _____ C:\Windows\wininit.ini
    2022-05-01 16:24 - 2021-12-08 16:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2022-05-01 15:39 - 2022-01-13 17:50 - 000015568 _____ C:\Windows\SysWOW64\bddel.dat
    2022-05-01 14:05 - 2021-12-09 12:23 - 000095632 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
    2022-05-01 11:26 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home
    2022-04-30 22:55 - 2021-11-24 13:49 - 000000000 ____D C:\Users\Home-Pc
    2022-04-30 22:47 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
    2022-04-30 22:39 - 2021-04-27 14:56 - 000000000 ____D C:\Users\Home\AppData\Local\Packages
    2022-04-30 22:34 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
    2022-04-30 22:26 - 2021-04-27 14:56 - 000002376 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-04-30 22:15 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-04-30 22:00 - 2022-03-14 09:17 - 000000000 ____D C:\Users\Home-Pc\Documents\Georgia
    2022-04-30 21:58 - 2022-03-11 17:32 - 000000000 ____D C:\Users\Home-Pc\Desktop\moms stuff
    2022-04-30 21:57 - 2022-03-02 10:49 - 000000000 ____D C:\Users\Home-Pc\Desktop\Useful command lines
    2022-04-30 12:15 - 2022-03-14 09:19 - 000000000 ____D C:\Users\Home-Pc\Documents\Physics Forums
    2022-04-30 11:39 - 2021-04-27 16:04 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-04-30 11:39 - 2021-04-27 16:04 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2022-04-29 00:29 - 2022-01-21 11:28 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
    2022-04-28 21:30 - 2021-11-29 13:09 - 000000000 ____D C:\ProgramData\Norton
    2022-04-28 19:04 - 2019-12-07 03:03 - 000032768 _____ C:\Windows\system32\config\ELAM
    2022-04-28 17:36 - 2022-02-03 12:35 - 000000000 ____D C:\Program Files\Norton Utilities
    2022-04-28 11:12 - 2022-02-03 12:36 - 000001921 _____ C:\Users\Home-Pc\Desktop\Norton Utilities.lnk
    2022-04-28 11:05 - 2021-04-27 16:04 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-04-28 11:05 - 2021-04-27 16:04 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2022-04-27 18:24 - 2021-12-12 21:19 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2199619703-1585671556-87930541-1003
    2022-04-27 18:24 - 2021-11-24 13:53 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199619703-1585671556-87930541-1003
    2022-04-27 18:24 - 2021-11-24 13:49 - 000002385 _____ C:\Users\Home-Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-04-26 03:20 - 2021-04-27 14:57 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
    2022-04-26 03:11 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP
    2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
    2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz
    2022-04-26 03:11 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
    2022-04-26 03:09 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
    2022-04-25 02:31 - 2022-03-14 10:28 - 000000000 ____D C:\Users\Home-Pc\Documents\Moms Meme's
    2022-04-23 05:41 - 2021-11-24 13:57 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
    2022-04-21 19:26 - 2021-12-06 15:38 - 000000000 ____D C:\Program Files (x86)\Diablo III
    2022-04-20 02:01 - 2021-12-08 18:04 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\CrashDumps
    2022-04-19 17:20 - 2022-02-03 22:14 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{73DEBFF9-E818-4D7F-957E-197C11ED0D05}
    2022-04-19 17:20 - 2022-02-03 22:14 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{4DBD1454-0D91-4B18-B7AA-629538FA5AA6}
    2022-04-18 19:10 - 2021-11-24 13:53 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\PlaceholderTileLogoFolder
    2022-04-18 19:10 - 2021-11-24 13:50 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\Packages
    2022-04-18 19:08 - 2019-12-07 03:14 - 000000000 __RSD C:\Windows\Media
    2022-04-18 18:44 - 2021-12-17 19:25 - 000000000 ____D C:\Users\Home-Pc\AppData\Local\ElevatedDiagnostics
    2022-04-12 18:50 - 2021-04-27 21:49 - 000451392 _____ C:\Windows\system32\FNTCACHE.DAT
    2022-04-12 18:49 - 2021-12-05 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2022-04-12 16:43 - 2021-04-27 14:59 - 000000000 ____D C:\Windows\system32\MRT
    2022-04-12 16:41 - 2021-04-27 14:59 - 143823848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2022-04-12 11:13 - 2021-12-09 22:19 - 000000000 ____D C:\Program Files\Wireshark
    2022-04-12 09:22 - 2021-12-05 21:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2022-04-12 09:22 - 2021-12-05 21:40 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
    2022-04-06 20:35 - 2022-02-04 15:20 - 000002409 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2022-04-06 15:06 - 2021-12-05 20:21 - 000000000 ____D C:\Program Files\Common Files\AV
    2022-04-06 09:30 - 2022-02-04 15:18 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
    2022-04-04 21:35 - 2021-04-27 15:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

    ==================== Files in the root of some directories ========

    2022-01-23 00:04 - 2022-01-23 00:04 - 000000063 _____ () C:\Users\Home-Pc\AppData\Roaming\Safer-Networking.log

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
    Ran by Home-Pc (01-05-2022 18:14:41)
    Running from C:\Users\Home-Pc\Desktop
    Microsoft Windows 10 Pro Version 21H1 19043.1682 (X64) (2021-11-24 16:57:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-2199619703-1585671556-87930541-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2199619703-1585671556-87930541-503 - Limited - Disabled)
    Guest (S-1-5-21-2199619703-1585671556-87930541-501 - Limited - Disabled)
    Home (S-1-5-21-2199619703-1585671556-87930541-1001 - Administrator - Enabled) => C:\Users\Home
    Home-Pc (S-1-5-21-2199619703-1585671556-87930541-1003 - Administrator - Enabled) => C:\Users\Home-Pc
    WDAGUtilityAccount (S-1-5-21-2199619703-1585671556-87930541-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
    FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
    Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
    Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Google Earth Pro (HKLM\...\{C36E66A6-6EE5-47DB-945F-A6F03225D540}) (Version: 7.3.4.8573 - Google)
    inSSIDer (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\inSSIDer) (Version: 5.5.0 - MetaGeek, LLC)
    IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
    Ksanka-Punctuation Keys (HKLM\...\{7218FCE2-2B46-4CB5-ADE6-6B215388C930}) (Version: 1.0.3.40 - Languagegeek.com)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 101.0.1210.32 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
    Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.3.9 - NortonLifeLock Inc)
    Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.5.428 - NortonLifeLock Inc)
    Npcap (HKLM-x32\...\NpcapInst) (Version: 1.55 - Nmap Project)
    Sandboxie 5.53.3 (64-bit) (HKLM\...\Sandboxie) (Version: 5.53.3 - sandboxie-plus.com)
    TreeSize Free V4.5.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.3 - JAM Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
    Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
    Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)

    Packages:
    =========
    Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-04-18] (Canon Inc.)
    Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.27.1.0_x64__6rarf9sa4v8jt [2022-04-19] (Disney)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-24] (Microsoft Studios) [MS Ad]
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0 [2022-04-28] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers1: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
    ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers4: [FileShredder] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Norton Utilities\x64\FileShredder.dll [2022-02-03] (NortonLifeLock Inc. -> Symantec Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2022-04-21 19:24 - 2022-04-21 19:25 - 104871424 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libcef.dll
    2022-04-21 19:25 - 2022-04-21 19:25 - 000112128 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libegl.dll
    2022-04-21 19:25 - 2022-04-21 19:25 - 006227456 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\libglesv2.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000810496 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\chrome_elf.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\audio\qtaudio_windows.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qgif.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qico.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qjpeg.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qmng.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qsvg.dll
    2022-04-21 19:24 - 2022-04-21 19:24 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\imageformats\qtiff.dll
    2022-04-21 19:25 - 2022-04-21 19:25 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\platforms\qwindows.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Core.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Gui.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Multimedia.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Network.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Qml.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Quick.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Svg.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Widgets.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5WinExtras.dll
    2022-04-21 19:26 - 2022-04-21 19:26 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.13434\Qt5Xml.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1001\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2199619703-1585671556-87930541-1003\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-12-07 03:14 - 2022-05-01 13:27 - 000455527 ____R C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 ecyb.com
    127.0.0.1 www.edbay.it
    127.0.0.1 edbay.it
    127.0.0.1 www.edgealive.ru
    127.0.0.1 edgealive.ru
    127.0.0.1 www.edgeoffice.ru
    127.0.0.1 edgeoffice.ru
    127.0.0.1 edgestorm.net
    127.0.0.1 www.edgestorm.net
    127.0.0.1 edhq.com
    127.0.0.1 www.edietprogram.com
    127.0.0.1 edietprogram.com
    127.0.0.1 www.edonkey.ca
    127.0.0.1 edonkey.ca
    127.0.0.1 www.edsex.info
    127.0.0.1 edsex.info
    127.0.0.1 www.edsex4.info
    127.0.0.1 edsex4.info
    127.0.0.1 www.edsherebuy.com
    127.0.0.1 edsherebuy.com
    127.0.0.1 edty.com
    127.0.0.1 eduy.com
    127.0.0.1 eebay.it
    127.0.0.1 www.eebay.it
    127.0.0.1 eeev.com
    127.0.0.1 eepubblica.it
    127.0.0.1 www.eepubblica.it
    127.0.0.1 www.efbay.it
    127.0.0.1 efbay.it
    127.0.0.1 www.efbsex2.info

    There are 15631 more lines.


    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2199619703-1585671556-87930541-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Home-Pc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.0.1 - 205.171.3.65
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    Network Binding:
    =============
    Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: SDScannerService => 2
    MSCONFIG\Services: SDUpdateService => 2

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{5F1095F8-C6D5-436A-970D-70FA42C1DB36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{0F0AAE6D-2E60-43BC-AA99-C093D33A7159}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{FA23D43E-F872-42B6-BBA6-70FEF45C2966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{7879EC4A-840A-43F9-8C18-FA79663ED3A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{13173DB8-E639-451C-9191-2C44925C1D46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8508CFC0-7B99-445E-85DC-025F488CAF48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{4BA05DF9-A168-4249-94AF-4F0F9A62E881}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{305C3059-F2BE-4B67-8AAB-0B098AB50530}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F1E0C5A5-309A-4A0B-B2EF-8FBD2E6342CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{49F160EA-1B77-4F09-B0E1-677AB8B29D51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{BCC8D1AC-454C-417A-A73A-761451E4A93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{7C3B6544-6C58-4DB6-8E29-244429881B9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C5953C42-DB4D-469C-A03F-97E6033D7BD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{17E13EF3-999E-4179-9A71-CD0CDA384C21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.184.716.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

    ==================== Restore Points =========================

    12-04-2022 17:18:02 Windows Modules Installer
    20-04-2022 21:57:13 Scheduled Checkpoint
    26-04-2022 02:01:21 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (05/01/2022 02:12:30 PM) (Source: Spybot Auto Update) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (04/30/2022 11:16:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 11:16:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 11:16:43 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 11:16:29 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-8AQ2J5E)
    Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147023878

    Error: (04/30/2022 09:21:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
    Description: Security Center failed to validate caller with error %1.


    System errors:
    =============
    Error: (05/01/2022 05:36:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

    Error: (05/01/2022 05:23:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

    Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/01/2022 01:56:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/01/2022 01:32:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (05/01/2022 01:23:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.


    Windows Defender:
    ================
    Date: 2021-11-29 11:12:29
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-11-29 10:46:01
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-11-29 10:15:33
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-04-27 16:25:34
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    
    CodeIntegrity:
    ===============
    Date: 2022-05-01 16:29:55
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Microsoft signing level requirements.

    Date: 2022-05-01 16:28:54
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Windows signing level requirements.


    ==================== Memory info ===========================

    BIOS: Dell Inc. A05 05/28/2011
    Motherboard: Dell Inc. 0HY9JP
    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3976.93 MB
    Available physical RAM: 1729.48 MB
    Total Virtual: 7120.32 MB
    Available Virtual: 4172.57 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.34 GB) (Free:88.45 GB) NTFS

    \\?\Volume{35d99af4-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
    \\?\Volume{35d99af4-0000-0000-0000-00193a000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 35D99AF4)
    Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=505 MB) - (Type=27)

    ==================== End of Addition.txt =======================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    If it's hopeless or not?, I don't know.

    brief history of the computer in question. I was given the computer by an IT department, they were upgrading so the price was right. Since I first started it up there has been no account password on either of the user accounts I see, they will load automatically when one is chosen. I try to sign in to set basic account security and get told I don't have the proper password...
    This can be a problem. There have been restrictions placed on the computer we can attempt to fix but, not sure if the computers security app placed them or if the 'Company" placed them there.

    As seeing obvious malware no, mainly restrictions but nothing that would point to not being able to sign in.
    Have you tried to create a new user account?

    Also possible, since it wasn't happy to allow Farbar Recovery Tool to be downloaded we might run into problems trying to run a script or download other tools to scan with.


    Did you download or are you going to use:
    Battle.net
    Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\.Battle.net.exe.432.7740.temp <3>
    Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7661\Agent.exe
    NortonLifeLock Inc. -> NortonLifelock Inc
    Norton 360

    The term "name collision" refers to the nomenclature problem that occurs in computer programs when the same variable name is used for different things in two separate areas that are joined, merged, or otherwise go from occupying separate namespaces to sharing one.


    Let's see if we can temporarily disable Norton Lifelock and Norton 360, it will need to be enabled back after you run the FRST script.
    https://support.norton.com/sp/en/us/...ons/v116457581


    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator, just open it and let it wait)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    SystemRestore:
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Press the Fix button.
    FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default A good start

    Thank you very much for the fast reply. I'll answer your questions in order so as not to confuse responses.

    I'll check on restrictions that may have been placed by the previous owners.

    I have previously tried to create a new user account, that failed due to password restrictions. I will certainly give that another try very soon.

    The FRST loaded and ran nominally, with the exception of the same update fail. I don't know how to interpret the fix results but I believe it ran okay.

    The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?

    Thank you for the info on name collisions, very useful perspective.

    I wanted to get the fixlog posted asap but haven't had time to check out the account access issues yet,
    I'll work on it this evening and let you know the results in my next reply.

    Again, thank you so much for your help not to mention time.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
    Ran by Home-Pc (02-05-2022 11:55:31) Run:1
    Running from C:\Users\Home-Pc\Desktop
    Loaded Profiles: Home & Home-Pc
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    S3 nhi; \SystemRoot\System32\drivers\tbt100x.sys [X]
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    SystemRestore:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\ProgramData\NTUSER.pol => moved successfully
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    HKU\S-1-5-21-2199619703-1585671556-87930541-1003\SOFTWARE\Policies\Google => removed successfully
    HKLM\System\CurrentControlSet\Services\nhi => removed successfully
    nhi => service removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    not found

    ========= End -> "C:\Windows\Temp\*.*" ========

    SystemRestore: => Error: No automatic fix found for this entry.

    =========== EmptyTemp: ==========

    BITS transfer queue => 1310720 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 225854014 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Firefox => 52281891 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 527700 B
    NetworkService => 548714 B
    Home => 64307295 B
    Home-Pc => 66811315 B

    RecycleBin => 0 B
    EmptyTemp: => 392.6 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 11:56:47 ====

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The four programs, Bliz, Bliz and the Nortons are programs I have downloaded and installed. I was surprised to notice all of the unsigned files on one of those, is that a typical practice?
    Yes and no.
    I've seen big name software and hardware names that I know are legal and non-malicious have 'file not signed" So a lot of research goes into logs to make sure if we see something we're not familiar with is checked.

    • Please download AdwCleaner and save it to your Desktop
    • Close all open programs and browsers
    • Right click on the icon and select Run as administrator
    • Click Scan now
    • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    • When completed click View Scan Log File
    • Copy and paste the contents in your reply
    • Click Skip Basic Repair if it appears then close the program

    ===================================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Maybe it's not hopeless after all.

    Hi, I was very surprised to find that after running the FRST fix, I was suddenly able to set passwords and log into my MS account that I use on another computer. I'm not certain what exactly went right but your fix on the restrictions was most likely just what I needed. Thank you, I now have my computer back. One item that I noticed was that right after my MS account logged in through this computer, my entire network crashed. This computer, on the task bar, said it was connected to internet but couldn't connect through the browser or AV updates, everything else just lost internet. I logged out of my other MS account, switched back to this "local" account and everything is working fine (after a router reboot). Not sure what went on with the internet but I'll work on figuring that out later.

    Here are the scan logs requested, thanks again for your help.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/3/22
    Scan Time: 12:20 AM
    Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

    -Software Information-
    Version: 4.5.2.157
    Components Version: 1.0.1562
    Update Package Version: 1.0.54478
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19043.1682)
    CPU: x64
    File System: NTFS
    User: DESKTOP-8AQ2J5E\Home-Pc

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 318564
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 6 min, 16 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)



    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/3/22
    Scan Time: 12:20 AM
    Log File: 2bf767e0-caa9-11ec-bfad-782bcbb2bc7a.json

    -Software Information-
    Version: 4.5.2.157
    Components Version: 1.0.1562
    Update Package Version: 1.0.54478
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19043.1682)
    CPU: x64
    File System: NTFS
    User: DESKTOP-8AQ2J5E\Home-Pc

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 318564
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 6 min, 16 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    It must had been the policy restrictions....my guess?

    I don't think the machine is infected, and if you think we need to continue and do an online scan we can?

    ESET Online Scanner:
    • Download ESET Online Scanner from the ESET website by clicking the ONE-TIME-SCAN button on that webpage
    • Double-click the esetonlinescanner.exe file you downloaded to run the application
    • Select product language
    • Click Get started and confirm the User access control dialog of Windows
    • In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
    • Click Get started in the welcome screen
    • Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
    • Select the Full Scan type
    • Select the choice to enable detections of potentially unwanted applications (PUA)
    • After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
    • Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt thenclick Continue.
    • Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
    • The following steps are optional and are not required
    • If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
    • In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
    • Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback
    • Click Finish to exit ESET Online Scanner
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default ESET results

    Hi, sorry about the delay in replying. It took several tries to get the scan complete but I finally managed it today. The computer is working great at this point, I assume it's not hopeless at all. Here are the ESET results, things look good from my end, Thank you again. I'll watch for your reply, take care.

    5/5/2022 17:23:35 PM
    Files scanned: 527774
    Detected files: 0
    Cleaned files: 0
    Total scan time: 03:59:57
    Scan status: Finished

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Nothing found was what I expected.

    Your good to go.

    Use this tool to remove quarantined items:

    Please download KpRm by Kernel-panik and save to your Desktop.
    • Click on KpRm.exe to run the tool.

    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Put a check mark next to these items:

    - Delete tools
    - Delete now
    • Click the "Run" button.



    • When the tool has finished, it will create and open a log report and delete itself.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Senior Member
    Join Date
    Jun 2014
    Posts
    155

    Default Thank you

    See title.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •