[Crypt0Locker Ransomware Help]

I will try out photorec as notified in the last forum but I must sleep now as it is very late for me, I will notify you abt more tomorrow

[Crypt0Locker Ransomware Help]

The first forum you have sent to me did not seem to be of much use I will carry on reading everything else you have sent tho.

[Crypt0Locker Ransomware Help]

Alright thank you very much.

[Crypt0Locker Ransomware Help]

Hello, This ransomware attack is not very recent but has withheld very important files such as cv's and pictures and I would like to get them back.

I believe I have removed the Malware/Ransomware on my laptop but im not completely sure.

Below I have attached The TXT file I received in every folder after all my pictures got encrypted.

If there is anyway I can retrieve these encrypted files I would be overjoyed I tried a free unlocking software but it did not work however worked for a friend of mine.

If you can help with decrypting just one file or picture I would be greatly indebted to you, If yu are reading this and you are willing to help me I would like to say thank you very much if it fails or not for attempting to help.

HOW_TO_RESTORE_FILES.txt

[Windows Script Host]

It seems to be resolved like the windows script host thing is no longer popping up and everything is a lil smoother

[Windows Script Host]

https://www.mediafire.com/file/cs3fu2iykfd73sd/10.08.2021_18.06.06.zip/file
this is the link to the file sorry I couldent attach it was above 87.89 MB so I improvised and made it a mediafire file.

[Windows Script Host]

Fixlog.txthere is the new fixlog 

however interestingly

there is no winrar or .Zip file I have found unless the file itself is called ZIP

[Windows Script Host]

Fixlog.txtHere you go

[Windows Script Host]

---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.345, (build 1.345.232.0)
Started On Mon Aug  9 19:14:11 2021

Engine: 1.1.18400.4
Signatures: 1.345.232.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode
 

 

I did what you requested however this the only thing that popped up when I typed in what you told me too.

 

Also it seems like the windows script host thing is no longer there as I dont see it appearing

[Windows Script Host]

Fixing is terminated due to reaching maximum fixing time of 60 minutes it said this in the logs do I need to do something or am I fine to proceed?

[Windows Script Host]

when i ran frst64 it went off after a while and it didnt reboot my pc however i will reboot in case.

 

[Windows Script Host]

By factory reset type thing I mean like will it delete everything including the things you listed. Or will everything remain the same.

 

[Windows Script Host]

Nevermind abt that reply above i didnt see your reply

Question: By reboot do you mean like a restart or a full factory reset type thing?

 

[Windows Script Host]

Any Ideas?

[Windows Script Host]

FRST.txt Addition.txt

here is the fabar and the last of the logs.

[Windows Script Host]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2021
Ran by user (administrator) on HP (Hewlett-Packard HP Pavilion 15 Notebook PC) (07-08-2021 19:24:28)
Running from C:\Users\user\Desktop\michael pics\Stuff
Loaded Profiles: user
Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <40>
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\user\Desktop\michael pics\Stuff\adwcleaner_8.3.0.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(OOO "XMAC" -> ) C:\Users\user\AppData\Roaming\Honeygain\Honeygain.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2016-01-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [Samsung Link] => C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-11-06] (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8107808 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-02-27] (Hammer & Chisel Inc. -> Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom International BV -> TomTom)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2146536 2019-04-26] (TomTom International BV -> TomTom)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Chromium] => "c:\users\user\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [GoogleChromeAutoLaunch_A008D3C4AC1F70CC0223825A47FA7BBC] => "C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [ApowerREC] => C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe [6849688 2018-03-19] (Apowersoft Ltd -> Apowersoft)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3143456 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-webgl-draft-extensions --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-swit (the data entry has 93 more characters).
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\MountPoints2: {8c830bde-5762-11e3-825a-806e6f6e6963} - "E:\MATHSWATCH_Higher_GCSE.exe" 
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
IFEO\cliconfg.exe: [VerifierDlls] Hibiki.dll
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HoneygainUpdater.lnk [2021-07-11]
ShortcutTarget: HoneygainUpdater.lnk -> C:\Users\user\AppData\Roaming\Honeygain\HoneygainUpdater.exe (OOO "XMAC" -> Honeygain)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-07-19]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0417F788-24DC-4C42-8999-F13AF840BD78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-07-11] (HP Inc. -> HP Inc.)
Task: {088284E0-6029-489D-8F17-CE21FC700394} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {196EE173-2898-4D1C-B9E6-4DA7A0D378B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {19DF3D5C-6A4F-47E3-8AD5-33EFB90D69BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080840 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DC3F545-66B0-4DBF-9A1C-C81D5CC53384} - System32\Tasks\{1D5A3542-B0A2-F328-0DAB-79B3A4E0611C} => C:\Users\user\AppData\Roaming\{89A3B~1\sync.exe <==== ATTENTION
Task: {2299A60C-AB75-4865-90FF-FE24F174FEA5} - System32\Tasks\{C1713337-AC7F-4119-A2C7-32EF30833F0B} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.24.85.104/en/abandoninstall?page=tsMain
Task: {2B81CC93-682D-440C-8C7A-A95FAAF22BDA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2ECBC730-BB1F-402E-9554-3E072DD39CD5} - \WPD\SqmUpload_S-1-5-21-3730886342-3199546216-3749763402-1002 -> No File <==== ATTENTION
Task: {34DE571F-76E4-4A09-9A9D-873820745798} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {350C2AD4-E6A5-42FE-8E52-9628445C7D81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-11] (HP Inc. -> HP Inc.)
Task: {35119534-2F54-4B25-B276-1F67B36C9071} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004288 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38B7A1C2-F1C6-4E58-BC68-95BECCF82FAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {3F816665-46F3-4A86-822D-F255BD0D4A08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4D25B394-D633-4547-8D85-FB4BD047258D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {515B449A-CA89-4076-A248-90217928D08B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-11] (HP Inc. -> HP Inc.)
Task: {56D20262-4E3E-468E-B725-A0CB00CE3A99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5E05C966-8FC1-4E48-98EE-7B0A2403EC7C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70B68A9F-3552-4329-BF41-50F5D480AE4E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133992 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {72F313D0-A65A-4A98-92EF-17B64430DA1C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {76508265-E797-4139-AEF2-6DC176A5A587} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => Powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\user\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {79CF1008-D3A2-41CA-AAE3-BDCB304ADB6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D474644-6180-4486-8EE5-1543B533F6D3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe
Task: {8080DE17-3E92-4E3B-86CD-1AF45C0B50C6} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {84B3A5EF-354E-4E64-9FE8-AD1B9A53718F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {867554DF-EBF7-4F58-96FF-0AEB6F39E710} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87F2CB05-551D-48BE-8725-B2A74017FCC1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {90468EEB-39F0-4976-A3E5-17C09A490D6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D207C5B-FD46-48E4-806D-DCFCBEB765FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FD680C9-11B9-4DE8-8492-7602954D90DE} - System32\Tasks\HP AR Program Upload - 4f13de676bd141808dccf0dfde9a9010286b737e412f49999cdaa401be233ba4 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>)
Task: {A22492F7-A600-43DB-B29D-1C708860CE84} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A2E63CA8-1E1F-43C6-A75F-E51BDF86F5CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN51F2N0VZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3210879-8B3C-4C79-99A0-1B4F47A2E07B} - System32\Tasks\{B4F7C4E4-8DD1-42C7-9641-014E7D4855F4} => C:\Windows\system32\pcalua.exe -a E:\BBCAuto.exe -d E:\
Task: {AC24B4CA-F500-4DC4-8828-FE638C6707D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B1F1BBBA-94B9-455F-B061-79FD8CD72252} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {B3EF1FAD-D6F7-46E0-B826-F8177EC94AB9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4179040 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {B802A6EC-3770-4452-9531-5C2E113B1D90} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BAC79537-622F-4A65-8CEC-9F2660A93687} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BB70E9DC-AF11-47A2-AE13-BE5462F338ED} - System32\Tasks\AdobeAAMUpdater-1.0-hp-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {C0E946C3-9BF7-4DA3-8710-1B44E6DC8F33} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C2381E0B-2803-466A-B7F0-519745389D25} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080840 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2E08705-DFDC-4302-BFC0-3295E3E8D80D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-04] (Google Inc -> Google Inc.)
Task: {C799019A-D8BF-4C28-8D3C-33CBD9C3D1ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-04] (Google Inc -> Google Inc.)
Task: {C875B34A-E972-447C-908C-2F3263A23909} - System32\Tasks\Norton Remove and Reinstall\Norton Remove and Reinstall => C:\ProgramData\Norton\Temp\RnR_{C6B0E407-D655-4500-8E09-EB654238C328}\NRnR.exe <==== ATTENTION
Task: {CA7831C3-DBCE-43F6-A108-11D605F3CD32} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0EAC042-C908-4603-8E47-A707148FBB49} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D80A902A-6D3E-48B0-A4F4-C8C7AB504E39} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E05E8025-A7E6-4F77-9E05-2B8EDE150FA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004288 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4AD7C1F-F76F-4AE6-9E14-4B4CCFA831AB} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3730886342-3199546216-3749763402-1002 -> No File <==== ATTENTION
Task: {E96D555F-42B6-4119-82AD-E4F2056C96C0} - System32\Tasks\nCxuQEILlB => C:\nCxuQEILlBnCxuQEILlB\nCxuQEILlB.vbs <==== ATTENTION
Task: {EB1E8F8B-BD27-4531-B85A-9A6BF3A8710E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {EE93BCD7-2F4E-4E41-A456-46561D5D53EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FB047D18-8616-4495-A5D4-B31907225DD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {FCBC9BBE-D68F-4B39-89D3-CEE4E520BBA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FD3AA1D8-175C-40C0-A825-CBEF65BDFC3D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FE8E7159-AA17-49B2-A40F-84333F063123} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\{1D5A3542-B0A2-F328-0DAB-79B3A4E0611C}.job => C:\Users\user\AppData\Roaming\{89A3B~1\sync.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{243dbf65-0a76-443e-a640-791eba212f1c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4510e702-6826-4ae7-ad1c-6629adc0da21}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
DownloadDir: C:\Users\user\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> hxxp://www.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-07]
Edge DownloadDir: Default -> C:\Users\user\Desktop\michael pics\Stuff
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}

FireFox:
========
FF DefaultProfile: kivztw4y.default
FF ProfilePath: C:\Users\user\AppData\Roaming\TomTom\HOME\Profiles\97kb9q8x.default [2015-05-24]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-05-24] [Legacy] [not signed]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kivztw4y.default [2020-06-25]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ken7jfzv.default-release [2021-07-11]
FF Homepage: Mozilla\Firefox\Profiles\ken7jfzv.default-release -> hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620&param1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2B%2FsEw%2FaK8xVqZw2nMcBYYH0A5zhayWn05xfnwcAmf2nxTDXxE01ATt5uGkoZ%2Bv1RDN8n6XAt0nKdPgvwsYKk5y%2BIrb%2FOk1YrlC5BkadP7mziqWB2exQh6%2B1RM1541iAvhgida0BnLmxbh9X%2FLWSF7G8U9i1ciqaatyrc1kJNH5jLHS3PelDpypgzoUNIQk2CYGItK4CsbhViCn4D%2BPdw%2FnVN4aRzSmAlUjfHxtlMvIWpBvvcBotOBNukgyzpYVqSbgNPDKd3DUBQ0StQOTFATqOmqx7AFqO3MDMoyPIw%2F3AT6Y0DmYpeQ%2B8TtJL9KbPVz%2B2uKXY6C0l4SEPBg93FkAw%3D%3D
FF NewTab: Mozilla\Firefox\Profiles\ken7jfzv.default-release -> hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620&param1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2B%2FsEw%2FaK8xVqZw2nMcBYYH0A5zhayWn05xfnwcAmf2nxTDXxE01ATt5uGkoZ%2Bv1RDN8n6XAt0nKdPgvwsYKk5y%2BIrb%2FOk1YrlC5BkadP7mziqWB2exQh6%2B1RM1541iAvhgida0BnLmxbh9X%2FLWSF7G8U9i1ciqaatyrc1kJNH5jLHS3PelDpypgzoUNIQk2CYGItK4CsbhViCn4D%2BPdw%2FnVN4aRzSmAlUjfHxtlMvIWpBvvcBotOBNukgyzpYVqSbgNPDKd3DUBQ0StQOTFATqOmqx7AFqO3MDMoyPIw%2F3AT6Y0DmYpeQ%2B8TtJL9KbPVz%2B2uKXY6C0l4SEPBg93FkAw%3D%3D
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ken7jfzv.default-release\searchplugins\Yahoo powered search.xml [2020-07-03]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [No File]
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-19] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Microsoft Corporation -> Skype Technologies S.A.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-08-07]
CHR DownloadDir: C:\Users\user\Desktop\michael pics\Stuff
CHR Notifications: Default -> hxxps://aternos.org; hxxps://bloxawards.com; hxxps://ezrobux.gg; hxxps://meet.google.com
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR NewTab: Default ->  Not-active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR Extension: (Skype Calling) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-06-19]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-07-23]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Roblox Stats) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclphmdapapdejhlefddandngjhdkonb [2020-09-12]
CHR Extension: (Music Search for Chrome™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabmejfmdeoaabmealmmbjdjaojakka [2021-01-11]
CHR Extension: (Microsoft Rewards) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2021-08-06]
CHR Extension: (EditThisCookie) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-11-25]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2020-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-23]
CHR Extension: (BTRoblox - Making Roblox Better) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkpclpemjeibhioopcebchdmohaieln [2021-08-04]
CHR Extension: (Norton Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2020-08-26]
CHR Extension: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-07-30]
CHR Extension: (Roblox+) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2021-02-07]
CHR Extension: (Roblox Friend Removal Button) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgllchbkhjeiaombmpkapalbmpolmelp [2021-05-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-29]
CHR Extension: (Discord Screen Sharing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbhdgefieegnkbopmgklhlpjjdgmbog [2018-02-24]
CHR Extension: (TubeBuddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-08-04]
CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2021-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2021-08-04]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27]
CHR Extension: (AutoDraw for skribbl.io) - C:\Users\user\Desktop\michael pics\TerrariaStuff [2020-12-08]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-12]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam]
CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng]
CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8689024 2021-06-04] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-08-26] (Mixbyte Inc -> Freemake)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [734760 2021-07-11] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [733224 2021-07-11] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [733216 2021-07-11] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [733760 2021-07-11] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation -> Microsoft Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-07] (Malwarebytes Inc -> Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-01-07] (eSupport.com, Inc -> Phoenix Technologies)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-11-12] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows (R) Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-07] (Malwarebytes Inc -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-07 19:23 - 2021-08-07 19:28 - 000000000 ____D C:\FRST
2021-08-07 19:05 - 2021-08-07 19:05 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-07 18:52 - 2021-08-07 18:58 - 000000000 ____D C:\AdwCleaner
2021-08-07 16:37 - 2021-08-07 16:37 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-07 16:37 - 2021-08-07 16:37 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-07 16:36 - 2021-08-07 16:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-07 16:36 - 2021-08-07 16:35 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-07 16:36 - 2021-08-07 16:35 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-07 16:35 - 2021-08-07 16:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-07 16:34 - 2021-08-07 16:34 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-06 22:31 - 2021-08-07 00:01 - 000000000 ____D C:\Users\user\Documents\Medal
2021-08-06 22:31 - 2021-08-06 22:31 - 000000000 ____D C:\Users\user\AppData\Local\Ferox_Games_B.V
2021-08-06 22:24 - 2021-08-06 22:25 - 000002193 _____ C:\Users\user\Desktop\Medal.lnk
2021-08-06 22:24 - 2021-08-06 22:25 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medal B.V
2021-08-06 22:23 - 2021-08-07 15:18 - 000000000 ____D C:\Users\user\AppData\Roaming\Medal
2021-08-06 22:23 - 2021-08-06 22:27 - 000000000 ____D C:\Users\user\AppData\Local\Medal
2021-08-06 18:31 - 2021-08-06 18:31 - 000000000 ____D C:\Users\user\AppData\Roaming\com.moonsworth.client.javafx.MicrosoftAuthApp
2021-08-06 18:16 - 2021-08-07 14:04 - 000000000 ____D C:\Users\user\AppData\Roaming\lunarclient
2021-08-06 18:16 - 2021-08-06 18:21 - 000000000 ____D C:\Users\user\.lunarclient
2021-08-06 18:16 - 2021-08-06 18:16 - 000002352 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Client.lnk
2021-08-06 18:16 - 2021-08-06 18:16 - 000002344 _____ C:\Users\user\Desktop\Lunar Client.lnk
2021-08-06 18:16 - 2021-08-06 18:16 - 000000000 ____D C:\Users\user\AppData\Local\lunarclient-updater
2021-07-26 01:00 - 2021-07-26 01:00 - 000000000 ____D C:\Users\user\AppData\Local\VALORANT
2021-07-26 00:58 - 2021-07-26 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-07-26 00:34 - 2021-08-06 23:53 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-07-25 23:31 - 2021-08-06 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-07-25 23:31 - 2021-07-25 23:31 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-07-25 23:24 - 2021-07-26 00:58 - 000000000 ____D C:\Users\user\AppData\Local\Riot Games
2021-07-19 00:34 - 2016-03-02 20:21 - 008404354 _____ C:\Users\user\Desktop\PageTemplate.psd
2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-07-17 15:58 - 2021-07-17 15:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-07-14 11:34 - 2021-07-14 11:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-14 11:34 - 2021-07-14 11:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-14 11:34 - 2021-07-14 11:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-14 11:34 - 2021-07-14 11:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-14 11:33 - 2021-07-14 11:33 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-14 11:33 - 2021-07-14 11:33 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-11 17:28 - 2021-07-11 17:33 - 000000000 ____D C:\Users\user\AppData\Roaming\Honeygain
2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Honeygain
2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Local\IsolatedStorage
2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Local\Honeygain
2021-07-11 17:24 - 2021-07-11 17:24 - 000000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-07 19:31 - 2014-07-09 22:52 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-07 19:18 - 2014-06-01 11:35 - 000000000 ____D C:\Users\user\Documents\Youcam
2021-08-07 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-07 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-07 19:04 - 2021-04-18 15:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-07 19:04 - 2021-04-18 14:03 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-07 19:04 - 2021-04-18 14:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-07 19:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-07 18:59 - 2021-04-18 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-08-07 18:59 - 2015-11-27 19:28 - 000000000 ____D C:\ProgramData\HP
2021-08-07 18:59 - 2014-06-01 11:38 - 000000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard
2021-08-07 18:59 - 2014-06-01 11:37 - 000000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard
2021-08-07 18:59 - 2013-11-27 12:32 - 000000000 ____D C:\Program Files (x86)\CyberLink
2021-08-07 18:59 - 2013-10-17 21:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-08-07 18:59 - 2013-10-17 20:30 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-08-07 18:58 - 2015-11-27 19:31 - 000000000 ____D C:\Program Files\HP
2021-08-07 17:57 - 2014-08-26 20:59 - 000000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2021-08-07 16:36 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-07 15:17 - 2017-09-07 16:34 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2021-08-07 14:08 - 2020-05-24 14:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-07 14:08 - 2020-05-24 14:43 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-08-07 14:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-07 14:01 - 2021-04-18 15:19 - 000004140 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{61A2183A-3EE0-483A-B9B8-736FCAE6D452}
2021-08-07 13:59 - 2018-06-15 17:39 - 000000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2021-08-07 01:27 - 2021-01-12 16:29 - 000000000 ____D C:\Users\user\AppData\Roaming\Badlion Client
2021-08-06 23:53 - 2017-07-15 20:22 - 000000000 ____D C:\Riot Games
2021-08-06 22:24 - 2017-01-21 15:15 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp
2021-08-06 00:13 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-06 00:12 - 2015-12-05 14:53 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-08-06 00:11 - 2017-01-21 15:16 - 000000000 ____D C:\Users\user\AppData\Roaming\discord
2021-08-05 23:54 - 2019-02-18 22:14 - 000000000 ____D C:\Users\user\AppData\Local\Discord
2021-08-05 01:26 - 2021-04-18 15:19 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-05 01:26 - 2021-04-18 15:19 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 13:37 - 2018-06-15 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-03 18:12 - 2021-04-18 15:19 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3730886342-3199546216-3749763402-1002
2021-08-03 18:12 - 2021-04-18 14:15 - 000002387 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-03 18:12 - 2015-12-05 15:22 - 000000000 ___RD C:\Users\user\OneDrive
2021-08-03 02:49 - 2021-01-12 16:30 - 000000000 ____D C:\ProgramData\BadlionClient
2021-08-03 00:49 - 2018-01-26 18:10 - 000001431 _____ C:\Users\user\Desktop\Roblox Player.lnk
2021-08-03 00:49 - 2018-01-26 18:08 - 000001254 _____ C:\Users\user\Desktop\Roblox Studio.lnk
2021-08-03 00:49 - 2018-01-26 18:08 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-08-03 00:47 - 2021-01-29 20:52 - 000000000 ____D C:\Users\user\AppData\Local\osu!
2021-08-02 21:27 - 2014-07-09 22:53 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-02 21:27 - 2014-07-09 22:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-02 15:13 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-02 15:09 - 2021-04-26 11:14 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73457377619a7
2021-08-02 15:09 - 2021-04-18 15:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 03:59 - 2019-03-14 23:46 - 000000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2021-07-26 16:06 - 2017-07-15 20:24 - 000000000 ____D C:\ProgramData\Riot Games
2021-07-26 01:01 - 2018-03-28 21:36 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2021-07-26 01:00 - 2016-04-27 08:31 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-07-25 18:10 - 2021-01-12 16:29 - 000000000 ____D C:\Program Files\Badlion Client
2021-07-23 14:41 - 2019-10-21 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-07-23 14:40 - 2013-10-17 21:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-21 02:05 - 2017-02-18 00:00 - 000000000 ___RD C:\Users\user\Desktop\michael pics
2021-07-15 22:16 - 2015-09-24 23:21 - 000000000 ____D C:\Users\user\Desktop\UTC
2021-07-15 10:58 - 2021-04-18 14:35 - 000934962 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-15 02:45 - 2021-04-18 14:03 - 000550872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-15 02:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-07-14 11:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-14 10:34 - 2014-07-10 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 10:17 - 2014-07-10 19:25 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-11 16:47 - 2021-06-29 16:41 - 000000000 ____D C:\Users\user\AppData\Local\HP_Inc
2021-07-08 00:43 - 2016-04-27 08:31 - 000000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-07-08 00:43 - 2016-04-27 08:31 - 000000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories ========

2014-07-10 19:22 - 2014-07-10 19:22 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2020-05-05 02:37 - 2020-05-05 02:37 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2015-06-06 18:17 - 2015-08-02 20:00 - 000000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2020-05-10 16:11 - 2020-05-10 16:11 - 000000000 _____ () C:\Users\user\AppData\Roaming\Discord.xml
2015-03-05 19:54 - 2015-03-05 22:29 - 000042333 _____ () C:\Users\user\AppData\Roaming\DreamPlan.dmp
2017-03-18 16:55 - 2018-10-31 20:59 - 000213925 _____ () C:\Users\user\AppData\Roaming\PDNDwarvesPUFD.dat
2016-12-02 02:37 - 2016-12-02 02:37 - 002770453 _____ () C:\Users\user\AppData\Roaming\sb562.dat
2020-06-11 21:20 - 2020-06-11 21:20 - 000000054 _____ () C:\Users\user\AppData\Roaming\updater.cfg
2015-03-06 00:59 - 2017-07-22 20:21 - 000000538 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2017-03-10 20:55 - 2017-03-11 11:42 - 016961221 _____ () C:\Users\user\AppData\Roaming\Win7-KB3134760-x86.msu
2020-10-05 22:17 - 2020-10-05 22:17 - 000592322 _____ () C:\Users\user\AppData\Local\ars.cache
2017-05-13 12:45 - 2018-01-01 16:42 - 000000003 _____ () C:\Users\user\AppData\Local\Autosofted License Mouse.txt
2017-05-12 16:55 - 2020-07-26 21:32 - 000000003 _____ () C:\Users\user\AppData\Local\Autosofted License.txt
2020-10-05 17:27 - 2020-10-05 17:27 - 000000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache
2018-09-28 18:14 - 2020-07-19 20:05 - 000009430 _____ () C:\Users\user\AppData\Local\oobelibMkey.log
2020-11-16 00:09 - 2020-11-16 00:09 - 000001190 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2020-10-05 17:41 - 2020-10-05 17:41 - 000000010 _____ () C:\Users\user\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2021
Ran by user (07-08-2021 19:38:27)
Running from C:\Users\user\Desktop\michael pics\Stuff
Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-18 14:25:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3730886342-3199546216-3749763402-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3730886342-3199546216-3749763402-503 - Limited - Disabled)
Guest (S-1-5-21-3730886342-3199546216-3749763402-501 - Limited - Disabled)
user (S-1-5-21-3730886342-3199546216-3749763402-1002 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-3730886342-3199546216-3749763402-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (32 Bit) (HKLM-x32\...\ILST_22_0_1_32) (Version: 22.0.1 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_1) (Version: 22.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_1) (Version: 13.1.1 - Adobe Systems Incorporated)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_2) (Version: 13.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ApowerREC V1.0.8 (HKLM-x32\...\{6F2998B2-21F7-4CEF-94B2-C3919D939CF9}_is1) (Version: 1.0.8 - Apowersoft LIMITED)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{01C2C51F-B0CF-BB5E-A010-E927D44F7720}) (Version: 10.1.15063.137 - Microsoft) Hidden
ArenaPLAY (HKLM-x32\...\{4DB874CC-6C35-4198-9887-E9239BECD9E0}_is1) (Version: 0.3.0 - ArenaBG.com)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auto Presser 2.1.0.6 (HKLM-x32\...\{F8F36686-A16E-447D-B185-6022BAC49028}_is1) (Version:  - Ever-Soft.com, Inc.)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Badlion Client (HKLM\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.3.0 - Badlion)
BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.)
Blackmagic RAW Common Components (HKLM\...\{B5ABFF44-9702-4CA1-A7D8-DBA659709C49}) (Version: 1.7 - Blackmagic Design)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buildbox version 3.1.3 (HKLM-x32\...\{00BB419C-26D4-415A-BB41-727F9CF4BF02}_is1) (Version: 3.1.3 - 8cell, Inc.)
Capture One 21 (HKLM\...\Capture One 21_is1) (Version: 14.1.1.24 - Capture One A/S)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Discord Bot GUI (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Discord Bot GUI) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 127.4.4265 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Growtopia) (Version:  - )
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Honeygain (HKLM-x32\...\{C1922E93-B15E-460D-9C01-53E71109C2C6}) (Version: 0.10.2.0 - Honeygain)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Infinity (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Infinity) (Version: 3.0.39 - WeMod)
Inkscape 0.92.5 (HKLM-x32\...\Inkscape) (Version: 0.92.5 - Inkscape Project)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{4BAB7070-1D73-11E6-8844-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (HKLM-x32\...\{676C639E-1D73-11E6-BF2F-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (HKLM-x32\...\{51040000-1D73-11E6-A45D-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lunar Client (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.7.4 - Moonsworth, LLC)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Medal (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Medal) (Version: 4.1000.0 - Medal B.V.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20808 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13801.20808 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Teams) (Version: 1.3.00.24755 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{2909C9DF-9236-4733-8CE5-0BAFCFD78DBB}) (Version: 11.10.0 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20808 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Open MovieBox Version:1.10 (HKLM-x32\...\{A27E3C36-0820-4B43-91F4-84E4DF85F2DF}_is1) (Version:  - OpenCloner Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
OpenShot Video Editor (HKLM-x32\...\{C55769E7-0B81-4E22-B5CE-805506E6B6B2}) (Version: 2.0.7 - OpenShot Studios, LLC)
Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{0b1d0c56-c436-479c-867e-8ae1ace57390}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PhotoFilmStrip 1.4.1 (HKLM-x32\...\PhotoFilmStrip_is1) (Version: 1.4.1 - Jens Göpfert)
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PS4 Remote Play (HKLM-x32\...\{33B152D3-82A4-4318-9154-2B92E61A9300}) (Version: 2.5.0.09220 - Sony Interactive Entertainment Inc.)
Python 3.6.5 (32-bit) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 Add to Path (32-bit) (HKLM-x32\...\{1D3BE06D-5E44-48FF-8D61-B744808EBE46}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
QuEeNCoupon (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version:  - "")
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
ReMouse Micro (HKLM-x32\...\ReMouse Micro_is1) (Version: Micro V4.0 - AutomaticSolution Software)
Roblox Player for user (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for user (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\roblox-studio) (Version:  - Roblox Corporation)
Samsung Link 2.0.0.1411061504 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1411061504 - Copyright 2013 SAMSUNG)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 1.0.7 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.0.7 - General Workings, Inc.)
StreamWarrior (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StreamWarrior) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.2.5.3770 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3770 - TomTom)
TT server maker (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\40497d67f7197274) (Version: 1.3.5.0 - TThread)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.6.0f3 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal Minecraft Editor version 1.7.0 (HKLM-x32\...\{86633C3D-27BE-425D-993B-8917FE5EAD7E}_is1) (Version: 1.7.0 - oPryzeLP)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Video Watermark Maker 1.2 (HKLM-x32\...\Video Watermark Maker_is1) (Version: 1.2 - SoftOrbits)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{357D0CD4-8B72-8D65-7015-81DFB2BF9150}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E2F78B92-04DE-5350-14C0-7C281BF87D9E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{81A0EC8C-9462-BC98-0E5C-301DD7A46792}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D089A695-49F0-D3B2-0EBF-2BBC33A05CD6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
XMedia Recode 64bit version 3.4.8.7 (HKLM\...\{D31E6E69-4C6A-42CC-926F-CC7B186864EB}_is1) (Version: 3.4.8.7 - XMedia Recode 64bit)
Zoom (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-27] (Autodesk Inc.)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-12] (Box, Inc.)
Caesars Slots -> C:\Program Files\WindowsApps\Playtika.CaesarsSlotsFreeCasino_4.29.0.0_x64__7vjeg68vnncd2 [2021-08-06] (Playtika Holdings Corp)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.198.300.0_x86__kgqvnymyfvs32 [2021-07-23] (king.com)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-28] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.536.0_x64__v10z8vjag6ke6 [2021-07-11] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2018-08-24] (For Better Digital Life - 1st Famous Tool Provider)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-05-04] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-02] (Microsoft Corporation)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.488.34102.0_x86__55nm5eh3cm0pr [2021-08-01] (ROBLOX Corporation)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-13] (Snapfish)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
Wonder Reader -> C:\Program Files\WindowsApps\65417WebmasterWonder.WonderReader_1.1.0.0_x86__4dkw7tcfzkxdj [2017-07-31] (Webmaster Wonder)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2014-11-27] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-07-26] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\Desktop\ChessPuzzle.net.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eobmdnldcknhdkeolfabienlnkmkfngn
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ChessPuzzle.net.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eobmdnldcknhdkeolfabienlnkmkfngn

==================== Loaded Modules (Whitelisted) =============

2016-04-01 16:50 - 2014-05-19 17:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-04-01 16:50 - 2014-09-11 18:09 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-10-15 11:01 - 2018-10-15 11:01 - 000013312 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\libEGL.DLL
2018-10-15 11:01 - 2018-10-15 11:01 - 001950720 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\libGLESv2.dll
2013-09-25 07:48 - 2013-09-25 07:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:24 - 2013-10-14 11:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-25 20:49 - 2013-10-25 20:49 - 000028160 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-24 17:53 - 2013-10-24 17:53 - 000032768 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000028672 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 004671488 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000686080 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000070656 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-07-23 20:18 - 2013-07-23 20:18 - 000038912 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 20:18 - 2013-07-23 20:18 - 000227840 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 20:18 - 2013-07-23 20:18 - 000012800 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 20:18 - 2013-07-23 20:18 - 000046592 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-10-22 10:48 - 2013-10-22 10:48 - 000707072 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 17:53 - 2013-10-24 17:53 - 000107008 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 005717504 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-12-11 17:46 - 2013-12-11 17:46 - 001114624 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-12-11 17:46 - 2013-12-11 17:46 - 000102400 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000064000 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-10-25 20:53 - 2013-10-25 20:53 - 000012288 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 20:53 - 2013-10-25 20:53 - 001033728 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000399826 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000147456 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000290816 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000289792 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-12-11 17:46 - 2013-12-11 17:46 - 000077312 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000450560 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000024064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000023040 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-04-19 17:38 - 2013-04-19 17:38 - 000055808 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000024064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000520234 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000152064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000366592 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000013824 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-25 20:53 - 2013-10-25 20:53 - 000117248 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000044032 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2013-12-11 17:45 - 2013-12-11 17:45 - 000017920 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-12-11 17:45 - 2013-12-11 17:45 - 000134144 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 20:48 - 2013-10-25 20:48 - 000012288 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2015-01-08 11:41 - 2011-04-28 02:11 - 005573632 _____ (Codejock Software) [File not signed] C:\Program Files (x86)\CyberLink\Power2Go8\ToolkitPro1110vc90U.dll
2013-10-14 11:34 - 2013-10-14 11:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-10-14 11:23 - 2013-10-14 11:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2013-02-14 20:42 - 2013-02-14 20:42 - 000765952 _____ (LIBGD Development Team) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\bgd.dll
2017-03-29 22:08 - 2017-03-29 22:08 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2021-04-18 14:26 - 2021-04-18 14:26 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2021-04-18 14:25 - 2021-04-18 14:25 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-02-14 20:42 - 2013-02-14 20:42 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\pthreadVC2.dll
2013-02-15 17:54 - 2013-02-15 17:54 - 000042496 _____ (Samsung Electronics) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DirectoryScanner.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2018-03-27 21:33 - 2018-03-27 21:33 - 001370624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll
2018-03-27 21:33 - 2018-03-27 21:33 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll
2018-10-15 11:11 - 2018-10-15 11:11 - 000038912 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2018-10-15 11:12 - 2018-10-15 11:12 - 001096704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2019-04-26 16:12 - 2019-04-26 16:12 - 004785152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll
2018-10-15 11:05 - 2018-10-15 11:05 - 004970496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll
2018-10-15 11:05 - 2018-10-15 11:05 - 000961024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll
2018-10-15 11:09 - 2018-10-15 11:09 - 004468224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll
2018-10-15 11:02 - 2018-10-15 11:02 - 000150016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll
2019-04-26 16:08 - 2019-04-26 16:08 - 000137728 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll
2016-04-01 16:50 - 2014-09-11 18:10 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:10894A2E [144]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620&param1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2BahYlQeW6JGwEqy2%2FqV5Lo%2FGGm1DcysJq6qyI5JD7ynZCgaJmEyCkaLr19RkKeZj9vzleRd%2FqpSyAdwOJ%2BDE9bt30LMRbiBx4V8gU9HfvBXiuPABeNaAc%2B9I4%2BOA6Wks2m39MMf7PmeStRPxOmsJZZHdoY%2FF0t%2BRoV9K2FYfISoGMdSyHPznAPwi%2BK4TU4k%2Fv6PE3Unm%2F3CwzUPw4U42OZSvIz%2BUX3vHkjQaMACjbwiSryJMAr3cUrRSMLsVJVnCvobcbJ%2Bng1nEnLrePkYRWEwkP%2BeOMgRF5KOy7Uym3AnBhiFFaWGQ6%2FqvCNK8JMHFc
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.14.2.13&locale=en_GB&guid=808C2063-B9EB-4ADD-8FA4-A943E645124B&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\sharepoint.com -> hxxps://wmcutc.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2021-08-07 01:14 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TomTomHOMEService => 2
HKLM\...\StartupApproved\StartupFolder: => "MouseRecorder.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\StartupFolder: => "Windows.vbs"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A008D3C4AC1F70CC0223825A47FA7BBC"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Windows Update Service"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "ApowerREC"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AD06C29B-E119-4491-AC3A-49487ABACF42}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{C16F59B1-FADF-4575-BAE4-C2E58AFA1003}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{41320FD6-7C6F-4057-8DCF-22738F63A08D}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{C281B0C7-7EBC-4ADB-8BA6-8845AB0C7455}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{7028E946-AE8F-4AB3-9B19-225481A9B59F}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{328495F9-265A-4694-9EE1-0516F6BB0AB9}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{7009B99B-42B2-4F07-B170-53C6A82581F5}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{FD27BEA6-CC02-4F20-8E6A-1355AA7155D5}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{96682165-8047-408A-93A4-FA9552164DA1}] => (Block) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [{387E4787-1608-4FEE-BD99-8F9B61230A22}] => (Block) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{EEA73B6F-FBD0-48CE-B443-E3D537335606}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{684F0A4A-3E18-425A-80AE-BA897B327EE2}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [{CB51AA6D-FA1B-4F41-BB94-352089CA65E0}] => (Block) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{DDF838E9-8BE9-4544-9A47-397D44EED25F}] => (Block) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{9F99EEF6-6AF3-46CE-9F59-45BBBFBF6F4B}C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe] => (Allow) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{F72725C1-2A2F-41B1-9CC6-0B72F0F32C62}C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe] => (Allow) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{1C4DB371-BAC1-466C-AC8B-AB6E8DB02609}] => (Allow) C:\Users\user\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe => No File
FirewallRules: [{440D5222-1C58-4703-8AC6-3655ACB84EF9}] => (Block) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [{F187FBF8-8C9F-4C3D-985A-33461DA27F7C}] => (Block) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [UDP Query User{EF61DE81-28A1-45C5-82B8-8264B969A205}C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe] => (Allow) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [TCP Query User{542F0064-9FBB-47DC-A456-5E0567157D71}C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe] => (Allow) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [{794CE675-DBA3-465E-90D1-AD061A00BE14}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{53F0EE52-610E-42C8-ADEB-AFB1F1FE0592}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{FB581C68-3976-46B1-91A1-9E6704777D55}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{7C910F31-6EFC-4428-8D8B-879E3AF707C7}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{0161739F-CEFB-4A9A-872E-978E6E368709}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{0B5E754A-289B-4F38-92FC-DC40E2D39865}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{830EDFD4-3AAB-4B6F-B94B-21B77B415E5F}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{6F5FE567-F453-4A95-805E-209AB96A123D}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File
FirewallRules: [{7816257C-9093-4EEF-B48F-0FA17256E3B2}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File
FirewallRules: [UDP Query User{A2EDE705-E533-4F18-8928-1474047ACE4D}C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File
FirewallRules: [TCP Query User{DCC5237A-D85C-4E43-A7F7-C4CF916770BE}C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File
FirewallRules: [{EEFDFF33-777A-4078-89B7-FBA967BF59C1}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File
FirewallRules: [{79103D03-F232-49CF-B297-FE2436ED2ACA}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File
FirewallRules: [UDP Query User{230000CE-EAB7-4354-8B96-8BA214331B93}C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File
FirewallRules: [TCP Query User{85F2DD34-24EF-45D9-8CBC-BA270590D80E}C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File
FirewallRules: [{B68BCE4F-FBE1-44D0-9075-777B034C7AB7}] => (Block) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File
FirewallRules: [{C7F14D69-6F9C-4495-B2A8-C2AD37D474DE}] => (Block) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File
FirewallRules: [UDP Query User{D9552218-76B8-4DB6-9B2D-B94FD1A6D802}C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File
FirewallRules: [TCP Query User{2954C3EB-191D-494B-B4C1-ED362ED46FDE}C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File
FirewallRules: [{EA521349-02E4-43F4-8DD4-BDCD855D9A59}] => (Block) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed]
FirewallRules: [{ECE50143-25AF-43B0-B56D-F55E6C018316}] => (Block) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed]
FirewallRules: [UDP Query User{7D4E0DDD-5321-49FD-9574-BBE6E64208EF}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed]
FirewallRules: [TCP Query User{0A7842EA-FE63-4430-B634-1869FE88C0C7}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed]
FirewallRules: [{65846DB3-7E35-4A4D-ADB5-C6DF6BC844DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{7F57CC26-D8EE-4390-B40B-ECB74A16ECB6}] => (Block) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File
FirewallRules: [{2D35E932-A699-4F0C-8AFF-2B3DA33A1762}] => (Block) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File
FirewallRules: [UDP Query User{C1335533-D8BF-49E4-86D4-9566397991CA}C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File
FirewallRules: [TCP Query User{37900802-D93A-4C43-9644-7F5A7C247434}C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File
FirewallRules: [{AB2089D3-0FBA-4095-B3E9-F756CE11C912}] => (Block) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File
FirewallRules: [{AFB8E4C2-606B-4E45-95CE-414E150E4EF2}] => (Block) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File
FirewallRules: [UDP Query User{F4A902E7-BF88-479B-9605-D2C9141B9E6B}C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File
FirewallRules: [TCP Query User{099A54C2-EE56-468D-AE03-DED3F2BE10FD}C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File
FirewallRules: [UDP Query User{D8F5D940-8B79-4CAF-9C36-E48AE93F48EE}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{CA480E83-1FDC-4520-A668-331F3A00AB91}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{F51E3C6F-B329-441C-B26D-8CFC4A54A0C9}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [TCP Query User{C5EFFEFF-B42F-4EBF-B13B-93D9476C7819}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [{91B09C1A-A948-4A57-990E-78415C1CE115}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [{DD388E28-909C-4D83-8A7F-B85E63E991A9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{A0827E8E-1E81-4F78-A1F6-259C49B9FF27}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
FirewallRules: [{7AB5AF1C-6C43-41C2-9263-9CB4582FAB27}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{CDE410A8-7DF6-4E18-9D65-5F02C5F0C5B6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{A56C517C-61AB-456E-B355-0930FBDF35ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{B664692C-A44F-4A5A-873C-847D44CE3CCB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{CD852D2D-2CF8-4812-A259-62B5CB6A1DF9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{D325DC93-FF01-4EA3-8B4E-979BDCECC6A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{A9FB8453-8A3E-4993-9DC3-9DFD18795ABC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{704B6E3D-B7F2-4507-A578-93B75D75E69E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5E2C03D-FB36-4644-A938-1FC68C483D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A49FFA0-251D-4305-8093-0460A34C8D0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{44B9D8F9-6430-4CC5-9A3C-43CDF22CE403}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37C9A409-6CD5-42DB-B3E0-77457BFDB977}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{FB76128F-F362-4222-8BBD-298532CD9397}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{0E99CAE3-7E19-4475-B382-FC18742D1EB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed]
FirewallRules: [{70194205-F7EB-47B2-A317-4F44C405A49C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed]
FirewallRules: [{7046A04E-7649-4CA0-A496-9BAEEC5B2ACF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{89D58FD8-5654-4D06-B386-F50D3B566BB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{F75E73F3-1955-4CF1-8AF8-728BCD51F7D9}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)
FirewallRules: [{E8FC08EF-8B38-4F44-9642-99282E905BC1}] => (Allow) LPort=25565
FirewallRules: [{3871BF81-E429-4EF1-AC9F-4F8F570D728D}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [{0DCAF7B3-2736-411D-B393-0295D8FAD54E}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [{59FA7917-B9EE-4564-A8D9-E9A5464FD1F5}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [{3F2AC2D5-0681-4BE5-860A-EA79CBD0D5D1}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [{7C104D8F-C1B0-448D-B99E-793E526023D8}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [{F517E647-50A6-40F7-984D-F7BF387CDC6E}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [{7F6AC215-B6A5-4531-B856-0153A4C08048}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{37DB23E9-B1E2-4B65-A696-17E0FD58C681}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{E0AF664D-102D-49E1-89A1-4C04085BB8BC}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [{661B6037-FC41-4B6D-8D3F-C7F7BDB72831}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [{2AC136F7-8C5C-45EF-A593-AF220197BF15}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [{166A4C76-6D5E-40D6-BE0C-3ADAEF274D1B}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [{F2AA4E77-EA10-42F5-9DDD-24512DA01DEE}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [{663DF447-B439-4198-9F30-B1E6BF045B07}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [{BFD442B7-55A6-4C8B-B508-3F55D81FD4A2}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{3A6A003C-9F2D-4366-8D5D-835FD5B37843}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{D40FD69C-6366-4FCE-9247-8DA6549DA91C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C9D1CCBC-53B7-4653-BCC9-178349267F2F}] => (Allow) C:\Users\user\Desktop\michael pics Real\Simple Port Forwarding\spf.exe => No File
FirewallRules: [{D6E8ABC9-FA20-4FD0-A187-F8A8806A1848}] => (Allow) C:\Users\user\Desktop\michael pics Real\Simple Port Forwarding\spf.exe => No File
FirewallRules: [{1B4D5ED2-C7CD-4D03-A7E2-7255F087F98C}] => (Allow) C:\Users\user\AppData\Local\Temp\Rar$EXa0.348\Simple Port Forwarding\spf.exe => No File
FirewallRules: [{049E3152-1FCA-46B3-820A-43C97206D779}] => (Allow) C:\Users\user\AppData\Local\Temp\Rar$EXa0.348\Simple Port Forwarding\spf.exe => No File
FirewallRules: [{0D2650FB-A710-4B0F-BB34-34FB33EC0636}] => (Allow) LPort=25565
FirewallRules: [{1499DD9F-1211-4C09-A98F-F5140E442267}] => (Allow) LPort=25565
FirewallRules: [{91E70E5E-7985-4B49-875A-881B3F706677}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [{283D75FC-7150-4669-A24E-054A20F5A8BC}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [UDP Query User{DE737C0A-FABC-41C4-A3B9-CB99DD2997AF}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [TCP Query User{F72993BE-EA68-4CAC-B5BA-55C7DA472B48}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File
FirewallRules: [UDP Query User{14131A74-80BC-4E64-9C85-72A2440864D2}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CE345A09-2EC8-444D-BCAD-40562F834DFF}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File
FirewallRules: [UDP Query User{26728035-2304-446F-A707-55A8FA946822}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [TCP Query User{375A8375-B1C7-45E0-8F69-2F9E8940EA6A}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File
FirewallRules: [{40CC127D-1777-42BC-815E-47A9385AE86C}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File
FirewallRules: [{8B36415D-65E1-40AF-8F60-4534E59630EF}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File
FirewallRules: [{13CA4837-A3EA-4F7E-8F5A-D613A52987E7}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File
FirewallRules: [{F6BF1B3D-3BAB-4A7E-90FD-DED2F95300C6}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File
FirewallRules: [{B6629791-7022-4827-98B3-E5BBA4E8F28B}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File
FirewallRules: [{5AD48F70-88E7-4443-916F-BB56D385273E}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File
FirewallRules: [{385AA35E-24F7-4C79-82AA-D5ACA2D7B367}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{E649E2BE-1FBF-4325-8630-7397E03751CF}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D5F2F37B-3D92-4F62-83F8-D0ACB6AFE926}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F5C8924D-64A0-4EFC-B465-AA495993D58E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File
FirewallRules: [{2266440E-4299-4897-ABF0-DC88FAE6280A}] => (Allow) C:\Users\user\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{767CE676-2103-44A9-9DCD-140E8EBCF410}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9369C2C1-61C3-4951-B618-EF7F60F52FAD}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C5511C83-26C2-49EA-875F-BFE530E05375}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{F5514A5E-4F6A-46C4-B053-6072B98DE63A}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{D7BC023E-5FD3-4A65-8A51-F43689156CAD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{DD32E0CC-FE8F-4A02-ABF2-770D804B8C14}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{4BD1AA86-CF01-4F2A-85B3-AEDF08D24E2B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7C60DB81-362E-4D4C-8386-D3E5D4D6A2D9}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File
FirewallRules: [UDP Query User{EC580252-94A4-41B5-830A-A61480BB25F4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6444CFD7-AA1D-444F-AC59-FF52DEC28AD7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{534721A3-6EB9-4EB3-8291-7EC17FA0FB09}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5D3C6483-04BB-4527-85EA-A77A76F56056}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F769FAB9-07D1-4324-9CFC-7F73D16E348C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{DF492361-6D99-41F6-8074-C7F7834A257A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{F5D074BC-18B1-4352-98C1-64701D3E7A01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{BD558DF4-C19C-44C2-9E5C-02D40F2FBE77}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0FA1FBED-A66F-4A3D-A91F-9CECFA04B3C1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2EC864DB-F86F-48E5-9B1C-8FCB263F5CE4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{89A19479-6A2F-48A7-B8FD-2CFA249E9EB9}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{83344CFE-385F-43A1-AA0B-4E5B9FF81C22}] => (Allow) LPort=1900
FirewallRules: [{F64ED9BE-2E34-42B3-898E-C6456391CFCB}] => (Allow) LPort=7900
FirewallRules: [{3B56E3EC-3F83-4C23-8336-FEBAB82D1953}] => (Allow) LPort=24234
FirewallRules: [{0FFD8157-36D0-42C8-ABE0-49728B420C7F}] => (Allow) LPort=7679
FirewallRules: [{9A2777EF-4688-42AC-9BDD-7414DC5E6D09}] => (Allow) LPort=7676
FirewallRules: [{85B2190E-B570-4129-8330-4E4EC011350A}] => (Allow) LPort=8643
FirewallRules: [{C82FCAB9-D359-4121-A0C8-2BC4ED71D310}] => (Allow) LPort=8743
FirewallRules: [{88E859A3-613A-44A8-AA61-1DDC1DCE7E56}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
FirewallRules: [{6F614973-3716-44BD-94AE-7F5B870C610C}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
FirewallRules: [{80F7BCD5-7571-43AA-96A2-4C31AFD3DBE0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
FirewallRules: [{3D6EE748-A51F-4E82-96F4-430E026396B7}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed]
FirewallRules: [{EB587F70-5863-4B83-BA55-1A9A3657B797}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{A24BCCB4-58CA-449D-86D3-192146D98A57}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{9457CC07-208E-4D5B-B78B-970B6BF103FA}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{AD0FDFE5-3373-473E-AE0B-AAC309E4A14B}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG)
FirewallRules: [{2A5F1340-0344-48C8-8D1D-0F168C26A52E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{79E17D24-29C2-4092-A707-523CF04D3328}] => (Allow) C:\Users\user\Desktop\SimCity_2013_Offline_nosTEAM\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [{7C535047-0DCD-46B7-A3FF-67FABDCD44F8}] => (Allow) C:\Users\user\Desktop\SimCity_2013_Offline_nosTEAM\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [{17E0AF3F-1085-4387-A387-5A36BC2A8A4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{35E276A6-0965-45BB-90C9-7D48B2A30E83}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{B33A28EB-5287-4314-8819-A881E53BF1FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B31CAC5D-E9C3-45FB-881C-2E85D92F0DF6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2789DF3F-DAA7-488F-8502-4CC671DA9597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D7E851C8-35A8-49BE-AF37-87E95F8243CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{54436BEC-0A37-4C21-980D-EF06AC6E4170}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [{213EAB6F-ACC5-411A-BED0-8EA18CB93AB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe => No File
FirewallRules: [{5AC44778-0638-4388-9DEC-1B85CD3A35AE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe => No File
FirewallRules: [TCP Query User{CCCE989D-B726-480D-8898-05CCC453AE49}C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe] => (Block) C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe => No File
FirewallRules: [UDP Query User{F2F7EEBA-4A93-4409-87CF-7418D634D16C}C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe] => (Block) C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe => No File
FirewallRules: [{DE68AC03-3D16-4730-9FC1-39A0A5579D73}] => (Allow) C:\Program Files (x86)\ArenaPLAY\ArenaPLAY.exe (Elian Geshev -> ) [File not signed]
FirewallRules: [{1F76A40F-AA66-4D9C-BB12-1B19CEE3E039}] => (Allow) C:\Program Files (x86)\ArenaPLAY\ArenaPLAY.exe (Elian Geshev -> ) [File not signed]
FirewallRules: [TCP Query User{61A0FC30-6D52-4CB7-9C81-04D7ED393236}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [UDP Query User{CC3C766A-8BC2-4A06-8B1D-43E9E4E4FF78}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [{9E67F366-2616-40B8-9B15-7A347DF1F9F1}] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [{EBF5C798-AC0C-4381-A88A-E2D30EDEA81A}] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed]
FirewallRules: [TCP Query User{20338307-54AE-4938-B8E7-AB8AE7C70B45}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{5C6E2F05-9BCB-4020-919E-667F61F5D03F}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{4BE02E5E-B81B-408A-97E5-6AA9F6262C50}] => (Block) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{FC0CED2A-358B-41C4-A2A9-013AC0122243}] => (Block) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{AC2DC41F-C884-44D7-A49B-5293D7B6B53F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F24178FB-EB2C-4B83-87CE-B6A713515C23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2580B296-FA6A-48D2-9FF9-B6A57E747023}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BECFF3C7-0146-422F-A495-327E461668FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9366058E-1179-4CEA-B0FE-59C8072C29DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe () [File not signed]
FirewallRules: [{B8A2F8D0-649D-4694-BDA1-1DEB8550F336}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe () [File not signed]
FirewallRules: [{22D3E936-4116-4C70-A783-347008342145}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{DE782179-BFEA-40AF-972F-21D3DE95A707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{732F80DB-DFF1-4A80-B450-342DE7D56FF6}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{5A1AB36F-CFED-49BB-BE38-26F17868C6A9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{02305CF7-EA74-4BFD-863A-66DB2C662811}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{9CA15809-D047-42F9-92DC-77A6B9934901}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{F9BF81FA-BCFC-42A0-9D85-C4FEB5D336D4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEC37CC4-129D-4345-80E1-F83BC1AAB1D1}] => (Allow) LPort=2869
FirewallRules: [{C9A5AA6D-2AF0-41C1-A952-17448EB11022}] => (Allow) LPort=1900
FirewallRules: [{59FE8F1E-2509-44C7-B696-BD9D2002B8DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{257B2B8E-866D-434C-BF57-6042A38361C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9772DCFA-41C0-4485-8636-E9C5B2CC531B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{AF536D51-D647-43D1-9A79-683F9960C80F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{D5B36552-F3B2-4A4B-B74B-F039B71731FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed]
FirewallRules: [{75481D24-6A14-432B-BE83-E3EC64432F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed]
FirewallRules: [{4705DFB9-2916-4B63-8C4C-E0D4CB6F8BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed]
FirewallRules: [{308DAA9F-14A7-451D-BC16-4197B9D40B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed]
FirewallRules: [{77961A1E-43F2-49CD-BEBA-26175CC6C39F}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [TCP Query User{7D3AFE52-15B6-4A19-AA1B-BEC79C4B7636}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [UDP Query User{58FF18B1-A721-4994-A3D8-3810E4E3CE1D}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [{A5280AC1-53BB-4599-9BBF-202D2D3FF943}] => (Block) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [{A91C7160-9622-4ACF-8670-69A1B8708CBD}] => (Block) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [TCP Query User{33F46796-B53E-4899-8A13-EA7898A9E69C}C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{9390B73E-A22E-4196-8D8D-643A0C1F71B3}C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{3B9C61E8-EA04-4C11-BB6B-1DD213406A9A}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{98086396-5EF1-4A42-89CB-BBFF72EDB926}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{01BB96AB-C9D8-4B7A-986F-C150E33371F3}] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{4AC06A32-F947-4F41-8888-200704FA84EC}] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{E2A8A23B-3343-48FF-8627-448A9DFB9F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B20A60CA-A140-42A0-85F1-D90E817250E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25837DE9-B46D-4DEB-9307-EC65B8286B12}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0C9C195-AA84-4B71-9BEE-AC6F48ACD4A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B20204C6-F6D1-47BE-83FD-ED5C8D80AEAF}C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe
FirewallRules: [UDP Query User{FC8075BE-5BCE-40F3-B4C5-8E38BC207E00}C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe
FirewallRules: [{C0CF32C3-2FC0-4B5B-8C4E-5691FDFD24CD}] => (Block) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe
FirewallRules: [{1DEC6F21-59AE-4EE6-B362-D54660740E6B}] => (Block) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe
FirewallRules: [TCP Query User{ADC888F3-F50C-42C4-A9F8-09271C725935}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{2D76BE96-FD55-405B-9063-362CD81FAB2F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{4E4896FA-B896-466A-AC59-0B55DE91FE80}] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{88DEAFA1-0299-4BB1-B7AA-8E707390F916}] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{93DB3C7F-452C-4A78-95DD-3617601952EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EA0BA61-E539-41E3-BD09-C5F89520128A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{BF438451-822A-41A1-B19B-3AE817ED00F8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{18F828AE-CE15-48BA-B8FB-752D12885918}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{03AC24EB-5B4C-4FB7-8073-54C3CB5F8216}] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{224F0F30-7FB2-4522-A6BB-9D637E95E235}] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{B10A7FD8-E452-40F1-9C37-A9B60BEC5D71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{EE15FA8D-879D-4CC5-A6C1-A930155F320B}C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{DDD317D4-96DF-4E26-977F-8D0E136A21A2}C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{E006A46F-CF69-4FD4-B578-25D1425E7651}] => (Block) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [{6D6A189A-6CB4-4735-85FC-139ADAA7D725}] => (Block) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe

==================== Restore Points =========================

29-07-2021 18:39:45 Scheduled Checkpoint
06-08-2021 19:49:55 Scheduled Checkpoint
07-08-2021 18:56:54 AdwCleaner_BeforeCleaning_07/08/2021_18:56:53

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/07/2021 07:04:09 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/07/2021 03:16:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MedalEncoder.exe, version: 3.422.0.0, time stamp: 0x61081e0d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc000041d
Fault offset: 0x0000000000034ed9
Faulting process ID: 0x638
Faulting application start time: 0x01d78b968212e849
Faulting application path: C:\Users\user\AppData\Local\Medal\recorder-3.422.0\MedalEncoder.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 83d1478a-80c3-4032-bc6e-c519275b475e
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/07/2021 03:16:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MedalEncoder.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException

Error: (08/07/2021 03:14:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MedalEncoder.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException

System errors:
=============
Error: (08/07/2021 07:15:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service did not respond on starting.

Error: (08/07/2021 07:11:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.

Error: (08/07/2021 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error: 
The system cannot find the file specified.

Error: (08/07/2021 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (08/07/2021 07:09:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.

Error: (08/07/2021 07:04:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (08/07/2021 07:04:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (08/07/2021 07:04:06 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Windows Defender:
================
Date: 2021-08-07 19:38:09
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Dakkatoni.B!MTB&threatid=2147751522&enterprise=0
Name: Exploit:iPhoneOS/Dakkatoni.B!MTB
Severity: Severe
Category: Exploit
Path: file:_C:\Users\user\Downloads\yalu102_beta7 (1).ipa; file:_C:\Users\user\Downloads\yalu102_beta7.ipa
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\user\Desktop\michael pics\Stuff\FRST64.exe
Security intelligence Version: AV: 1.345.129.0, AS: 1.345.129.0, NIS: 1.345.129.0
Engine Version: AM: 1.1.18400.4, NIS: 1.1.18400.4

Date: 2021-08-07 19:38:09
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Dakkatoni.B!MTB&threatid=2147751522&enterprise=0
Name: Exploit:iPhoneOS/Dakkatoni.B!MTB
Severity: Severe
Category: Exploit
Path: file:_C:\Users\user\Downloads\yalu102_beta7 (1).ipa
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\user\Desktop\michael pics\Stuff\FRST64.exe
Security intelligence Version: AV: 1.345.129.0, AS: 1.345.129.0, NIS: 1.345.129.0
Engine Version: AM: 1.1.18400.4, NIS: 1.1.18400.4

Date: 2021-08-07 14:13:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-04 10:27:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-08-03 17:55:48
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-18 22:16:39
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.994.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-07-11 15:17:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.618.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-07-11 15:11:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.618.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-07-11 15:11:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.618.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070102
Error description: The wait operation timed out. 

CodeIntegrity:
===============
Date: 2021-07-08 16:44:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.173.0.16\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-22 21:40:36
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.173.0.14\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-12 11:25:12
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.170.48.15\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: Insyde F.19 07/14/2016
Motherboard: Hewlett-Packard 216B
Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 56%
Total physical RAM: 7366.26 MB
Available physical RAM: 3212.55 MB
Total Virtual: 11206.26 MB
Available Virtual: 6718.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:911.61 GB) (Free:480.52 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (MathsWatch High) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

\\?\Volume{0f94f36e-3a11-4e49-ba04-6b7ae000c477}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS
\\?\Volume{bb741e18-5e1d-453a-97a1-0abb940888ff}\ () (Fixed) (Total:0.96 GB) (Free:0.33 GB) NTFS
\\?\Volume{999054ce-759b-4197-aaaf-b354ff3acda5}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA)

Partition: GPT.

==================== End of Addition.txt =======================

[Windows Script Host]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-05.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-07-2021
# Duration: 00:02:19
# OS:       Windows 10 Home
# Cleaned:  185
# Failed:   0

***** [ Services ] *****

Deleted       chromium
Deleted       chromiumm

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\Chromium
Deleted       C:\Program Files (x86)\Digital Communications
Deleted       C:\Program Files (x86)\DriverRestore
Deleted       C:\ProgramData\565D9CE2000063D7
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Deleted       C:\ProgramData\Tencent
Deleted       C:\ProgramData\apn
Deleted       C:\Users\Public\Documents\Guid
Deleted       C:\Users\user\AppData\Local\Programs\Walliant
Deleted       C:\Users\user\AppData\Local\Tencent
Deleted       C:\Users\user\AppData\Local\Walliant
Deleted       C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant
Deleted       C:\Users\user\AppData\Roaming\PARETOLOGIC
Deleted       C:\Users\user\AppData\Roaming\RHEng
Deleted       C:\Users\user\AppData\Roaming\Tencent

***** [ Files ] *****

Deleted       C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk
Deleted       C:\appverifier.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINECORE
Deleted       C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINEUA
Deleted       C:\Windows\System32\Tasks\LAUNCHPRESIGNUP
Deleted       C:\Windows\System32\Tasks\SYSTEM OPTIMIZER SCHEDULE

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\CLSID\{F7B8E2CA-97DF-4974-BDF1-3D93EDC93A5E}
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Deleted       HKCU\Software\DriverRestore
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safestsearches.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|System Optimizer
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Walliant
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E72E2194-F430-4F4A-A262-1C8FF081B3A5}_is1
Deleted       HKCU\Software\ParetoLogic
Deleted       HKCU\Software\csastats
Deleted       HKCU\Software\win
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08BA182-D8B8-4055-9CED-47387356907B} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F00801-0FD5-49CD-81B1-F7A8857E5AA3} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08BA182-D8B8-4055-9CED-47387356907B} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA250188-8951-489A-A93B-F3ACE5520023}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineCore
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineUA
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Optimizer Schedule
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
Deleted       HKLM\Software\AppApcVerifier
Deleted       HKLM\Software\Classes\Chromium.OneClickCtrl.9
Deleted       HKLM\Software\Classes\Chromium.Update3WebControl.3
Deleted       HKLM\Software\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Deleted       HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Deleted       HKLM\Software\DriverRestore
Deleted       HKLM\Software\GPCWValidatorService
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromium
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromiumm
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\WebBar
Deleted       HKLM\Software\Wow6432Node\ParetoLogic
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\System Optimizer_is1
Deleted       HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
Deleted       HKLM\System\Setup\FirstBoot\Services\chromium
Deleted       HKLM\System\Setup\FirstBoot\Services\chromiumm

***** [ Chromium (and derivatives) ] *****

Deleted       Extutil - booedmolknjekdopkepjjeckmjkdpfgl
Deleted       Managera - flpcjncodpafbgdpnkljologafpionhb
Deleted       ogminpmldncgcmokldnmmapddoccmhfl

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser
Deleted       Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Folder   C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Folder   C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE
Deleted       Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Deleted       Preinstalled.HPCoolSense   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\user\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.WildTangentGamesBundle   File   C:\Users\Public\Desktop\WildTangent Games for HP.lnk
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\FARM FRENZY
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\POLAR BOWLER
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\WEDDING DASH
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [23970 octets] - [07/08/2021 18:54:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Sorry yes I did it takes 66 seconds for me to reply

 

currently doing the fabar thing

[Windows Script Host]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-08-05.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-07-2021
# Duration: 00:02:13
# OS:       Windows 10 Home
# Scanned:  31992
# Detected: 185

***** [ Services ] *****

PUP.Optional.FakeChrome         chromium
PUP.Optional.FakeChrome         chromiumm

***** [ Folders ] *****

PUP.Adware.Heuristic            C:\ProgramData\565D9CE2000063D7
PUP.Optional.Conduit.A          C:\Users\user\AppData\Roaming\RHEng
PUP.Optional.DriverRestore      C:\Program Files (x86)\DriverRestore
PUP.Optional.DriverRestore      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
PUP.Optional.FakeChrome         C:\Program Files (x86)\Chromium
PUP.Optional.Legacy             C:\ProgramData\Tencent
PUP.Optional.Legacy             C:\Users\Public\Documents\Guid
PUP.Optional.Legacy             C:\Users\user\AppData\Local\Tencent
PUP.Optional.Legacy             C:\Users\user\AppData\Roaming\Tencent
PUP.Optional.RegCurePro         C:\Users\user\AppData\Roaming\PARETOLOGIC
PUP.Optional.Segurazo           C:\Program Files (x86)\Digital Communications
PUP.Optional.Walliant           C:\Users\user\AppData\Local\Programs\Walliant
PUP.Optional.Walliant           C:\Users\user\AppData\Local\Walliant
PUP.Optional.Walliant           C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant
Rogue.ForcedExtension           C:\ProgramData\apn

***** [ Files ] *****

PUP.Optional.Legacy             C:\appverifier.txt
PUP.Optional.WinYahoo           C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.FakeChrome         C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINECORE
PUP.Optional.FakeChrome         C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINEUA
PUP.Optional.Legacy             C:\Windows\System32\Tasks\SYSTEM OPTIMIZER SCHEDULE
PUP.Optional.MyPCBackup         C:\Windows\System32\Tasks\LAUNCHPRESIGNUP

***** [ Registry ] *****

PUP.Optional.AdvancedPCCare     HKLM\Software\AppApcVerifier
PUP.Optional.DriverRestore      HKCU\Software\DriverRestore
PUP.Optional.DriverRestore      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
PUP.Optional.DriverRestore      HKLM\Software\DriverRestore
PUP.Optional.DriverRestore      HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
PUP.Optional.FakeChrome         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08BA182-D8B8-4055-9CED-47387356907B} 
PUP.Optional.FakeChrome         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F00801-0FD5-49CD-81B1-F7A8857E5AA3} 
PUP.Optional.FakeChrome         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08BA182-D8B8-4055-9CED-47387356907B} 
PUP.Optional.FakeChrome         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineCore
PUP.Optional.FakeChrome         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineUA
PUP.Optional.FakeChrome         HKLM\Software\Classes\Chromium.OneClickCtrl.9
PUP.Optional.FakeChrome         HKLM\Software\Classes\Chromium.Update3WebControl.3
PUP.Optional.FakeChrome         HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromium
PUP.Optional.FakeChrome         HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromiumm
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Classes\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Classes\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome         HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome         HKLM\System\Setup\FirstBoot\Services\chromium
PUP.Optional.FakeChrome         HKLM\System\Setup\FirstBoot\Services\chromiumm
PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|System Optimizer
PUP.Optional.Legacy             HKCU\Software\ParetoLogic
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA250188-8951-489A-A93B-F3ACE5520023}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Optimizer Schedule
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
PUP.Optional.Legacy             HKLM\Software\GPCWValidatorService
PUP.Optional.Legacy             HKLM\Software\WebBar
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\ParetoLogic
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\System Optimizer_is1
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.MyPCBackup         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} 
PUP.Optional.MyPCBackup         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} 
PUP.Optional.MyPCBackup         HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
PUP.Optional.SAntivirus         HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus         HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus         HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus         HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus         HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus         HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SafeSearch         HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safestsearches.com
PUP.Optional.Segurazo           HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
PUP.Optional.SlimCleanerPlus    HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus    HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
PUP.Optional.Walliant           HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant
PUP.Optional.Walliant           HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Walliant
PUP.Optional.Walliant           HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E72E2194-F430-4F4A-A262-1C8FF081B3A5}_is1
PUP.Optional.WallpaperSuiteHD   HKCU\Software\Classes\CLSID\{F7B8E2CA-97DF-4974-BDF1-3D93EDC93A5E}
PUP.Optional.WinRepairPro       HKCU\Software\win
PUP.Optional.WinZipMalwareProtector HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             Extutil - booedmolknjekdopkepjjeckmjkdpfgl
PUP.Optional.Legacy             Managera - flpcjncodpafbgdpnkljologafpionhb
PUP.Optional.Legacy             ogminpmldncgcmokldnmmapddoccmhfl

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT 
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} 
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243} 
Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} 
Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser 
Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE 
Preinstalled.HPCoolSense   Folder   C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE 
Preinstalled.HPCoolSense   Folder   C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE 
Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7} 
Preinstalled.HPCoolSense   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371} 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\user\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} 
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} 
Preinstalled.WildTangentGamesBundle   File   C:\Users\Public\Desktop\WildTangent Games for HP.lnk 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BEJEWELED 3 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\FARM FRENZY 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\POLAR BOWLER 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\WEDDING DASH 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp 
Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

(this gave me two logs ill send the 2nd in a min)
Sorry for the delay in this log and the next its taking time to do the scans and stuff

 

[Windows Script Host]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 07/08/2021
Scan Time: 16:39
Log File: 9e6b9a22-f795-11eb-b629-1234567890ab.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.43950
Licence: Free

-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: hp\user

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 457932
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 2 hr, 1 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1003, C:\USERS\USER\DESKTOP\MICHAEL PICS\STUFF\KRNLWRD\KRNL.DLL, Delete on Reboot, 1000001, 0, 1.0.43950, 0000000000000000000003EB, dds, 01367344, B00B14D56A6CAF1304136C72F2867B9F, 5B4DAAC49CFC5380882979DFD985137E1D8C7146B9D6FC3B34C8057FE4C394A6

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

Im pretty sure krnlwrld is something my little nephew downloaded. but it didnt solve my windows script host error

 

[Windows Script Host]

I receive this message after startup every single time, I have ran malware bytes several times and the issue has still not been resolved any ideas? ( This is aftermath from me having a virus which I later resolved )
https://gyazo.com/86a833cfdc3ddae661f852e0fe9305c3

Any Ideas on how to resolve this will be greatly appreciated.