DietPepsi Posted August 6, 2021 ID:1473176 Share Posted August 6, 2021 I receive this message after startup every single time, I have ran malware bytes several times and the issue has still not been resolved any ideas? ( This is aftermath from me having a virus which I later resolved )https://gyazo.com/86a833cfdc3ddae661f852e0fe9305c3 Any Ideas on how to resolve this will be greatly appreciated. Link to post Share on other sites More sharing options...
kevinf80 Posted August 6, 2021 ID:1473179 Share Posted August 6, 2021 Hello DietPepsi and welcome to Malwarebytes, Lets grab some logs and see whats going on, continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Open Malwarebytes Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... If our tools do not run because of windows smart screen or your security, consider the following: Disable smart screen if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/ Please remember to enable AV software when we are finished running scans.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473336 Share Posted August 7, 2021 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 07/08/2021 Scan Time: 16:39 Log File: 9e6b9a22-f795-11eb-b629-1234567890ab.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.43950 Licence: Free -System Information- OS: Windows 10 (Build 19042.1110) CPU: x64 File System: NTFS User: hp\user -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 457932 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 2 hr, 1 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Heuristic.1003, C:\USERS\USER\DESKTOP\MICHAEL PICS\STUFF\KRNLWRD\KRNL.DLL, Delete on Reboot, 1000001, 0, 1.0.43950, 0000000000000000000003EB, dds, 01367344, B00B14D56A6CAF1304136C72F2867B9F, 5B4DAAC49CFC5380882979DFD985137E1D8C7146B9D6FC3B34C8057FE4C394A6 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Im pretty sure krnlwrld is something my little nephew downloaded. but it didnt solve my windows script host error Link to post Share on other sites More sharing options...
kevinf80 Posted August 7, 2021 ID:1473338 Share Posted August 7, 2021 Can I see the other logs please... Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473341 Share Posted August 7, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-08-05.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-07-2021 # Duration: 00:02:13 # OS: Windows 10 Home # Scanned: 31992 # Detected: 185 ***** [ Services ] ***** PUP.Optional.FakeChrome chromium PUP.Optional.FakeChrome chromiumm ***** [ Folders ] ***** PUP.Adware.Heuristic C:\ProgramData\565D9CE2000063D7 PUP.Optional.Conduit.A C:\Users\user\AppData\Roaming\RHEng PUP.Optional.DriverRestore C:\Program Files (x86)\DriverRestore PUP.Optional.DriverRestore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore PUP.Optional.FakeChrome C:\Program Files (x86)\Chromium PUP.Optional.Legacy C:\ProgramData\Tencent PUP.Optional.Legacy C:\Users\Public\Documents\Guid PUP.Optional.Legacy C:\Users\user\AppData\Local\Tencent PUP.Optional.Legacy C:\Users\user\AppData\Roaming\Tencent PUP.Optional.RegCurePro C:\Users\user\AppData\Roaming\PARETOLOGIC PUP.Optional.Segurazo C:\Program Files (x86)\Digital Communications PUP.Optional.Walliant C:\Users\user\AppData\Local\Programs\Walliant PUP.Optional.Walliant C:\Users\user\AppData\Local\Walliant PUP.Optional.Walliant C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant Rogue.ForcedExtension C:\ProgramData\apn ***** [ Files ] ***** PUP.Optional.Legacy C:\appverifier.txt PUP.Optional.WinYahoo C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.FakeChrome C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINECORE PUP.Optional.FakeChrome C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINEUA PUP.Optional.Legacy C:\Windows\System32\Tasks\SYSTEM OPTIMIZER SCHEDULE PUP.Optional.MyPCBackup C:\Windows\System32\Tasks\LAUNCHPRESIGNUP ***** [ Registry ] ***** PUP.Optional.AdvancedPCCare HKLM\Software\AppApcVerifier PUP.Optional.DriverRestore HKCU\Software\DriverRestore PUP.Optional.DriverRestore HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe PUP.Optional.DriverRestore HKLM\Software\DriverRestore PUP.Optional.DriverRestore HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe PUP.Optional.FakeChrome HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08BA182-D8B8-4055-9CED-47387356907B} PUP.Optional.FakeChrome HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F00801-0FD5-49CD-81B1-F7A8857E5AA3} PUP.Optional.FakeChrome HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08BA182-D8B8-4055-9CED-47387356907B} PUP.Optional.FakeChrome HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineCore PUP.Optional.FakeChrome HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineUA PUP.Optional.FakeChrome HKLM\Software\Classes\Chromium.OneClickCtrl.9 PUP.Optional.FakeChrome HKLM\Software\Classes\Chromium.Update3WebControl.3 PUP.Optional.FakeChrome HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromium PUP.Optional.FakeChrome HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromiumm PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Classes\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Classes\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10} PUP.Optional.FakeChrome HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} PUP.Optional.FakeChrome HKLM\System\Setup\FirstBoot\Services\chromium PUP.Optional.FakeChrome HKLM\System\Setup\FirstBoot\Services\chromiumm PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater PUP.Optional.InstallCore HKCU\Software\csastats PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|System Optimizer PUP.Optional.Legacy HKCU\Software\ParetoLogic PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA250188-8951-489A-A93B-F3ACE5520023} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Optimizer Schedule PUP.Optional.Legacy HKLM\Software\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} PUP.Optional.Legacy HKLM\Software\GPCWValidatorService PUP.Optional.Legacy HKLM\Software\WebBar PUP.Optional.Legacy HKLM\Software\Wow6432Node\ParetoLogic PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\System Optimizer_is1 PUP.Optional.Legacy HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup PUP.Optional.SAntivirus HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe PUP.Optional.SAntivirus HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe PUP.Optional.SafeSearch HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safestsearches.com PUP.Optional.Segurazo HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com PUP.Optional.SlimCleanerPlus HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com PUP.Optional.Walliant HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant PUP.Optional.Walliant HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Walliant PUP.Optional.Walliant HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E72E2194-F430-4F4A-A262-1C8FF081B3A5}_is1 PUP.Optional.WallpaperSuiteHD HKCU\Software\Classes\CLSID\{F7B8E2CA-97DF-4974-BDF1-3D93EDC93A5E} PUP.Optional.WinRepairPro HKCU\Software\win PUP.Optional.WinZipMalwareProtector HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy Extutil - booedmolknjekdopkepjjeckmjkdpfgl PUP.Optional.Legacy Managera - flpcjncodpafbgdpnkljologafpionhb PUP.Optional.Legacy ogminpmldncgcmokldnmmapddoccmhfl ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243} Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE Preinstalled.HPCoolSense Folder C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE Preinstalled.HPCoolSense Folder C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7} Preinstalled.HPCoolSense Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371} Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D} Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} Preinstalled.HPTouchpointAnalyticsClient Folder C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} Preinstalled.WildTangentGamesBundle File C:\Users\Public\Desktop\WildTangent Games for HP.lnk Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BEJEWELED 3 Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2 Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\FARM FRENZY Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3 Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\POLAR BOWLER Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\WEDDING DASH Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32 Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## (this gave me two logs ill send the 2nd in a min) Sorry for the delay in this log and the next its taking time to do the scans and stuff Link to post Share on other sites More sharing options...
kevinf80 Posted August 7, 2021 ID:1473343 Share Posted August 7, 2021 Did you run the "Clean" option with AdwCleaner...? Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473344 Share Posted August 7, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-08-05.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-07-2021 # Duration: 00:02:19 # OS: Windows 10 Home # Cleaned: 185 # Failed: 0 ***** [ Services ] ***** Deleted chromium Deleted chromiumm ***** [ Folders ] ***** Deleted C:\Program Files (x86)\Chromium Deleted C:\Program Files (x86)\Digital Communications Deleted C:\Program Files (x86)\DriverRestore Deleted C:\ProgramData\565D9CE2000063D7 Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore Deleted C:\ProgramData\Tencent Deleted C:\ProgramData\apn Deleted C:\Users\Public\Documents\Guid Deleted C:\Users\user\AppData\Local\Programs\Walliant Deleted C:\Users\user\AppData\Local\Tencent Deleted C:\Users\user\AppData\Local\Walliant Deleted C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walliant Deleted C:\Users\user\AppData\Roaming\PARETOLOGIC Deleted C:\Users\user\AppData\Roaming\RHEng Deleted C:\Users\user\AppData\Roaming\Tencent ***** [ Files ] ***** Deleted C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk Deleted C:\appverifier.txt ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINECORE Deleted C:\Windows\System32\Tasks\CHROMIUMUPDATETASKMACHINEUA Deleted C:\Windows\System32\Tasks\LAUNCHPRESIGNUP Deleted C:\Windows\System32\Tasks\SYSTEM OPTIMIZER SCHEDULE ***** [ Registry ] ***** Deleted HKCU\Software\Classes\CLSID\{F7B8E2CA-97DF-4974-BDF1-3D93EDC93A5E} Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com Deleted HKCU\Software\DriverRestore Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safestsearches.com Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|System Optimizer Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Walliant Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E72E2194-F430-4F4A-A262-1C8FF081B3A5}_is1 Deleted HKCU\Software\ParetoLogic Deleted HKCU\Software\csastats Deleted HKCU\Software\win Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08BA182-D8B8-4055-9CED-47387356907B} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F00801-0FD5-49CD-81B1-F7A8857E5AA3} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08BA182-D8B8-4055-9CED-47387356907B} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F37AE3-6584-4D34-BBAE-27E9387F7A8F} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA250188-8951-489A-A93B-F3ACE5520023} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineCore Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskMachineUA Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Optimizer Schedule Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe Deleted HKLM\Software\AppApcVerifier Deleted HKLM\Software\Classes\Chromium.OneClickCtrl.9 Deleted HKLM\Software\Classes\Chromium.Update3WebControl.3 Deleted HKLM\Software\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Deleted HKLM\Software\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} Deleted HKLM\Software\DriverRestore Deleted HKLM\Software\GPCWValidatorService Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromium Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\chromiumm Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater Deleted HKLM\Software\WebBar Deleted HKLM\Software\Wow6432Node\ParetoLogic Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84} Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\System Optimizer_is1 Deleted HKLM\Software\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector Deleted HKLM\System\Setup\FirstBoot\Services\chromium Deleted HKLM\System\Setup\FirstBoot\Services\chromiumm ***** [ Chromium (and derivatives) ] ***** Deleted Extutil - booedmolknjekdopkepjjeckmjkdpfgl Deleted Managera - flpcjncodpafbgdpnkljologafpionhb Deleted ogminpmldncgcmokldnmmapddoccmhfl ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243} Deleted Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} Deleted Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser Deleted Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE Deleted Preinstalled.HPCoolSense Folder C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE Deleted Preinstalled.HPCoolSense Folder C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE Deleted Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7} Deleted Preinstalled.HPCoolSense Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371} Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D} Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE Deleted Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} Deleted Preinstalled.WildTangentGamesBundle File C:\Users\Public\Desktop\WildTangent Games for HP.lnk Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BEJEWELED 3 Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2 Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\FARM FRENZY Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3 Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\POLAR BOWLER Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\WEDDING DASH Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32 Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [23970 octets] - [07/08/2021 18:54:44] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Sorry yes I did it takes 66 seconds for me to reply currently doing the fabar thing Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473350 Share Posted August 7, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2021 Ran by user (administrator) on HP (Hewlett-Packard HP Pavilion 15 Notebook PC) (07-08-2021 19:24:28) Running from C:\Users\user\Desktop\michael pics\Stuff Loaded Profiles: user Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <40> (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\user\Desktop\michael pics\Stuff\adwcleaner_8.3.0.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2> (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (OOO "XMAC" -> ) C:\Users\user\AppData\Roaming\Honeygain\Honeygain.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TomTom International BV -> TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2016-01-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [Samsung Link] => C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-11-06] (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare software CO., LIMITED -> Wondershare) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8107808 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-02-27] (Hammer & Chisel Inc. -> Hammer & Chisel, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp. -> CyberLink Corp.) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom International BV -> TomTom) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2146536 2019-04-26] (TomTom International BV -> TomTom) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Chromium] => "c:\users\user\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [GoogleChromeAutoLaunch_A008D3C4AC1F70CC0223825A47FA7BBC] => "C:\Users\user\AppData\Local\Chromium\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [ApowerREC] => C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe [6849688 2018-03-19] (Apowersoft Ltd -> Apowersoft) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3143456 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-webgl-draft-extensions --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-swit (the data entry has 93 more characters). HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\MountPoints2: {8c830bde-5762-11e3-825a-806e6f6e6963} - "E:\MATHSWATCH_Higher_GCSE.exe" HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard) HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-02] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed] IFEO\cliconfg.exe: [VerifierDlls] Hibiki.dll Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HoneygainUpdater.lnk [2021-07-11] ShortcutTarget: HoneygainUpdater.lnk -> C:\Users\user\AppData\Roaming\Honeygain\HoneygainUpdater.exe (OOO "XMAC" -> Honeygain) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-07-19] Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0417F788-24DC-4C42-8999-F13AF840BD78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-07-11] (HP Inc. -> HP Inc.) Task: {088284E0-6029-489D-8F17-CE21FC700394} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {196EE173-2898-4D1C-B9E6-4DA7A0D378B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {19DF3D5C-6A4F-47E3-8AD5-33EFB90D69BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080840 2021-07-09] (Microsoft Corporation -> Microsoft Corporation) Task: {1DC3F545-66B0-4DBF-9A1C-C81D5CC53384} - System32\Tasks\{1D5A3542-B0A2-F328-0DAB-79B3A4E0611C} => C:\Users\user\AppData\Roaming\{89A3B~1\sync.exe <==== ATTENTION Task: {2299A60C-AB75-4865-90FF-FE24F174FEA5} - System32\Tasks\{C1713337-AC7F-4119-A2C7-32EF30833F0B} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.24.85.104/en/abandoninstall?page=tsMain Task: {2B81CC93-682D-440C-8C7A-A95FAAF22BDA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2ECBC730-BB1F-402E-9554-3E072DD39CD5} - \WPD\SqmUpload_S-1-5-21-3730886342-3199546216-3749763402-1002 -> No File <==== ATTENTION Task: {34DE571F-76E4-4A09-9A9D-873820745798} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.) Task: {350C2AD4-E6A5-42FE-8E52-9628445C7D81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-11] (HP Inc. -> HP Inc.) Task: {35119534-2F54-4B25-B276-1F67B36C9071} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004288 2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {38B7A1C2-F1C6-4E58-BC68-95BECCF82FAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe Task: {3F816665-46F3-4A86-822D-F255BD0D4A08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {4D25B394-D633-4547-8D85-FB4BD047258D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.) Task: {515B449A-CA89-4076-A248-90217928D08B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-11] (HP Inc. -> HP Inc.) Task: {56D20262-4E3E-468E-B725-A0CB00CE3A99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {5E05C966-8FC1-4E48-98EE-7B0A2403EC7C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {70B68A9F-3552-4329-BF41-50F5D480AE4E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1133992 2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Task: {72F313D0-A65A-4A98-92EF-17B64430DA1C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {76508265-E797-4139-AEF2-6DC176A5A587} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => Powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\user\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - \Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION Task: {79CF1008-D3A2-41CA-AAE3-BDCB304ADB6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7D474644-6180-4486-8EE5-1543B533F6D3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe Task: {8080DE17-3E92-4E3B-86CD-1AF45C0B50C6} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.) Task: {84B3A5EF-354E-4E64-9FE8-AD1B9A53718F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe Task: {867554DF-EBF7-4F58-96FF-0AEB6F39E710} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {87F2CB05-551D-48BE-8725-B2A74017FCC1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) Task: {90468EEB-39F0-4976-A3E5-17C09A490D6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9D207C5B-FD46-48E4-806D-DCFCBEB765FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9FD680C9-11B9-4DE8-8492-7602954D90DE} - System32\Tasks\HP AR Program Upload - 4f13de676bd141808dccf0dfde9a9010286b737e412f49999cdaa401be233ba4 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [3495432 2014-03-06] (Hewlett Packard -> TODO: <Company name>) Task: {A22492F7-A600-43DB-B29D-1C708860CE84} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A2E63CA8-1E1F-43C6-A75F-E51BDF86F5CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN51F2N0VZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {A3210879-8B3C-4C79-99A0-1B4F47A2E07B} - System32\Tasks\{B4F7C4E4-8DD1-42C7-9641-014E7D4855F4} => C:\Windows\system32\pcalua.exe -a E:\BBCAuto.exe -d E:\ Task: {AC24B4CA-F500-4DC4-8828-FE638C6707D3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B1F1BBBA-94B9-455F-B061-79FD8CD72252} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.) Task: {B3EF1FAD-D6F7-46E0-B826-F8177EC94AB9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4179040 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated) Task: {B802A6EC-3770-4452-9531-5C2E113B1D90} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BAC79537-622F-4A65-8CEC-9F2660A93687} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BB70E9DC-AF11-47A2-AE13-BE5462F338ED} - System32\Tasks\AdobeAAMUpdater-1.0-hp-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {C0E946C3-9BF7-4DA3-8710-1B44E6DC8F33} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C2381E0B-2803-466A-B7F0-519745389D25} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080840 2021-07-09] (Microsoft Corporation -> Microsoft Corporation) Task: {C2E08705-DFDC-4302-BFC0-3295E3E8D80D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-04] (Google Inc -> Google Inc.) Task: {C799019A-D8BF-4C28-8D3C-33CBD9C3D1ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-01-04] (Google Inc -> Google Inc.) Task: {C875B34A-E972-447C-908C-2F3263A23909} - System32\Tasks\Norton Remove and Reinstall\Norton Remove and Reinstall => C:\ProgramData\Norton\Temp\RnR_{C6B0E407-D655-4500-8E09-EB654238C328}\NRnR.exe <==== ATTENTION Task: {CA7831C3-DBCE-43F6-A108-11D605F3CD32} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D0EAC042-C908-4603-8E47-A707148FBB49} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Task: {D80A902A-6D3E-48B0-A4F4-C8C7AB504E39} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.) Task: {E05E8025-A7E6-4F77-9E05-2B8EDE150FA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4004288 2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Task: {E4AD7C1F-F76F-4AE6-9E14-4B4CCFA831AB} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3730886342-3199546216-3749763402-1002 -> No File <==== ATTENTION Task: {E96D555F-42B6-4119-82AD-E4F2056C96C0} - System32\Tasks\nCxuQEILlB => C:\nCxuQEILlBnCxuQEILlB\nCxuQEILlB.vbs <==== ATTENTION Task: {EB1E8F8B-BD27-4531-B85A-9A6BF3A8710E} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.) Task: {EE93BCD7-2F4E-4E41-A456-46561D5D53EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {FB047D18-8616-4495-A5D4-B31907225DD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {FCBC9BBE-D68F-4B39-89D3-CEE4E520BBA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FD3AA1D8-175C-40C0-A825-CBEF65BDFC3D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {FE8E7159-AA17-49B2-A40F-84333F063123} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\{1D5A3542-B0A2-F328-0DAB-79B3A4E0611C}.job => C:\Users\user\AppData\Roaming\{89A3B~1\sync.exe <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{243dbf65-0a76-443e-a640-791eba212f1c}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4510e702-6826-4ae7-ad1c-6629adc0da21}: [DhcpNameServer] 192.168.0.1 Edge: ======= DownloadDir: C:\Users\user\Downloads Edge HomeButtonPage: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> hxxp://www.google.com Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-07] Edge DownloadDir: Default -> C:\Users\user\Desktop\michael pics\Stuff Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats} FireFox: ======== FF DefaultProfile: kivztw4y.default FF ProfilePath: C:\Users\user\AppData\Roaming\TomTom\HOME\Profiles\97kb9q8x.default [2015-05-24] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-05-24] [Legacy] [not signed] FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kivztw4y.default [2020-06-25] FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ken7jfzv.default-release [2021-07-11] FF Homepage: Mozilla\Firefox\Profiles\ken7jfzv.default-release -> hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620¶m1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2B%2FsEw%2FaK8xVqZw2nMcBYYH0A5zhayWn05xfnwcAmf2nxTDXxE01ATt5uGkoZ%2Bv1RDN8n6XAt0nKdPgvwsYKk5y%2BIrb%2FOk1YrlC5BkadP7mziqWB2exQh6%2B1RM1541iAvhgida0BnLmxbh9X%2FLWSF7G8U9i1ciqaatyrc1kJNH5jLHS3PelDpypgzoUNIQk2CYGItK4CsbhViCn4D%2BPdw%2FnVN4aRzSmAlUjfHxtlMvIWpBvvcBotOBNukgyzpYVqSbgNPDKd3DUBQ0StQOTFATqOmqx7AFqO3MDMoyPIw%2F3AT6Y0DmYpeQ%2B8TtJL9KbPVz%2B2uKXY6C0l4SEPBg93FkAw%3D%3D FF NewTab: Mozilla\Firefox\Profiles\ken7jfzv.default-release -> hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620¶m1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2B%2FsEw%2FaK8xVqZw2nMcBYYH0A5zhayWn05xfnwcAmf2nxTDXxE01ATt5uGkoZ%2Bv1RDN8n6XAt0nKdPgvwsYKk5y%2BIrb%2FOk1YrlC5BkadP7mziqWB2exQh6%2B1RM1541iAvhgida0BnLmxbh9X%2FLWSF7G8U9i1ciqaatyrc1kJNH5jLHS3PelDpypgzoUNIQk2CYGItK4CsbhViCn4D%2BPdw%2FnVN4aRzSmAlUjfHxtlMvIWpBvvcBotOBNukgyzpYVqSbgNPDKd3DUBQ0StQOTFATqOmqx7AFqO3MDMoyPIw%2F3AT6Y0DmYpeQ%2B8TtJL9KbPVz%2B2uKXY6C0l4SEPBg93FkAw%3D%3D FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ken7jfzv.default-release\searchplugins\Yahoo powered search.xml [2020-07-03] FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [No File] FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems) FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-19] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Microsoft Corporation -> Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3730886342-3199546216-3749763402-1002: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Microsoft Corporation -> Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-08-07] CHR DownloadDir: C:\Users\user\Desktop\michael pics\Stuff CHR Notifications: Default -> hxxps://aternos.org; hxxps://bloxawards.com; hxxps://ezrobux.gg; hxxps://meet.google.com CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxps://www.google.co.uk/" CHR NewTab: Default -> Not-active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html" CHR Extension: (Skype Calling) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-06-19] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Honey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-07-23] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Roblox Stats) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclphmdapapdejhlefddandngjhdkonb [2020-09-12] CHR Extension: (Music Search for Chrome™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaabmejfmdeoaabmealmmbjdjaojakka [2021-01-11] CHR Extension: (Microsoft Rewards) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2021-08-06] CHR Extension: (EditThisCookie) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2020-11-25] CHR Extension: (Norton Home Page for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2020-08-26] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30] CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-23] CHR Extension: (BTRoblox - Making Roblox Better) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkpclpemjeibhioopcebchdmohaieln [2021-08-04] CHR Extension: (Norton Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2020-08-26] CHR Extension: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-07-30] CHR Extension: (Roblox+) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2021-02-07] CHR Extension: (Roblox Friend Removal Button) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgllchbkhjeiaombmpkapalbmpolmelp [2021-05-19] CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-29] CHR Extension: (Discord Screen Sharing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbhdgefieegnkbopmgklhlpjjdgmbog [2018-02-24] CHR Extension: (TubeBuddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-08-04] CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2021-06-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2021-08-04] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27] CHR Extension: (AutoDraw for skribbl.io) - C:\Users\user\Desktop\michael pics\TerrariaStuff [2020-12-08] CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-12] CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] CHR HKLM\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb] CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] CHR HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] CHR HKLM-x32\...\Chrome\Extension: [jbjgkhmocaaicjdbafhgoncfbopkfcng] CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung Electronics CO., LTD. -> Samsung) [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8689024 2021-06-04] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-27] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.) S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-08-26] (Mixbyte Inc -> Freemake) S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.) R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [734760 2021-07-11] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [733224 2021-07-11] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [733216 2021-07-11] (HP Inc. -> HP Inc.) R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [733760 2021-07-11] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation -> Microsoft Corporation) S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-07] (Malwarebytes Inc -> Malwarebytes) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2519864 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3473216 2020-09-09] (Electronic Arts, Inc. -> Electronic Arts) S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-13] (Microsoft Corporation) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X] S2 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-01-07] (eSupport.com, Inc -> Phoenix Technologies) R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-11-12] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows (R) Codename Longhorn DDK provider) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-07] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-07] (Malwarebytes Inc -> Malwarebytes) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-07 19:23 - 2021-08-07 19:28 - 000000000 ____D C:\FRST 2021-08-07 19:05 - 2021-08-07 19:05 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-08-07 18:52 - 2021-08-07 18:58 - 000000000 ____D C:\AdwCleaner 2021-08-07 16:37 - 2021-08-07 16:37 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-08-07 16:37 - 2021-08-07 16:37 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-08-07 16:36 - 2021-08-07 16:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-08-07 16:36 - 2021-08-07 16:35 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-08-07 16:36 - 2021-08-07 16:35 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-08-07 16:35 - 2021-08-07 16:35 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-08-07 16:34 - 2021-08-07 16:34 - 000000000 ____D C:\Program Files\Malwarebytes 2021-08-06 22:31 - 2021-08-07 00:01 - 000000000 ____D C:\Users\user\Documents\Medal 2021-08-06 22:31 - 2021-08-06 22:31 - 000000000 ____D C:\Users\user\AppData\Local\Ferox_Games_B.V 2021-08-06 22:24 - 2021-08-06 22:25 - 000002193 _____ C:\Users\user\Desktop\Medal.lnk 2021-08-06 22:24 - 2021-08-06 22:25 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medal B.V 2021-08-06 22:23 - 2021-08-07 15:18 - 000000000 ____D C:\Users\user\AppData\Roaming\Medal 2021-08-06 22:23 - 2021-08-06 22:27 - 000000000 ____D C:\Users\user\AppData\Local\Medal 2021-08-06 18:31 - 2021-08-06 18:31 - 000000000 ____D C:\Users\user\AppData\Roaming\com.moonsworth.client.javafx.MicrosoftAuthApp 2021-08-06 18:16 - 2021-08-07 14:04 - 000000000 ____D C:\Users\user\AppData\Roaming\lunarclient 2021-08-06 18:16 - 2021-08-06 18:21 - 000000000 ____D C:\Users\user\.lunarclient 2021-08-06 18:16 - 2021-08-06 18:16 - 000002352 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lunar Client.lnk 2021-08-06 18:16 - 2021-08-06 18:16 - 000002344 _____ C:\Users\user\Desktop\Lunar Client.lnk 2021-08-06 18:16 - 2021-08-06 18:16 - 000000000 ____D C:\Users\user\AppData\Local\lunarclient-updater 2021-07-26 01:00 - 2021-07-26 01:00 - 000000000 ____D C:\Users\user\AppData\Local\VALORANT 2021-07-26 00:58 - 2021-07-26 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-07-26 00:34 - 2021-08-06 23:53 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2021-07-25 23:31 - 2021-08-06 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-07-25 23:31 - 2021-07-25 23:31 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-07-25 23:24 - 2021-07-26 00:58 - 000000000 ____D C:\Users\user\AppData\Local\Riot Games 2021-07-19 00:34 - 2016-03-02 20:21 - 008404354 _____ C:\Users\user\Desktop\PageTemplate.psd 2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-07-17 15:58 - 2021-07-17 15:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-07-17 15:58 - 2021-07-17 15:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-07-14 11:34 - 2021-07-14 11:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-07-14 11:34 - 2021-07-14 11:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-07-14 11:34 - 2021-07-14 11:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-07-14 11:34 - 2021-07-14 11:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-07-14 11:33 - 2021-07-14 11:33 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-07-14 11:33 - 2021-07-14 11:33 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-07-11 17:28 - 2021-07-11 17:33 - 000000000 ____D C:\Users\user\AppData\Roaming\Honeygain 2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Honeygain 2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Local\IsolatedStorage 2021-07-11 17:28 - 2021-07-11 17:28 - 000000000 ____D C:\Users\user\AppData\Local\Honeygain 2021-07-11 17:24 - 2021-07-11 17:24 - 000000000 ____D C:\Users\user\AppData\Local\AdvinstAnalytics ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-07 19:31 - 2014-07-09 22:52 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-07 19:18 - 2014-06-01 11:35 - 000000000 ____D C:\Users\user\Documents\Youcam 2021-08-07 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-07 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-07 19:04 - 2021-04-18 15:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-07 19:04 - 2021-04-18 14:03 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-07 19:04 - 2021-04-18 14:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-07 19:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-08-07 18:59 - 2021-04-18 15:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2021-08-07 18:59 - 2015-11-27 19:28 - 000000000 ____D C:\ProgramData\HP 2021-08-07 18:59 - 2014-06-01 11:38 - 000000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard 2021-08-07 18:59 - 2014-06-01 11:37 - 000000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard 2021-08-07 18:59 - 2013-11-27 12:32 - 000000000 ____D C:\Program Files (x86)\CyberLink 2021-08-07 18:59 - 2013-10-17 21:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2021-08-07 18:59 - 2013-10-17 20:30 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2021-08-07 18:58 - 2015-11-27 19:31 - 000000000 ____D C:\Program Files\HP 2021-08-07 17:57 - 2014-08-26 20:59 - 000000000 ____D C:\Users\user\AppData\Roaming\.minecraft 2021-08-07 16:36 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-08-07 15:17 - 2017-09-07 16:34 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps 2021-08-07 14:08 - 2020-05-24 14:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-07 14:08 - 2020-05-24 14:43 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-08-07 14:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-07 14:01 - 2021-04-18 15:19 - 000004140 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{61A2183A-3EE0-483A-B9B8-736FCAE6D452} 2021-08-07 13:59 - 2018-06-15 17:39 - 000000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi 2021-08-07 01:27 - 2021-01-12 16:29 - 000000000 ____D C:\Users\user\AppData\Roaming\Badlion Client 2021-08-06 23:53 - 2017-07-15 20:22 - 000000000 ____D C:\Riot Games 2021-08-06 22:24 - 2017-01-21 15:15 - 000000000 ____D C:\Users\user\AppData\Local\SquirrelTemp 2021-08-06 00:13 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-08-06 00:12 - 2015-12-05 14:53 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-08-06 00:11 - 2017-01-21 15:16 - 000000000 ____D C:\Users\user\AppData\Roaming\discord 2021-08-05 23:54 - 2019-02-18 22:14 - 000000000 ____D C:\Users\user\AppData\Local\Discord 2021-08-05 01:26 - 2021-04-18 15:19 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-05 01:26 - 2021-04-18 15:19 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-04 13:37 - 2018-06-15 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-08-03 18:12 - 2021-04-18 15:19 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3730886342-3199546216-3749763402-1002 2021-08-03 18:12 - 2021-04-18 14:15 - 000002387 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-03 18:12 - 2015-12-05 15:22 - 000000000 ___RD C:\Users\user\OneDrive 2021-08-03 02:49 - 2021-01-12 16:30 - 000000000 ____D C:\ProgramData\BadlionClient 2021-08-03 00:49 - 2018-01-26 18:10 - 000001431 _____ C:\Users\user\Desktop\Roblox Player.lnk 2021-08-03 00:49 - 2018-01-26 18:08 - 000001254 _____ C:\Users\user\Desktop\Roblox Studio.lnk 2021-08-03 00:49 - 2018-01-26 18:08 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2021-08-03 00:47 - 2021-01-29 20:52 - 000000000 ____D C:\Users\user\AppData\Local\osu! 2021-08-02 21:27 - 2014-07-09 22:53 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-02 21:27 - 2014-07-09 22:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-08-02 15:13 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-02 15:09 - 2021-04-26 11:14 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73457377619a7 2021-08-02 15:09 - 2021-04-18 15:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-07-30 03:59 - 2019-03-14 23:46 - 000000000 ____D C:\Users\user\AppData\LocalLow\Adobe 2021-07-26 16:06 - 2017-07-15 20:24 - 000000000 ____D C:\ProgramData\Riot Games 2021-07-26 01:01 - 2018-03-28 21:36 - 000000000 ____D C:\Users\user\AppData\Local\UnrealEngine 2021-07-26 01:00 - 2016-04-27 08:31 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-07-25 18:10 - 2021-01-12 16:29 - 000000000 ____D C:\Program Files\Badlion Client 2021-07-23 14:41 - 2019-10-21 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-07-23 14:40 - 2013-10-17 21:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-07-21 02:05 - 2017-02-18 00:00 - 000000000 ___RD C:\Users\user\Desktop\michael pics 2021-07-15 22:16 - 2015-09-24 23:21 - 000000000 ____D C:\Users\user\Desktop\UTC 2021-07-15 10:58 - 2021-04-18 14:35 - 000934962 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-07-15 02:45 - 2021-04-18 14:03 - 000550872 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-07-15 02:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-15 02:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-07-14 11:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-07-14 10:34 - 2014-07-10 19:25 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-07-14 10:17 - 2014-07-10 19:25 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-07-11 16:47 - 2021-06-29 16:41 - 000000000 ____D C:\Users\user\AppData\Local\HP_Inc 2021-07-08 00:43 - 2016-04-27 08:31 - 000000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2021-07-08 00:43 - 2016-04-27 08:31 - 000000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-07-08 00:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-07-08 00:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning ==================== Files in the root of some directories ======== 2014-07-10 19:22 - 2014-07-10 19:22 - 027093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2020-05-05 02:37 - 2020-05-05 02:37 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat 2015-06-06 18:17 - 2015-08-02 20:00 - 000000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin 2020-05-10 16:11 - 2020-05-10 16:11 - 000000000 _____ () C:\Users\user\AppData\Roaming\Discord.xml 2015-03-05 19:54 - 2015-03-05 22:29 - 000042333 _____ () C:\Users\user\AppData\Roaming\DreamPlan.dmp 2017-03-18 16:55 - 2018-10-31 20:59 - 000213925 _____ () C:\Users\user\AppData\Roaming\PDNDwarvesPUFD.dat 2016-12-02 02:37 - 2016-12-02 02:37 - 002770453 _____ () C:\Users\user\AppData\Roaming\sb562.dat 2020-06-11 21:20 - 2020-06-11 21:20 - 000000054 _____ () C:\Users\user\AppData\Roaming\updater.cfg 2015-03-06 00:59 - 2017-07-22 20:21 - 000000538 _____ () C:\Users\user\AppData\Roaming\WB.CFG 2017-03-10 20:55 - 2017-03-11 11:42 - 016961221 _____ () C:\Users\user\AppData\Roaming\Win7-KB3134760-x86.msu 2020-10-05 22:17 - 2020-10-05 22:17 - 000592322 _____ () C:\Users\user\AppData\Local\ars.cache 2017-05-13 12:45 - 2018-01-01 16:42 - 000000003 _____ () C:\Users\user\AppData\Local\Autosofted License Mouse.txt 2017-05-12 16:55 - 2020-07-26 21:32 - 000000003 _____ () C:\Users\user\AppData\Local\Autosofted License.txt 2020-10-05 17:27 - 2020-10-05 17:27 - 000000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache 2018-09-28 18:14 - 2020-07-19 20:05 - 000009430 _____ () C:\Users\user\AppData\Local\oobelibMkey.log 2020-11-16 00:09 - 2020-11-16 00:09 - 000001190 _____ () C:\Users\user\AppData\Local\recently-used.xbel 2020-10-05 17:41 - 2020-10-05 17:41 - 000000010 _____ () C:\Users\user\AppData\Local\sponge.last.runtime.cache ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2021 Ran by user (07-08-2021 19:38:27) Running from C:\Users\user\Desktop\michael pics\Stuff Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-18 14:25:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3730886342-3199546216-3749763402-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3730886342-3199546216-3749763402-503 - Limited - Disabled) Guest (S-1-5-21-3730886342-3199546216-3749763402-501 - Limited - Disabled) user (S-1-5-21-3730886342-3199546216-3749763402-1002 - Administrator - Enabled) => C:\Users\user WDAGUtilityAccount (S-1-5-21-3730886342-3199546216-3749763402-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Security (Disabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe) Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated) Adobe Illustrator CC 2018 (32 Bit) (HKLM-x32\...\ILST_22_0_1_32) (Version: 22.0.1 - Adobe Systems Incorporated) Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_1) (Version: 22.0.1 - Adobe Systems Incorporated) Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated) Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.) Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_1) (Version: 13.1.1 - Adobe Systems Incorporated) Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_2) (Version: 13.1.2 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung) AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) ApowerREC V1.0.8 (HKLM-x32\...\{6F2998B2-21F7-4CEF-94B2-C3919D939CF9}_is1) (Version: 1.0.8 - Apowersoft LIMITED) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Verifier x64 External Package (HKLM\...\{01C2C51F-B0CF-BB5E-A010-E927D44F7720}) (Version: 10.1.15063.137 - Microsoft) Hidden ArenaPLAY (HKLM-x32\...\{4DB874CC-6C35-4198-9887-E9239BECD9E0}_is1) (Version: 0.3.0 - ArenaBG.com) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Auto Presser 2.1.0.6 (HKLM-x32\...\{F8F36686-A16E-447D-B185-6022BAC49028}_is1) (Version: - Ever-Soft.com, Inc.) AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos) Badlion Client (HKLM\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.3.0 - Badlion) BCC 8 OFX 64Bit (HKLM\...\{24D38864-527F-4688-B831-A1A4CC60CD54}) (Version: 8.0.1 - Boris FX, Inc.) Blackmagic RAW Common Components (HKLM\...\{B5ABFF44-9702-4CA1-A7D8-DBA659709C49}) (Version: 1.7 - Blackmagic Design) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Buildbox version 3.1.3 (HKLM-x32\...\{00BB419C-26D4-415A-BB41-727F9CF4BF02}_is1) (Version: 3.1.3 - 8cell, Inc.) Capture One 21 (HKLM\...\Capture One 21_is1) (Version: 14.1.1.24 - Capture One A/S) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Discord (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Discord) (Version: 0.0.309 - Discord Inc.) Discord Bot GUI (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Discord Bot GUI) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 127.4.4265 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 - Dropbox, Inc.) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - ) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Growtopia (remove only) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Growtopia) (Version: - ) Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Honeygain (HKLM-x32\...\{C1922E93-B15E-460D-9C01-53E71109C2C6}) (Version: 0.10.2.0 - Honeygain) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd) HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard) HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard) HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden Infinity (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Infinity) (Version: 3.0.39 - WeMod) Inkscape 0.92.5 (HKLM-x32\...\Inkscape) (Version: 0.92.5 - Inkscape Project) Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_10.0.26.0396) (Version: 10.0.26.0396 - Intel Corporation) Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{4BAB7070-1D73-11E6-8844-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): Core: Calibration (HKLM-x32\...\{676C639E-1D73-11E6-BF2F-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): User Segmentation (HKLM-x32\...\{51040000-1D73-11E6-A45D-2C44FD873B55}) (Version: 10.0.26.396 - Intel Corporation) Hidden Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation) Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation) Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Lunar Client (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.7.4 - Moonsworth, LLC) Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software) Magic Bullet Suite 64-bit (HKLM\...\{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Hidden Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software) Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes) Medal (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Medal) (Version: 4.1000.0 - Medal B.V.) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13801.20808 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13801.20808 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\Teams) (Version: 1.3.00.24755 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang) Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Node.js (HKLM\...\{2909C9DF-9236-4733-8CE5-0BAFCFD78DBB}) (Version: 11.10.0 - Node.js Foundation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.5 - Notepad++ Team) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20808 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden Open MovieBox Version:1.10 (HKLM-x32\...\{A27E3C36-0820-4B43-91F4-84E4DF85F2DF}_is1) (Version: - OpenCloner Inc.) OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) OpenShot Video Editor (HKLM-x32\...\{C55769E7-0B81-4E22-B5CE-805506E6B6B2}) (Version: 2.0.7 - OpenShot Studios, LLC) Origin (HKLM-x32\...\Origin) (Version: 10.5.84.43868 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{0b1d0c56-c436-479c-867e-8ae1ace57390}) (Version: latest - ppy Pty Ltd) paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC) PhotoFilmStrip 1.4.1 (HKLM-x32\...\PhotoFilmStrip_is1) (Version: 1.4.1 - Jens Göpfert) Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony) Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) PS4 Remote Play (HKLM-x32\...\{33B152D3-82A4-4318-9154-2B92E61A9300}) (Version: 2.5.0.09220 - Sony Interactive Entertainment Inc.) Python 3.6.5 (32-bit) (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation) Python 3.6.5 Add to Path (32-bit) (HKLM-x32\...\{1D3BE06D-5E44-48FF-8D61-B744808EBE46}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation) QuEeNCoupon (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "") QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) ReMouse Micro (HKLM-x32\...\ReMouse Micro_is1) (Version: Micro V4.0 - AutomaticSolution Software) Roblox Player for user (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\roblox-player) (Version: - Roblox Corporation) Roblox Studio for user (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\roblox-studio) (Version: - Roblox Corporation) Samsung Link 2.0.0.1411061504 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1411061504 - Copyright 2013 SAMSUNG) Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamlabs OBS 1.0.7 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.0.7 - General Workings, Inc.) StreamWarrior (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StreamWarrior) (Version: - ) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated) Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation) TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TomTom MyDrive Connect 4.2.5.3770 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.5.3770 - TomTom) TT server maker (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\40497d67f7197274) (Version: 1.3.5.0 - TThread) TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Unity (HKLM-x32\...\Unity) (Version: 5.6.0f3 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal Minecraft Editor version 1.7.0 (HKLM-x32\...\{86633C3D-27BE-425D-993B-8917FE5EAD7E}_is1) (Version: 1.7.0 - oPryzeLP) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS) Video Watermark Maker 1.2 (HKLM-x32\...\Video Watermark Maker_is1) (Version: 1.2 - SoftOrbits) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{357D0CD4-8B72-8D65-7015-81DFB2BF9150}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E2F78B92-04DE-5350-14C0-7C281BF87D9E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{81A0EC8C-9462-BC98-0E5C-301DD7A46792}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D089A695-49F0-D3B2-0EBF-2BBC33A05CD6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden XMedia Recode 64bit version 3.4.8.7 (HKLM\...\{D31E6E69-4C6A-42CC-926F-CC7B186864EB}_is1) (Version: 3.4.8.7 - XMedia Recode 64bit) Zoom (HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-27] (Autodesk Inc.) Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-12] (Box, Inc.) Caesars Slots -> C:\Program Files\WindowsApps\Playtika.CaesarsSlotsFreeCasino_4.29.0.0_x64__7vjeg68vnncd2 [2021-08-06] (Playtika Holdings Corp) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.198.300.0_x86__kgqvnymyfvs32 [2021-07-23] (king.com) eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc) Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company) HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-28] (Hewlett-Packard Company) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.536.0_x64__v10z8vjag6ke6 [2021-07-11] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad] MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad] Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2018-08-24] (For Better Digital Life - 1st Famous Tool Provider) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-05-04] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-02] (Microsoft Corporation) Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.488.34102.0_x86__55nm5eh3cm0pr [2021-08-01] (ROBLOX Corporation) Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-13] (Snapfish) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.) Wonder Reader -> C:\Program Files\WindowsApps\65417WebmasterWonder.WonderReader_1.1.0.0_x86__4dkw7tcfzkxdj [2017-07-31] (Webmaster Wonder) Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2014-11-27] (Microsoft Corporation) [MS Ad] YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-07-26] (CYBERLINKCOM CORP) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\user\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated) CustomCLSID: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> ) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-07] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-07] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\user\Desktop\ChessPuzzle.net.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eobmdnldcknhdkeolfabienlnkmkfngn ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\ChessPuzzle.net.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eobmdnldcknhdkeolfabienlnkmkfngn ==================== Loaded Modules (Whitelisted) ============= 2016-04-01 16:50 - 2014-05-19 17:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2016-04-01 16:50 - 2014-09-11 18:09 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2018-10-15 11:01 - 2018-10-15 11:01 - 000013312 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\libEGL.DLL 2018-10-15 11:01 - 2018-10-15 11:01 - 001950720 _____ () [File not signed] C:\Program Files (x86)\MyDrive Connect\libGLESv2.dll 2013-09-25 07:48 - 2013-09-25 07:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-10-14 11:25 - 2013-10-14 11:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 11:24 - 2013-10-14 11:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 11:22 - 2013-10-14 11:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-25 20:49 - 2013-10-25 20:49 - 000028160 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll 2013-10-24 17:53 - 2013-10-24 17:53 - 000032768 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000028672 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 004671488 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000686080 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000070656 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll 2013-07-23 20:18 - 2013-07-23 20:18 - 000038912 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll 2013-07-23 20:18 - 2013-07-23 20:18 - 000227840 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll 2013-07-23 20:18 - 2013-07-23 20:18 - 000012800 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll 2013-07-23 20:18 - 2013-07-23 20:18 - 000046592 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll 2013-10-22 10:48 - 2013-10-22 10:48 - 000707072 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll 2013-10-24 17:53 - 2013-10-24 17:53 - 000107008 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 005717504 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll 2013-12-11 17:46 - 2013-12-11 17:46 - 001114624 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll 2013-12-11 17:46 - 2013-12-11 17:46 - 000102400 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000064000 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll 2013-10-25 20:53 - 2013-10-25 20:53 - 000012288 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll 2013-10-25 20:53 - 2013-10-25 20:53 - 001033728 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000399826 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000147456 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000290816 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000289792 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll 2013-12-11 17:46 - 2013-12-11 17:46 - 000077312 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000450560 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000024064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000023040 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll 2013-04-19 17:38 - 2013-04-19 17:38 - 000055808 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000024064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000520234 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000152064 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000366592 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000013824 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll 2013-10-25 20:53 - 2013-10-25 20:53 - 000117248 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000044032 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll 2013-12-11 17:45 - 2013-12-11 17:45 - 000017920 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll 2013-12-11 17:45 - 2013-12-11 17:45 - 000134144 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll 2013-10-25 20:48 - 2013-10-25 20:48 - 000012288 _____ () [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll 2015-01-08 11:41 - 2011-04-28 02:11 - 005573632 _____ (Codejock Software) [File not signed] C:\Program Files (x86)\CyberLink\Power2Go8\ToolkitPro1110vc90U.dll 2013-10-14 11:34 - 2013-10-14 11:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll 2013-10-14 11:23 - 2013-10-14 11:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll 2013-10-14 11:25 - 2013-10-14 11:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll 2013-02-14 20:42 - 2013-02-14 20:42 - 000765952 _____ (LIBGD Development Team) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\bgd.dll 2017-03-29 22:08 - 2017-03-29 22:08 - 000252928 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL 2021-04-18 14:26 - 2021-04-18 14:26 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2021-04-18 14:25 - 2021-04-18 14:25 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2013-02-14 20:42 - 2013-02-14 20:42 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\pthreadVC2.dll 2013-02-15 17:54 - 2013-02-15 17:54 - 000042496 _____ (Samsung Electronics) [File not signed] C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DirectoryScanner.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll 2013-10-14 11:35 - 2013-10-14 11:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll 2018-03-27 21:33 - 2018-03-27 21:33 - 001370624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\LIBEAY32.dll 2018-03-27 21:33 - 2018-03-27 21:33 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MyDrive Connect\ssleay32.dll 2018-10-15 11:11 - 2018-10-15 11:11 - 000038912 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll 2018-10-15 11:12 - 2018-10-15 11:12 - 001096704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll 2019-04-26 16:12 - 2019-04-26 16:12 - 004785152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Core.dll 2018-10-15 11:05 - 2018-10-15 11:05 - 004970496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Gui.dll 2018-10-15 11:05 - 2018-10-15 11:05 - 000961024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Network.dll 2018-10-15 11:09 - 2018-10-15 11:09 - 004468224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Widgets.dll 2018-10-15 11:02 - 2018-10-15 11:02 - 000150016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\MyDrive Connect\Qt5Xml.dll 2019-04-26 16:08 - 2019-04-26 16:08 - 000137728 _____ (TomTom) [File not signed] C:\Program Files (x86)\MyDrive Connect\DeviceNavEthernetCore.dll 2016-04-01 16:50 - 2014-09-11 18:10 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] AlternateDataStreams: C:\ProgramData\Temp:10894A2E [144] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2 HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87sfxhr4ow002620¶m1=y6bdVFVIsvuYsgEClQfz8Hr0EAieT0AvfxeS6%2B%2B1DoAhaMI%2BX4JdsBE0RvtWIef%2BahYlQeW6JGwEqy2%2FqV5Lo%2FGGm1DcysJq6qyI5JD7ynZCgaJmEyCkaLr19RkKeZj9vzleRd%2FqpSyAdwOJ%2BDE9bt30LMRbiBx4V8gU9HfvBXiuPABeNaAc%2B9I4%2BOA6Wks2m39MMf7PmeStRPxOmsJZZHdoY%2FF0t%2BRoV9K2FYfISoGMdSyHPznAPwi%2BK4TU4k%2Fv6PE3Unm%2F3CwzUPw4U42OZSvIz%2BUX3vHkjQaMACjbwiSryJMAr3cUrRSMLsVJVnCvobcbJ%2Bng1nEnLrePkYRWEwkP%2BeOMgRF5KOy7Uym3AnBhiFFaWGQ6%2FqvCNK8JMHFc HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2 SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> DefaultScope {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.14.2.13&locale=en_GB&guid=808C2063-B9EB-4ADD-8FA4-A943E645124B&doi=2016-09-01&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-12] (Oracle America, Inc. -> Oracle Corporation) Toolbar: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-23] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\sharepoint.com -> hxxps://wmcutc.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2021-08-07 01:14 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\GtkSharp\2.12\bin;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\nodejs\ HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Freemake Improver => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: RtkAudioService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: TomTomHOMEService => 2 HKLM\...\StartupApproved\StartupFolder: => "MouseRecorder.lnk" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\StartupFolder: => "Windows.vbs" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A008D3C4AC1F70CC0223825A47FA7BBC" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Windows Update Service" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "ApowerREC" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3730886342-3199546216-3749763402-1002\...\StartupApproved\Run: => "EADM" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{AD06C29B-E119-4491-AC3A-49487ABACF42}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{C16F59B1-FADF-4575-BAE4-C2E58AFA1003}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{41320FD6-7C6F-4057-8DCF-22738F63A08D}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{C281B0C7-7EBC-4ADB-8BA6-8845AB0C7455}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{7028E946-AE8F-4AB3-9B19-225481A9B59F}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [{328495F9-265A-4694-9EE1-0516F6BB0AB9}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{7009B99B-42B2-4F07-B170-53C6A82581F5}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [TCP Query User{FD27BEA6-CC02-4F20-8E6A-1355AA7155D5}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe FirewallRules: [{96682165-8047-408A-93A4-FA9552164DA1}] => (Block) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe FirewallRules: [{387E4787-1608-4FEE-BD99-8F9B61230A22}] => (Block) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe FirewallRules: [UDP Query User{EEA73B6F-FBD0-48CE-B443-E3D537335606}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe FirewallRules: [TCP Query User{684F0A4A-3E18-425A-80AE-BA897B327EE2}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe FirewallRules: [{CB51AA6D-FA1B-4F41-BB94-352089CA65E0}] => (Block) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{DDF838E9-8BE9-4544-9A47-397D44EED25F}] => (Block) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [UDP Query User{9F99EEF6-6AF3-46CE-9F59-45BBBFBF6F4B}C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe] => (Allow) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [TCP Query User{F72725C1-2A2F-41B1-9CC6-0B72F0F32C62}C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe] => (Allow) C:\users\user\desktop\michael pics\terrariastuff\1412\windows\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{1C4DB371-BAC1-466C-AC8B-AB6E8DB02609}] => (Allow) C:\Users\user\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe => No File FirewallRules: [{440D5222-1C58-4703-8AC6-3655ACB84EF9}] => (Block) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File FirewallRules: [{F187FBF8-8C9F-4C3D-985A-33461DA27F7C}] => (Block) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File FirewallRules: [UDP Query User{EF61DE81-28A1-45C5-82B8-8264B969A205}C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe] => (Allow) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File FirewallRules: [TCP Query User{542F0064-9FBB-47DC-A456-5E0567157D71}C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe] => (Allow) C:\users\user\desktop\michael pics real\among.us.v2020.9.9s\among us.exe => No File FirewallRules: [{794CE675-DBA3-465E-90D1-AD061A00BE14}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File FirewallRules: [{53F0EE52-610E-42C8-ADEB-AFB1F1FE0592}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{FB581C68-3976-46B1-91A1-9E6704777D55}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{7C910F31-6EFC-4428-8D8B-879E3AF707C7}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{0161739F-CEFB-4A9A-872E-978E6E368709}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{0B5E754A-289B-4F38-92FC-DC40E2D39865}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{830EDFD4-3AAB-4B6F-B94B-21B77B415E5F}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{6F5FE567-F453-4A95-805E-209AB96A123D}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File FirewallRules: [{7816257C-9093-4EEF-B48F-0FA17256E3B2}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File FirewallRules: [UDP Query User{A2EDE705-E533-4F18-8928-1474047ACE4D}C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File FirewallRules: [TCP Query User{DCC5237A-D85C-4E43-A7F7-C4CF916770BE}C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bin\php\php.exe => No File FirewallRules: [{EEFDFF33-777A-4078-89B7-FBA967BF59C1}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File FirewallRules: [{79103D03-F232-49CF-B297-FE2436ED2ACA}] => (Block) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File FirewallRules: [UDP Query User{230000CE-EAB7-4354-8B96-8BA214331B93}C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File FirewallRules: [TCP Query User{85F2DD34-24EF-45D9-8CBC-BA270590D80E}C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe] => (Allow) C:\users\user\desktop\michael pics\bedrockserver\bedrock_server.exe => No File FirewallRules: [{B68BCE4F-FBE1-44D0-9075-777B034C7AB7}] => (Block) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File FirewallRules: [{C7F14D69-6F9C-4495-B2A8-C2AD37D474DE}] => (Block) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File FirewallRules: [UDP Query User{D9552218-76B8-4DB6-9B2D-B94FD1A6D802}C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File FirewallRules: [TCP Query User{2954C3EB-191D-494B-B4C1-ED362ED46FDE}C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-e14c7c800bb54bef\robloxstudiobeta.exe => No File FirewallRules: [{EA521349-02E4-43F4-8DD4-BDCD855D9A59}] => (Block) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [{ECE50143-25AF-43B0-B56D-F55E6C018316}] => (Block) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [UDP Query User{7D4E0DDD-5321-49FD-9574-BBE6E64208EF}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [TCP Query User{0A7842EA-FE63-4430-B634-1869FE88C0C7}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => (Allow) C:\program files\vegas\vegas pro 14.0\vegas140.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) [File not signed] FirewallRules: [{65846DB3-7E35-4A4D-ADB5-C6DF6BC844DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File FirewallRules: [{7F57CC26-D8EE-4390-B40B-ECB74A16ECB6}] => (Block) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File FirewallRules: [{2D35E932-A699-4F0C-8AFF-2B3DA33A1762}] => (Block) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File FirewallRules: [UDP Query User{C1335533-D8BF-49E4-86D4-9566397991CA}C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File FirewallRules: [TCP Query User{37900802-D93A-4C43-9644-7F5A7C247434}C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-be3f47d363934729\robloxstudiobeta.exe => No File FirewallRules: [{AB2089D3-0FBA-4095-B3E9-F756CE11C912}] => (Block) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File FirewallRules: [{AFB8E4C2-606B-4E45-95CE-414E150E4EF2}] => (Block) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File FirewallRules: [UDP Query User{F4A902E7-BF88-479B-9605-D2C9141B9E6B}C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File FirewallRules: [TCP Query User{099A54C2-EE56-468D-AE03-DED3F2BE10FD}C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe] => (Allow) C:\users\user\appdata\local\roblox\versions\version-ebad7d9701144827\robloxstudiobeta.exe => No File FirewallRules: [UDP Query User{D8F5D940-8B79-4CAF-9C36-E48AE93F48EE}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [TCP Query User{CA480E83-1FDC-4520-A668-331F3A00AB91}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [UDP Query User{F51E3C6F-B329-441C-B26D-8CFC4A54A0C9}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [TCP Query User{C5EFFEFF-B42F-4EBF-B13B-93D9476C7819}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [{91B09C1A-A948-4A57-990E-78415C1CE115}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File FirewallRules: [{DD388E28-909C-4D83-8A7F-B85E63E991A9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File FirewallRules: [{A0827E8E-1E81-4F78-A1F6-259C49B9FF27}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File FirewallRules: [{7AB5AF1C-6C43-41C2-9263-9CB4582FAB27}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [{CDE410A8-7DF6-4E18-9D65-5F02C5F0C5B6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File FirewallRules: [{A56C517C-61AB-456E-B355-0930FBDF35ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File FirewallRules: [{B664692C-A44F-4A5A-873C-847D44CE3CCB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File FirewallRules: [{CD852D2D-2CF8-4812-A259-62B5CB6A1DF9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File FirewallRules: [{D325DC93-FF01-4EA3-8B4E-979BDCECC6A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File FirewallRules: [{A9FB8453-8A3E-4993-9DC3-9DFD18795ABC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File FirewallRules: [{704B6E3D-B7F2-4507-A578-93B75D75E69E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A5E2C03D-FB36-4644-A938-1FC68C483D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4A49FFA0-251D-4305-8093-0460A34C8D0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{44B9D8F9-6430-4CC5-9A3C-43CDF22CE403}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{37C9A409-6CD5-42DB-B3E0-77457BFDB977}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{FB76128F-F362-4222-8BBD-298532CD9397}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{0E99CAE3-7E19-4475-B382-FC18742D1EB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed] FirewallRules: [{70194205-F7EB-47B2-A317-4F44C405A49C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe () [File not signed] FirewallRules: [{7046A04E-7649-4CA0-A496-9BAEEC5B2ACF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.) FirewallRules: [{89D58FD8-5654-4D06-B386-F50D3B566BB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.) FirewallRules: [{F75E73F3-1955-4CF1-8AF8-728BCD51F7D9}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.) FirewallRules: [{E8FC08EF-8B38-4F44-9642-99282E905BC1}] => (Allow) LPort=25565 FirewallRules: [{3871BF81-E429-4EF1-AC9F-4F8F570D728D}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [{0DCAF7B3-2736-411D-B393-0295D8FAD54E}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [{59FA7917-B9EE-4564-A8D9-E9A5464FD1F5}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [{3F2AC2D5-0681-4BE5-860A-EA79CBD0D5D1}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [{7C104D8F-C1B0-448D-B99E-793E526023D8}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [{F517E647-50A6-40F7-984D-F7BF387CDC6E}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [{7F6AC215-B6A5-4531-B856-0153A4C08048}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{37DB23E9-B1E2-4B65-A696-17E0FD58C681}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{E0AF664D-102D-49E1-89A1-4C04085BB8BC}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [{661B6037-FC41-4B6D-8D3F-C7F7BDB72831}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [{2AC136F7-8C5C-45EF-A593-AF220197BF15}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [{166A4C76-6D5E-40D6-BE0C-3ADAEF274D1B}] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [{F2AA4E77-EA10-42F5-9DDD-24512DA01DEE}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [{663DF447-B439-4198-9F30-B1E6BF045B07}] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [{BFD442B7-55A6-4C8B-B508-3F55D81FD4A2}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{3A6A003C-9F2D-4366-8D5D-835FD5B37843}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{D40FD69C-6366-4FCE-9247-8DA6549DA91C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C9D1CCBC-53B7-4653-BCC9-178349267F2F}] => (Allow) C:\Users\user\Desktop\michael pics Real\Simple Port Forwarding\spf.exe => No File FirewallRules: [{D6E8ABC9-FA20-4FD0-A187-F8A8806A1848}] => (Allow) C:\Users\user\Desktop\michael pics Real\Simple Port Forwarding\spf.exe => No File FirewallRules: [{1B4D5ED2-C7CD-4D03-A7E2-7255F087F98C}] => (Allow) C:\Users\user\AppData\Local\Temp\Rar$EXa0.348\Simple Port Forwarding\spf.exe => No File FirewallRules: [{049E3152-1FCA-46B3-820A-43C97206D779}] => (Allow) C:\Users\user\AppData\Local\Temp\Rar$EXa0.348\Simple Port Forwarding\spf.exe => No File FirewallRules: [{0D2650FB-A710-4B0F-BB34-34FB33EC0636}] => (Allow) LPort=25565 FirewallRules: [{1499DD9F-1211-4C09-A98F-F5140E442267}] => (Allow) LPort=25565 FirewallRules: [{91E70E5E-7985-4B49-875A-881B3F706677}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [{283D75FC-7150-4669-A24E-054A20F5A8BC}] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [UDP Query User{DE737C0A-FABC-41C4-A3B9-CB99DD2997AF}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [TCP Query User{F72993BE-EA68-4CAC-B5BA-55C7DA472B48}C:\program files\java\jre1.8.0_121\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\java.exe => No File FirewallRules: [UDP Query User{14131A74-80BC-4E64-9C85-72A2440864D2}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [TCP Query User{CE345A09-2EC8-444D-BCAD-40562F834DFF}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe => No File FirewallRules: [UDP Query User{26728035-2304-446F-A707-55A8FA946822}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [TCP Query User{375A8375-B1C7-45E0-8F69-2F9E8940EA6A}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe => No File FirewallRules: [{40CC127D-1777-42BC-815E-47A9385AE86C}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File FirewallRules: [{8B36415D-65E1-40AF-8F60-4534E59630EF}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File FirewallRules: [{13CA4837-A3EA-4F7E-8F5A-D613A52987E7}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File FirewallRules: [{F6BF1B3D-3BAB-4A7E-90FD-DED2F95300C6}] => (Allow) D:\KOPLAYER\vbox\VBoxHeadless.exe => No File FirewallRules: [{B6629791-7022-4827-98B3-E5BBA4E8F28B}] => (Allow) D:\KOPLAYER\vbox\VBoxManage.exe => No File FirewallRules: [{5AD48F70-88E7-4443-916F-BB56D385273E}] => (Allow) D:\KOPLAYER\KOPLAYER.exe => No File FirewallRules: [{385AA35E-24F7-4C79-82AA-D5ACA2D7B367}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{E649E2BE-1FBF-4325-8630-7397E03751CF}] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [UDP Query User{D5F2F37B-3D92-4F62-83F8-D0ACB6AFE926}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [TCP Query User{F5C8924D-64A0-4EFC-B465-AA495993D58E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe => No File FirewallRules: [{2266440E-4299-4897-ABF0-DC88FAE6280A}] => (Allow) C:\Users\user\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed] FirewallRules: [{767CE676-2103-44A9-9DCD-140E8EBCF410}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{9369C2C1-61C3-4951-B618-EF7F60F52FAD}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{C5511C83-26C2-49EA-875F-BFE530E05375}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [{F5514A5E-4F6A-46C4-B053-6072B98DE63A}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{D7BC023E-5FD3-4A65-8A51-F43689156CAD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{DD32E0CC-FE8F-4A02-ABF2-770D804B8C14}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [UDP Query User{4BD1AA86-CF01-4F2A-85B3-AEDF08D24E2B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File FirewallRules: [TCP Query User{7C60DB81-362E-4D4C-8386-D3E5D4D6A2D9}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => No File FirewallRules: [UDP Query User{EC580252-94A4-41B5-830A-A61480BB25F4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{6444CFD7-AA1D-444F-AC59-FF52DEC28AD7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{534721A3-6EB9-4EB3-8291-7EC17FA0FB09}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{5D3C6483-04BB-4527-85EA-A77A76F56056}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{F769FAB9-07D1-4324-9CFC-7F73D16E348C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File FirewallRules: [{DF492361-6D99-41F6-8074-C7F7834A257A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{F5D074BC-18B1-4352-98C1-64701D3E7A01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File FirewallRules: [{BD558DF4-C19C-44C2-9E5C-02D40F2FBE77}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{0FA1FBED-A66F-4A3D-A91F-9CECFA04B3C1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [{2EC864DB-F86F-48E5-9B1C-8FCB263F5CE4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [{89A19479-6A2F-48A7-B8FD-2CFA249E9EB9}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File FirewallRules: [{83344CFE-385F-43A1-AA0B-4E5B9FF81C22}] => (Allow) LPort=1900 FirewallRules: [{F64ED9BE-2E34-42B3-898E-C6456391CFCB}] => (Allow) LPort=7900 FirewallRules: [{3B56E3EC-3F83-4C23-8336-FEBAB82D1953}] => (Allow) LPort=24234 FirewallRules: [{0FFD8157-36D0-42C8-ABE0-49728B420C7F}] => (Allow) LPort=7679 FirewallRules: [{9A2777EF-4688-42AC-9BDD-7414DC5E6D09}] => (Allow) LPort=7676 FirewallRules: [{85B2190E-B570-4129-8330-4E4EC011350A}] => (Allow) LPort=8643 FirewallRules: [{C82FCAB9-D359-4121-A0C8-2BC4ED71D310}] => (Allow) LPort=8743 FirewallRules: [{88E859A3-613A-44A8-AA61-1DDC1DCE7E56}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] FirewallRules: [{6F614973-3716-44BD-94AE-7F5B870C610C}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] FirewallRules: [{80F7BCD5-7571-43AA-96A2-4C31AFD3DBE0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] FirewallRules: [{3D6EE748-A51F-4E82-96F4-430E026396B7}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Samsung Electronics CO., LTD. -> Samsung) [File not signed] FirewallRules: [{EB587F70-5863-4B83-BA55-1A9A3657B797}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{A24BCCB4-58CA-449D-86D3-192146D98A57}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link Tray Agent.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{9457CC07-208E-4D5B-B78B-970B6BF103FA}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{AD0FDFE5-3373-473E-AE0B-AAC309E4A14B}] => (Allow) C:\Users\user\Desktop\Samsung Link\Samsung Link.exe (Samsung Electronics CO., LTD. -> Copyright 2013 SAMSUNG) FirewallRules: [{2A5F1340-0344-48C8-8D1D-0F168C26A52E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) FirewallRules: [{79E17D24-29C2-4092-A707-523CF04D3328}] => (Allow) C:\Users\user\Desktop\SimCity_2013_Offline_nosTEAM\SimCity 2013 Offline\SimCity\SimCity.exe => No File FirewallRules: [{7C535047-0DCD-46B7-A3FF-67FABDCD44F8}] => (Allow) C:\Users\user\Desktop\SimCity_2013_Offline_nosTEAM\SimCity 2013 Offline\SimCity\SimCity.exe => No File FirewallRules: [{17E0AF3F-1085-4387-A387-5A36BC2A8A4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{35E276A6-0965-45BB-90C9-7D48B2A30E83}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{B33A28EB-5287-4314-8819-A881E53BF1FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B31CAC5D-E9C3-45FB-881C-2E85D92F0DF6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2789DF3F-DAA7-488F-8502-4CC671DA9597}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D7E851C8-35A8-49BE-AF37-87E95F8243CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> ) FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> ) FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd) FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) C:\Users\user\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd) FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd) FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd) FirewallRules: [{54436BEC-0A37-4C21-980D-EF06AC6E4170}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File FirewallRules: [{213EAB6F-ACC5-411A-BED0-8EA18CB93AB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe => No File FirewallRules: [{5AC44778-0638-4388-9DEC-1B85CD3A35AE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe => No File FirewallRules: [TCP Query User{CCCE989D-B726-480D-8898-05CCC453AE49}C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe] => (Block) C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe => No File FirewallRules: [UDP Query User{F2F7EEBA-4A93-4409-87CF-7418D634D16C}C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe] => (Block) C:\users\user\appdata\local\roblox\versions\version-c5fc3b74ddb246f8\robloxstudiobeta.exe => No File FirewallRules: [{DE68AC03-3D16-4730-9FC1-39A0A5579D73}] => (Allow) C:\Program Files (x86)\ArenaPLAY\ArenaPLAY.exe (Elian Geshev -> ) [File not signed] FirewallRules: [{1F76A40F-AA66-4D9C-BB12-1B19CEE3E039}] => (Allow) C:\Program Files (x86)\ArenaPLAY\ArenaPLAY.exe (Elian Geshev -> ) [File not signed] FirewallRules: [TCP Query User{61A0FC30-6D52-4CB7-9C81-04D7ED393236}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed] FirewallRules: [UDP Query User{CC3C766A-8BC2-4A06-8B1D-43E9E4E4FF78}C:\program files (x86)\lonelyscreen\lonelyscreen.exe] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed] FirewallRules: [{9E67F366-2616-40B8-9B15-7A347DF1F9F1}] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed] FirewallRules: [{EBF5C798-AC0C-4381-A88A-E2D30EDEA81A}] => (Allow) C:\program files (x86)\lonelyscreen\lonelyscreen.exe () [File not signed] FirewallRules: [TCP Query User{20338307-54AE-4938-B8E7-AB8AE7C70B45}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.) FirewallRules: [UDP Query User{5C6E2F05-9BCB-4020-919E-667F61F5D03F}C:\users\user\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.) FirewallRules: [{4BE02E5E-B81B-408A-97E5-6AA9F6262C50}] => (Block) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.) FirewallRules: [{FC0CED2A-358B-41C4-A2A9-013AC0122243}] => (Block) C:\users\user\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.) FirewallRules: [{AC2DC41F-C884-44D7-A49B-5293D7B6B53F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{F24178FB-EB2C-4B83-87CE-B6A713515C23}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{2580B296-FA6A-48D2-9FF9-B6A57E747023}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BECFF3C7-0146-422F-A495-327E461668FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{9366058E-1179-4CEA-B0FE-59C8072C29DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe () [File not signed] FirewallRules: [{B8A2F8D0-649D-4694-BDA1-1DEB8550F336}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creativerse\Creativerse.exe () [File not signed] FirewallRules: [{22D3E936-4116-4C70-A783-347008342145}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{DE782179-BFEA-40AF-972F-21D3DE95A707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [TCP Query User{732F80DB-DFF1-4A80-B450-342DE7D56FF6}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [UDP Query User{5A1AB36F-CFED-49BB-BE38-26F17868C6A9}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{02305CF7-EA74-4BFD-863A-66DB2C662811}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{9CA15809-D047-42F9-92DC-77A6B9934901}] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed] FirewallRules: [{F9BF81FA-BCFC-42A0-9D85-C4FEB5D336D4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CEC37CC4-129D-4345-80E1-F83BC1AAB1D1}] => (Allow) LPort=2869 FirewallRules: [{C9A5AA6D-2AF0-41C1-A952-17448EB11022}] => (Allow) LPort=1900 FirewallRules: [{59FE8F1E-2509-44C7-B696-BD9D2002B8DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{257B2B8E-866D-434C-BF57-6042A38361C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{9772DCFA-41C0-4485-8636-E9C5B2CC531B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{AF536D51-D647-43D1-9A79-683F9960C80F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{D5B36552-F3B2-4A4B-B74B-F039B71731FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed] FirewallRules: [{75481D24-6A14-432B-BE83-E3EC64432F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed] FirewallRules: [{4705DFB9-2916-4B63-8C4C-E0D4CB6F8BEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed] FirewallRules: [{308DAA9F-14A7-451D-BC16-4197B9D40B63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed] FirewallRules: [{77961A1E-43F2-49CD-BEBA-26175CC6C39F}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom) FirewallRules: [TCP Query User{7D3AFE52-15B6-4A19-AA1B-BEC79C4B7636}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion) FirewallRules: [UDP Query User{58FF18B1-A721-4994-A3D8-3810E4E3CE1D}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion) FirewallRules: [{A5280AC1-53BB-4599-9BBF-202D2D3FF943}] => (Block) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion) FirewallRules: [{A91C7160-9622-4ACF-8670-69A1B8708CBD}] => (Block) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion) FirewallRules: [TCP Query User{33F46796-B53E-4899-8A13-EA7898A9E69C}C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{9390B73E-A22E-4196-8D8D-643A0C1F71B3}C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{3B9C61E8-EA04-4C11-BB6B-1DD213406A9A}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe FirewallRules: [UDP Query User{98086396-5EF1-4A42-89CB-BBFF72EDB926}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe FirewallRules: [{01BB96AB-C9D8-4B7A-986F-C150E33371F3}] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe FirewallRules: [{4AC06A32-F947-4F41-8888-200704FA84EC}] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe FirewallRules: [{E2A8A23B-3343-48FF-8627-448A9DFB9F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B20A60CA-A140-42A0-85F1-D90E817250E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{25837DE9-B46D-4DEB-9307-EC65B8286B12}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F0C9C195-AA84-4B71-9BEE-AC6F48ACD4A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{B20204C6-F6D1-47BE-83FD-ED5C8D80AEAF}C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe FirewallRules: [UDP Query User{FC8075BE-5BCE-40F3-B4C5-8E38BC207E00}C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe FirewallRules: [{C0CF32C3-2FC0-4B5B-8C4E-5691FDFD24CD}] => (Block) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe FirewallRules: [{1DEC6F21-59AE-4EE6-B362-D54660740E6B}] => (Block) C:\programdata\badlionclient\jre1.16.0_1\bin\javaw.exe FirewallRules: [TCP Query User{ADC888F3-F50C-42C4-A9F8-09271C725935}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [UDP Query User{2D76BE96-FD55-405B-9063-362CD81FAB2F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{4E4896FA-B896-466A-AC59-0B55DE91FE80}] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{88DEAFA1-0299-4BB1-B7AA-8E707390F916}] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe FirewallRules: [{93DB3C7F-452C-4A78-95DD-3617601952EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9EA0BA61-E539-41E3-BD09-C5F89520128A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [TCP Query User{BF438451-822A-41A1-B19B-3AE817ED00F8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{18F828AE-CE15-48BA-B8FB-752D12885918}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{03AC24EB-5B4C-4FB7-8073-54C3CB5F8216}] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{224F0F30-7FB2-4522-A6BB-9D637E95E235}] => (Block) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{B10A7FD8-E452-40F1-9C37-A9B60BEC5D71}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{EE15FA8D-879D-4CC5-A6C1-A930155F320B}C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe FirewallRules: [UDP Query User{DDD317D4-96DF-4E26-977F-8D0E136A21A2}C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe FirewallRules: [{E006A46F-CF69-4FD4-B578-25D1425E7651}] => (Block) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe FirewallRules: [{6D6A189A-6CB4-4735-85FC-139ADAA7D725}] => (Block) C:\users\user\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe ==================== Restore Points ========================= 29-07-2021 18:39:45 Scheduled Checkpoint 06-08-2021 19:49:55 Scheduled Checkpoint 07-08-2021 18:56:54 AdwCleaner_BeforeCleaning_07/08/2021_18:56:53 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/07/2021 07:04:09 PM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/07/2021 07:02:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/07/2021 03:16:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MedalEncoder.exe, version: 3.422.0.0, time stamp: 0x61081e0d Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2 Exception code: 0xc000041d Fault offset: 0x0000000000034ed9 Faulting process ID: 0x638 Faulting application start time: 0x01d78b968212e849 Faulting application path: C:\Users\user\AppData\Local\Medal\recorder-3.422.0\MedalEncoder.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 83d1478a-80c3-4032-bc6e-c519275b475e Faulting package full name: Faulting package-relative application ID: Error: (08/07/2021 03:16:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: MedalEncoder.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Error: (08/07/2021 03:14:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: MedalEncoder.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException System errors: ============= Error: (08/07/2021 07:15:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service did not respond on starting. Error: (08/07/2021 07:11:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service did not respond on starting. Error: (08/07/2021 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Touchpoint Analytics service failed to start due to the following error: The system cannot find the file specified. Error: (08/07/2021 07:09:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The system cannot find the file specified. Error: (08/07/2021 07:09:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service did not respond on starting. Error: (08/07/2021 07:04:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/07/2021 07:04:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (08/07/2021 07:04:06 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898. Windows Defender: ================ Date: 2021-08-07 19:38:09 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Dakkatoni.B!MTB&threatid=2147751522&enterprise=0 Name: Exploit:iPhoneOS/Dakkatoni.B!MTB Severity: Severe Category: Exploit Path: file:_C:\Users\user\Downloads\yalu102_beta7 (1).ipa; file:_C:\Users\user\Downloads\yalu102_beta7.ipa Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\user\Desktop\michael pics\Stuff\FRST64.exe Security intelligence Version: AV: 1.345.129.0, AS: 1.345.129.0, NIS: 1.345.129.0 Engine Version: AM: 1.1.18400.4, NIS: 1.1.18400.4 Date: 2021-08-07 19:38:09 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:iPhoneOS/Dakkatoni.B!MTB&threatid=2147751522&enterprise=0 Name: Exploit:iPhoneOS/Dakkatoni.B!MTB Severity: Severe Category: Exploit Path: file:_C:\Users\user\Downloads\yalu102_beta7 (1).ipa Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\user\Desktop\michael pics\Stuff\FRST64.exe Security intelligence Version: AV: 1.345.129.0, AS: 1.345.129.0, NIS: 1.345.129.0 Engine Version: AM: 1.1.18400.4, NIS: 1.1.18400.4 Date: 2021-08-07 14:13:39 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-04 10:27:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-03 17:55:48 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-07-18 22:16:39 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.343.994.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18300.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-07-11 15:17:05 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.343.618.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18300.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-07-11 15:11:03 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.343.618.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18300.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-07-11 15:11:03 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.343.618.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18300.4 Error code: 0x80070102 Error description: The wait operation timed out. CodeIntegrity: =============== Date: 2021-07-08 16:44:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.173.0.16\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2021-06-22 21:40:36 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.173.0.14\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2021-06-12 11:25:12 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Users\user\AppData\Local\Discord\app-1.0.9002\Discord.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.170.48.15\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Insyde F.19 07/14/2016 Motherboard: Hewlett-Packard 216B Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics Percentage of memory in use: 56% Total physical RAM: 7366.26 MB Available physical RAM: 3212.55 MB Total Virtual: 11206.26 MB Available Virtual: 6718.25 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:911.61 GB) (Free:480.52 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (MathsWatch High) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS \\?\Volume{0f94f36e-3a11-4e49-ba04-6b7ae000c477}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS \\?\Volume{bb741e18-5e1d-453a-97a1-0abb940888ff}\ () (Fixed) (Total:0.96 GB) (Free:0.33 GB) NTFS \\?\Volume{999054ce-759b-4197-aaaf-b354ff3acda5}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473351 Share Posted August 7, 2021 FRST.txt Addition.txt here is the fabar and the last of the logs. Link to post Share on other sites More sharing options...
Solution kevinf80 Posted August 7, 2021 Solution ID:1473366 Share Posted August 7, 2021 Hiya DietPepsi, Thanks for those logs, continue: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply... Thank you, Kevin. fixlist.txt Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473371 Share Posted August 7, 2021 Any Ideas? Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473372 Share Posted August 7, 2021 Nevermind abt that reply above i didnt see your reply Question: By reboot do you mean like a restart or a full factory reset type thing? Link to post Share on other sites More sharing options...
DietPepsi Posted August 7, 2021 Author ID:1473373 Share Posted August 7, 2021 By factory reset type thing I mean like will it delete everything including the things you listed. Or will everything remain the same. Link to post Share on other sites More sharing options...
kevinf80 Posted August 7, 2021 ID:1473388 Share Posted August 7, 2021 Reboot only means your system will be restarted after the FRST fix completes, there will be NO factory reset. The changes will only be what is included in the FRST fix... Link to post Share on other sites More sharing options...
DietPepsi Posted August 9, 2021 Author ID:1473706 Share Posted August 9, 2021 when i ran frst64 it went off after a while and it didnt reboot my pc however i will reboot in case. Link to post Share on other sites More sharing options...
DietPepsi Posted August 9, 2021 Author ID:1473707 Share Posted August 9, 2021 Fixing is terminated due to reaching maximum fixing time of 60 minutes it said this in the logs do I need to do something or am I fine to proceed? Link to post Share on other sites More sharing options...
DietPepsi Posted August 9, 2021 Author ID:1473727 Share Posted August 9, 2021 --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.345, (build 1.345.232.0) Started On Mon Aug 9 19:14:11 2021 Engine: 1.1.18400.4 Signatures: 1.345.232.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode I did what you requested however this the only thing that popped up when I typed in what you told me too. Also it seems like the windows script host thing is no longer there as I dont see it appearing Link to post Share on other sites More sharing options...
kevinf80 Posted August 9, 2021 ID:1473761 Share Posted August 9, 2021 Can I see the log from FRST fix, I can see what caused the time out and what still needs to be done... Link to post Share on other sites More sharing options...
DietPepsi Posted August 10, 2021 Author ID:1473838 Share Posted August 10, 2021 Fixlog.txtHere you go Link to post Share on other sites More sharing options...
kevinf80 Posted August 10, 2021 ID:1473858 Share Posted August 10, 2021 Hiya DietPepsi, I can see where the fix timed out, I`ve created another fix so that we can complete FRST tasks. FRST will also create a zip file, can you also attach that to your reply please. Zip file will be saved to same place as FRST... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Attach that log and the created zip file to your reply, also let me know if there are any remaining issues or concerns... Thank you, Kevin fixlist.txt Link to post Share on other sites More sharing options...
DietPepsi Posted August 10, 2021 Author ID:1473960 Share Posted August 10, 2021 Fixlog.txthere is the new fixlog however interestingly there is no winrar or .Zip file I have found unless the file itself is called ZIP Link to post Share on other sites More sharing options...
kevinf80 Posted August 10, 2021 ID:1473965 Share Posted August 10, 2021 Zip file was created and saved here: C:\Users\user\Desktop\10.08.2021_18.06.06.zip Link to post Share on other sites More sharing options...
DietPepsi Posted August 10, 2021 Author ID:1473973 Share Posted August 10, 2021 https://www.mediafire.com/file/cs3fu2iykfd73sd/10.08.2021_18.06.06.zip/file this is the link to the file sorry I couldent attach it was above 87.89 MB so I improvised and made it a mediafire file. Link to post Share on other sites More sharing options...
kevinf80 Posted August 10, 2021 ID:1473977 Share Posted August 10, 2021 How is your PC responding now, any remaining issues or concerns... Link to post Share on other sites More sharing options...
DietPepsi Posted August 10, 2021 Author ID:1474012 Share Posted August 10, 2021 It seems to be resolved like the windows script host thing is no longer popping up and everything is a lil smoother Link to post Share on other sites More sharing options...
Recommended Posts