For some reason when I powered my laptop on today, it said I need to reconnect my drive.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
-
This topic is locked
30 replies to this topic
Register to Remove
#17
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 21 November 2021 - 10:12 PM
The dates don't make sense. You ran FRST, according to the date on your computer, on November 13, 2021 (13-11-2021).
Also according to your computer, you ran AdwCleaner on July 4, 2019. (04-07-2019)
Please try to run it again and post the log.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#18
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 24 November 2021 - 06:24 AM
Ok I will run it again and post log.
#19
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 24 November 2021 - 06:43 AM
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-07-2019
# Duration: 00:00:09
# OS: Windows 8.1
# Cleaned: 9
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\UAB
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\ActiveOptimization
Deleted HKLM\Software\Wow6432Node\ActiveOptimization
Deleted HKU\.DEFAULT\Software\ActiveOptimization
Deleted HKU\S-1-5-18\Software\ActiveOptimization
Deleted HKU\S-1-5-19\Software\ActiveOptimization
Deleted HKU\S-1-5-20\Software\ActiveOptimization
***** [ Chromium (and derivatives) ] *****
Deleted AVG Web TuneUp
Deleted Search Encrypt
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-04-2019
# Duration: 00:00:23
# OS: Windows 8.1
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
Deleted AVG Web TuneUp
Deleted Search Encrypt
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-04-2019
# Duration: 00:02:23
# OS: Windows 8.1
# Cleaned: 50
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.WildTangentGamesBundle
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
AdwCleaner[C01].txt - [1652 octets] - [04/08/2019 16:38:34]
AdwCleaner[S02].txt - [1853 octets] - [04/08/2019 16:50:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-05.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-07-2019
# Duration: 00:00:52
# OS: Windows 8.1
# Scanned: 27253
# Detected: 9
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.DriverSupport C:\ProgramData\UAB
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DriverSupport HKCU\Software\ActiveOptimization
PUP.Optional.DriverSupport HKLM\Software\Wow6432Node\ActiveOptimization
PUP.Optional.DriverSupport HKU\.DEFAULT\Software\ActiveOptimization
PUP.Optional.DriverSupport HKU\S-1-5-18\Software\ActiveOptimization
PUP.Optional.DriverSupport HKU\S-1-5-19\Software\ActiveOptimization
PUP.Optional.DriverSupport HKU\S-1-5-20\Software\ActiveOptimization
***** [ Chromium (and derivatives) ] *****
PUP.Optional.Legacy AVG Web TuneUp
PUP.Optional.SearchEncrypt Search Encrypt
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-04-2019
# Duration: 00:01:29
# OS: Windows 8.1
# Scanned: 35815
# Detected: 90
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
PUP.Optional.Legacy AVG Web TuneUp
PUP.Optional.SearchEncrypt Search Encrypt
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint
Preinstalled.CyberLinkShellExtension
Preinstalled.HPHealthCheck
Preinstalled.HPMediaSmart
Preinstalled.HPRegistrationService
Preinstalled.HPSupportAssistant
Preinstalled.LenovoPower2Go
Preinstalled.LenovoPowerDVD
Preinstalled.WildTangentGamesBundle
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-04-2019
# Duration: 00:01:02
# OS: Windows 8.1
# Scanned: 35815
# Detected: 88
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint
Preinstalled.CyberLinkShellExtension
Preinstalled.HPHealthCheck
Preinstalled.HPMediaSmart
Preinstalled.HPRegistrationService
Preinstalled.HPSupportAssistant
Preinstalled.LenovoPower2Go
Preinstalled.LenovoPowerDVD
Preinstalled.WildTangentGamesBundle
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
AdwCleaner[C01].txt - [1652 octets] - [04/08/2019 16:38:34]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-18-2021
# Duration: 00:01:03
# OS: Windows 8.1
# Scanned: 32010
# Detected: 38
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
AdwCleaner[C01].txt - [1652 octets] - [04/08/2019 16:38:34]
AdwCleaner[S02].txt - [1853 octets] - [04/08/2019 16:50:50]
AdwCleaner[C02].txt - [1772 octets] - [04/08/2019 17:28:04]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-11-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-18-2021
# Duration: 00:01:05
# OS: Windows 8.1
# Scanned: 32014
# Detected: 38
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
AdwCleaner[C01].txt - [1652 octets] - [04/08/2019 16:38:34]
AdwCleaner[S02].txt - [1853 octets] - [04/08/2019 16:50:50]
AdwCleaner[C02].txt - [1772 octets] - [04/08/2019 17:28:04]
AdwCleaner[S03].txt - [6886 octets] - [18/11/2021 08:06:19]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-24-2021
# Duration: 00:01:05
# OS: Windows 8.1
# Scanned: 32013
# Detected: 38
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Annette\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Jacquelyn\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
AdwCleaner[S00].txt - [1729 octets] - [07/04/2019 00:33:09]
AdwCleaner[C00].txt - [1747 octets] - [07/04/2019 00:34:00]
AdwCleaner[S01].txt - [1789 octets] - [04/08/2019 16:30:34]
AdwCleaner[C01].txt - [1652 octets] - [04/08/2019 16:38:34]
AdwCleaner[S02].txt - [1853 octets] - [04/08/2019 16:50:50]
AdwCleaner[C02].txt - [1772 octets] - [04/08/2019 17:28:04]
AdwCleaner[S03].txt - [6886 octets] - [18/11/2021 08:06:19]
AdwCleaner[S04].txt - [6947 octets] - [18/11/2021 14:13:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########
#20
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 24 November 2021 - 10:48 AM
Great. Those last two runs are current. I don't know why you were getting 2019 logs earlier.
The "bad" news is that nothing really nefarious was found. The preinstalled items are basically junk, but won't really hurt you. Personally, I'd dump them... but that's up to you.
Let's try an online scan:
ESET Online Scanner
Download ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
While we are at it... lets get a second opinion:
Please download Emsisoft Emergency Kit and save it to your desktop.
- Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
- Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
- After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
. - When asked to run an online update, click Yes.
. - When the update is finished, click the Back to Security Status link in the left corner.
- On the main screen click the Scan PC button.
- Select Smart Scan, then click the Scan button.
- When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
. - Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
- Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
- Copy and paste the contents of that logfile in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#21
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 27 November 2021 - 12:38 PM
After accepting the agreement, it started checking for possible conflicting application but then I got the below attached message.
Attached Files
-
ESET Error Msg.pdf 19.55KB
505 downloads
Edited by BJ2011, 27 November 2021 - 03:19 PM.
#22
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 27 November 2021 - 03:23 PM
I can't get Emisoft to download.
#23
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 27 November 2021 - 09:29 PM
Unfortunately I cannot read the message. I also don't know why ESET isn't working.
Perhaps it doesn't matter as we haven't found an infection anyway.
How about you run FRST again and post me new logs.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#24
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 28 November 2021 - 11:53 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by Annette (administrator) on MRSJOHNSON (Hewlett-Packard HP 15 Notebook PC) (28-11-2021 11:10:00)
Running from C:\Users\Annette\Documents\WTT
Loaded Profiles: Annette
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CenturyLink -> CenturyLink Inc) C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Annette\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-02-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (No File)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] => C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [48904 2014-11-04] (CenturyLink -> CenturyLink Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [92688136 2020-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [B0CA40A7B020DFFA8668D20001A42ED77693A62A._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\MountPoints2: {e1d9e33d-70cc-11e4-825e-3863bb8eae0e} - "F:\AutoRun.exe"
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Annette\AppData\Local\Microsoft\Teams\Update.exe [2350752 2021-11-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP AF11 Status Monitor: C:\Windows\system32\hpinkstsAF11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-10-05] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-10-28] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-08-03]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Annette\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook) [File not signed]
Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Jacquelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D002F2D-E5AC-4B77-841A-B6359D99B0E0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {10A0396E-4397-432D-A61A-B29936C98279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-27] (Google Inc -> Google Inc.)
Task: {203275BA-3EF9-4D06-961D-6E42BA0B4329} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1162160 2021-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3165798A-F44B-4387-8B96-BD947DFDF94F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E898CDD-32F4-47D1-A2F4-BCF33E88AEBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {4195DB55-C8DB-47FC-8CD2-34A370918AB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {422808BD-6F70-41BF-945D-E13AA06AE45A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {55DCE214-7F3F-463F-BECE-5A67E73B6324} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {5B7B1C4A-9A07-4CAC-869E-5279651131BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {69D3BA23-D578-4DE2-AFDE-D9EF27762CEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-27] (Google Inc -> Google Inc.)
Task: {B2899F8C-8C39-47C3-82D8-3DD3813BCCD1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
Task: {B5BE6BF9-D834-4248-B01F-176CC40EFCBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B73A7C7B-CF7F-4A7E-A613-BFBB8A73789D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {B95640C8-286C-4ADA-AF7B-A685867BC4F3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C45E956E-E070-4332-B57C-DF9D8B626B72} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C4C18D46-C77E-4DD0-ADDD-49DDCA6AABF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {CD39A3B5-0980-4947-BD6C-3D87425A7FCE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {D04BBF70-03A8-413B-9CA3-5AC3314706E2} - System32\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005 => C:\Users\Annette\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-24] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D0F920D8-40AD-4B42-9F6C-ADA01607FCCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [217976 2018-11-08] (HP Inc. -> HP Inc.)
Task: {DCEFA36E-E149-4C02-99DB-E3F29CC3066E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-10-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {E1827981-E346-4E28-9C08-DF3118782A6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E271AB7C-1BED-41D6-8DBC-9D0944624E37} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E6B7EE15-0DF8-473B-AA30-3C92EDE7356E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1459056 2018-05-04] (HP Inc. -> HP Inc.)
Task: {EB9306F0-852C-4119-884B-66DCAB7FA196} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC860F0E-1C8E-4761-BA2C-9ACF03169D98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-17] (HP Inc. -> HP Inc.)
Task: {EFE6E304-849C-4527-A6F6-903B564B9663} - System32\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005 => C:\Users\Annette\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-24] (LogMeIn, Inc. -> LogMeIn, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005.job => C:\Users\Annette\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005.job => C:\Users\Annette\AppData\Local\GoToMeeting\19932\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2BE7FA48-E3A9-4398-8011-4CBB02E6ACC5}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A}: [DhcpNameServer] 192.168.0.1 205.171.3.25
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1409944621-189731363-133459071-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacquelyn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-1409944621-189731363-133459071-1005: @zoom.us/ZoomVideoPlugin -> C:\Users\Annette\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-11-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default [2021-11-21]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_cnewtab&type=default_v2
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-29]
CHR Extension: (Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-29]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-29]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-29]
CHR Extension: (Honey) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-26]
CHR Extension: (Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-29]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-07-18]
CHR Extension: (HP Network Check Launcher) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-29]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-28]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-11-28]
CHR Notifications: Profile 1 -> hxxps://drive.google.com
CHR Extension: (Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-29]
CHR Extension: (Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-29]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-10]
CHR Extension: (DuckDuckGo) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-11-06]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-20]
CHR Extension: (Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-06]
CHR Extension: (ShopRunner) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ianmjeonbapghpedipabfmiffojmolma [2020-08-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
CHR Extension: (HP Network Check Launcher) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-06]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-10]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-11-21]
CHR Extension: (Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-17]
CHR Extension: (Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-17]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-17]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-17]
CHR Extension: (Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-17]
CHR Extension: (HP Network Check Launcher) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-17]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-17]
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation -> Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-11-28] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (Hewlett-Packard Company -> HP Inc.)
S3 MpKsl27cf8365; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A956364F-2C80-4695-9D34-A467FDC4738D}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-24 06:09 - 2021-11-24 06:09 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-24 06:09 - 2021-11-24 06:09 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-11-24 06:09 - 2021-11-24 06:09 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-20 17:16 - 2021-09-20 23:53 - 000019720 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys
2021-11-20 17:14 - 2019-10-10 10:20 - 000044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2021-11-20 17:14 - 2019-10-10 09:50 - 000035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2021-11-20 17:13 - 2021-07-13 00:34 - 000376072 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2021-11-20 17:13 - 2021-07-13 00:23 - 000317176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2021-11-20 17:10 - 2021-06-04 23:23 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2021-11-20 17:05 - 2019-09-06 07:17 - 000249856 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll
2021-11-18 21:44 - 2021-11-28 11:09 - 000000000 ____D C:\Users\Annette\Documents\WTT
2021-11-18 21:44 - 2021-11-18 21:44 - 000024064 ___SH C:\Users\Annette\Documents\Thumbs.db
2021-11-18 07:50 - 2021-11-18 07:50 - 008553680 _____ (Malwarebytes) C:\Users\Annette\Desktop\adwcleaner_8.3.0.exe
2021-11-15 08:26 - 2021-11-15 08:38 - 204896952 _____ (Malwarebytes) C:\Users\Annette\Desktop\MBSetup-0076911.0076911-4.4.10.144.exe
2021-11-14 18:18 - 2021-11-15 08:07 - 000031605 _____ C:\Users\Annette\Desktop\Fixlog.txt
2021-11-13 22:52 - 2021-11-14 08:23 - 000053744 _____ C:\Users\Annette\Desktop\Addition.txt
2021-11-13 22:46 - 2021-11-13 22:46 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-11-13 22:41 - 2021-11-14 08:23 - 000037317 _____ C:\Users\Annette\Desktop\FRST.txt
2021-11-13 22:11 - 2021-11-14 18:17 - 002311680 _____ (Farbar) C:\Users\Annette\Desktop\FRST64.exe
2021-11-11 13:06 - 2021-11-17 16:52 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-11 13:06 - 2021-11-17 16:51 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-11 12:50 - 2021-11-18 21:51 - 000002352 _____ C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2021-11-07 07:22 - 2021-11-07 07:22 - 000002671 _____ C:\Users\Annette\Desktop\Google Drive.lnk
2021-11-07 06:59 - 2021-11-07 07:09 - 000000000 ____D C:\Users\Annette\AppData\Local\ElevatedDiagnostics
2021-11-06 13:01 - 2021-11-06 13:01 - 000002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-11-06 13:01 - 2021-11-06 13:01 - 000002151 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-11-06 13:00 - 2021-11-06 13:00 - 000000000 ____D C:\Program Files\Google
2021-11-06 12:07 - 2021-11-07 12:48 - 000000000 ____D C:\Users\Annette\Documents\LDA
2021-11-06 11:38 - 2021-11-06 11:38 - 000000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft Teams
2021-10-29 15:34 - 2021-10-29 15:34 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-28 11:17 - 2015-11-17 16:45 - 000003942 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{3464BE36-788D-4EB3-890E-849F1DD7BE9F}
2021-11-28 11:12 - 2019-04-02 18:50 - 000000000 ____D C:\FRST
2021-11-28 11:05 - 2014-11-19 17:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-27 14:15 - 2018-08-10 21:13 - 000000000 ____D C:\Users\Annette\AppData\Local\CrashDumps
2021-11-27 13:48 - 2019-08-19 07:31 - 000000572 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005.job
2021-11-27 13:22 - 2014-11-19 23:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-11-27 13:17 - 2015-09-14 15:50 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-27 12:43 - 2015-09-14 15:49 - 000000000 ___DO C:\Users\Annette\OneDrive
2021-11-27 12:34 - 2019-08-19 07:31 - 000000668 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005.job
2021-11-24 11:19 - 2014-09-09 20:21 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-11-24 06:36 - 2018-04-13 23:12 - 000003676 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-24 06:36 - 2018-04-13 23:12 - 000003580 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-24 06:36 - 2018-04-13 23:11 - 000000000 ____D C:\Users\Annette\AppData\Local\GoToMeeting
2021-11-24 06:31 - 2015-09-14 15:49 - 000000000 ____D C:\Users\Annette\Documents\Youcam
2021-11-24 06:24 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2021-11-24 06:11 - 2017-03-08 19:56 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-11-24 06:11 - 2015-03-19 14:56 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-11-24 06:07 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-23 21:06 - 2014-11-23 18:05 - 000000000 ____D C:\Windows\system32\MRT
2021-11-23 21:06 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2021-11-23 20:44 - 2015-04-07 20:03 - 000000000 ____D C:\Users\Annette
2021-11-23 20:44 - 2014-11-23 18:05 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-23 19:46 - 2013-08-22 08:44 - 000502304 _____ C:\Windows\system32\FNTCACHE.DAT
2021-11-23 19:40 - 2013-08-22 07:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2021-11-23 19:32 - 2013-08-22 09:36 - 000000000 ___RD C:\Windows\ToastData
2021-11-23 19:32 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-11-23 19:32 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Windows Defender
2021-11-23 19:32 - 2013-08-22 09:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-11-23 19:32 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-11-23 19:31 - 2014-12-17 20:22 - 000000000 ____D C:\Windows\system32\appraiser
2021-11-23 19:31 - 2014-11-26 21:52 - 000000000 ___SD C:\Windows\system32\CompatTel
2021-11-23 19:31 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\setup
2021-11-23 19:31 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\inetsrv
2021-11-23 19:31 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-11-23 19:31 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\system32\oobe
2021-11-23 19:31 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\system32\Dism
2021-11-20 18:06 - 2016-03-24 08:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-11-20 16:56 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2021-11-20 14:56 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\NDF
2021-11-20 11:56 - 2014-11-19 15:48 - 000000000 ____D C:\Users\Jacquelyn
2021-11-18 22:24 - 2014-04-22 11:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-18 21:51 - 2018-12-22 11:09 - 000003182 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1409944621-189731363-133459071-1005
2021-11-18 07:54 - 2014-11-19 17:48 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-14 18:17 - 2019-08-11 03:47 - 000000000 ____D C:\Users\Annette\Desktop\FRST-OlderVersion
2021-11-11 12:57 - 2013-08-22 09:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-11 09:48 - 2015-01-14 16:12 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-11-11 09:45 - 2015-12-12 13:20 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-11-07 07:22 - 2015-10-07 17:34 - 000000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-11-07 06:57 - 2019-09-01 10:51 - 000000000 ____D C:\Users\Annette\Desktop\New folder
2021-11-06 14:11 - 2013-08-22 07:25 - 000000298 _____ C:\Windows\win.ini
2021-11-06 13:08 - 2015-09-14 15:43 - 000000000 ____D C:\Users\Annette\AppData\Local\Packages
2021-11-06 12:31 - 2014-11-19 17:47 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-06 12:31 - 2014-11-19 17:47 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-06 11:38 - 2016-09-01 12:37 - 000000000 ____D C:\Users\Annette\AppData\Local\SquirrelTemp
2021-11-06 11:36 - 2020-10-13 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-10-29 15:34 - 2020-10-13 11:59 - 000001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-29 15:34 - 2019-08-07 20:52 - 000001931 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-29 15:28 - 2019-08-07 20:52 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-10-29 15:24 - 2019-04-07 21:41 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-29 15:24 - 2016-02-13 22:07 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-11-15 11:02
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by Annette (28-11-2021 11:23:54)
Running from C:\Users\Annette\Documents\WTT
Windows 8.1 (Update) (X64) (2014-11-19 21:48:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1409944621-189731363-133459071-500 - Administrator - Disabled)
Annette (S-1-5-21-1409944621-189731363-133459071-1005 - Administrator - Enabled) => C:\Users\Annette
Guest (S-1-5-21-1409944621-189731363-133459071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1409944621-189731363-133459071-1004 - Limited - Enabled)
Jacquelyn (S-1-5-21-1409944621-189731363-133459071-1002 - Administrator - Enabled) => C:\Users\Jacquelyn
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (HKLM-x32\...\WTA-f594756d-cea3-422d-a8fc-ced5205c861a) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-67a03dfc-1d66-47d3-bc08-9a960e05c1bc) (Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{89D9FBD5-7D44-509B-D17D-71FF2B2E7BDD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-d289ec68-1f25-4f2b-ba18-86a20a21bc62) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-8c1524c4-154e-48c1-9d0e-de089ad24105) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-73552c2f-075c-4734-8305-d61cc64f6bff) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-51d1343d-3d81-4ede-9006-04b2be370e43) (Version: 2.2.0.98 - WildTangent) Hidden
CenturyLink Installer (HKLM-x32\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - CenturyLink, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-7a3200ac-a8c8-4a24-8f9d-1322c5984d44) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-41e95925-8de8-4966-8b6f-39104fca2c0d) (Version: 2.2.0.98 - WildTangent) Hidden
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.86 - NCH Software)
Curse at Twilight (HKLM-x32\...\WTA-bb4b4313-02fb-4516-b909-11928a5a3ef3) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-410ced0d-8414-4126-a7e5-3a4c77c6d5e8) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Farkle 3.0.13.10 (HKLM-x32\...\Farkle_is1) (Version: - )
Farm Frenzy (HKLM-x32\...\WTA-46580f9e-769c-43d3-9dea-256e9e1d09df) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-0d9b177b-6105-4263-8018-fbf6cbf55172) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-68d441b2-c8f5-499f-96e1-6c93f7dab728) (Version: 2.2.0.110 - WildTangent) Hidden
Grammarly (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\GrammarlyForWindows) (Version: 1.5.29 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{32A50269-D356-4E0E-8726-2D4CE92E5308}) (Version: 6.6.116 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\{57565765-d384-47b2-bf69-37839b58e08e}) (Version: 6.6.116 - Grammarly)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 8.0.1.300 - )
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-7f58df73-a448-48ba-b304-fc490ae02a7f) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.54 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-85145c7b-75a2-48d4-89bb-4168d89f47a0) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-537118ba-a615-4d10-8bd5-6a461f5e5fa4) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-23746366-401a-4c3e-8074-4cd5e7772844) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-c636fc44-f491-4f3b-9e82-fed402533998) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-f60926f8-4f6a-4a38-9df5-e2927ec1f7fc) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\Teams) (Version: 1.3.00.13565 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monopoly® (HKLM-x32\...\WTA-a2f0ba12-04c0-4194-af8a-79ed3a597c9d) (Version: 3.0.2.51 - WildTangent) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-2b23e2e0-e38c-4d60-8e17-7ee68c32006b) (Version: 2.2.0.98 - WildTangent) Hidden
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.26 - NCH Software)
Norton Online Backup (HKLM-x32\...\{1969BD50-331D-4B7A-8116-29A7DC6D45B4}) (Version: 2.8.0.44 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-e36ab41b-84de-4891-b4ac-4c42415d828a) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-9b6dc59b-5d81-4c6f-8733-82ae9078a7f8) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-1624dfaa-74eb-4a04-b0d1-2816bc270b19) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-bb0a5787-6371-4fdd-ac8a-5702d596c923) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-24b516d7-0fa5-49af-b5f8-2b3dd95cd50d) (Version: 2.2.0.98 - WildTangent) Hidden
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-61166e11-25af-458a-bdb6-58e3bdab6835) (Version: 2.2.0.110 - WildTangent) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.13565 - Microsoft Corporation)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-1409944621-189731363-133459071-1002\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-05973e5c-9595-40e3-910a-ba1b6178d68c) (Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.00 - NCH Software)
WhatsApp (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-9173cba2-bfe3-462a-8bbc-6e837f324d64) (Version: 3.0.2.32 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zulu DJ Software (HKLM-x32\...\Zulu) (Version: 3.70 - NCH Software)
Zuma's Revenge (HKLM-x32\...\WTA-11f72db7-03ee-4570-8cc1-e63492ed09eb) (Version: 2.2.0.98 - WildTangent) Hidden
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2017-03-23] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2017-03-23] (Box, Inc.)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2017-03-23] (Hewlett-Packard Company)
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2017-08-23] (Hewlett-Packard Company)
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2017-03-23] (HP Inc.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2017-03-23] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2017-03-23] (AMZN Mobile LLC)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-10-29] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-03-23] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2017-03-23] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-03-23] (Microsoft Corporation) [MS Ad]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2017-07-13] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-04-10] (Microsoft Corporation)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2017-03-23] (CYBERLINKCOM CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Annette\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Annette\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.116\07470D8E98\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\Annette\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.116\07470D8E98\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Annette\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1409944621-189731363-133459071-1005_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-12-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Annette\Desktop\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Annette - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2015-03-19 13:48 - 2014-11-04 16:10 - 000180224 _____ () [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\ICSharpCode.SharpZipLib.dll
2014-06-05 21:40 - 2014-06-05 21:40 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-26 12:28 - 2013-09-26 12:28 - 002540544 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 12:32 - 2013-09-26 12:32 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 12:25 - 2013-09-26 12:25 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-03-19 13:48 - 2014-11-04 16:11 - 000124416 _____ (CenturyLink Inc) [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\CenturyLink.Desktop.Shared.dll
2013-09-26 12:38 - 2013-09-26 12:38 - 000764416 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-09-26 12:27 - 2013-09-26 12:27 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-09-26 12:28 - 2013-09-26 12:28 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-09-09 20:32 - 2014-09-09 20:32 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-09-09 20:32 - 2014-09-09 20:32 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2015-03-19 13:48 - 2014-11-04 16:12 - 000200704 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\CenturyLink\Desktop\Qwest.Facilitator.Desktop.Agent.dll
2014-11-28 19:57 - 2013-04-01 23:19 - 000574464 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Windows\system32\Rtlihvs.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 001298832 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-09-26 12:39 - 2013-09-26 12:39 - 002050960 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1005 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409944621-189731363-133459071-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\sharepoint.com -> hxxps://liveedurdale-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2019-08-11 16:38 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1409944621-189731363-133459071-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
HKU\S-1-5-21-1409944621-189731363-133459071-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Annette\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-1409944621-189731363-133459071-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8D444952-FDB7-4FA5-901C-2462C1A37F99}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF3331A2-97B7-4313-AC3F-01DBA6B2C4FE}] => (Allow) LPort=2869
FirewallRules: [{150FBC6F-7AB5-4063-A0FB-EAC794994B93}] => (Allow) LPort=1900
FirewallRules: [{E39BD188-517F-4E06-97D0-5C42D5838F7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1948981-D69A-4ED2-8B17-9EFB0572B092}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1402E48A-D816-4233-BC99-5439A3F6EDF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1DB3E0-F2A7-42ED-91C7-FB0C90AC0852}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{711CA439-540E-400F-96B4-03755DDF5D83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{ACBD9CE9-88F2-4D23-8571-2E3C7E52DE4E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{02717F8A-ABC2-4205-9C6C-6DD19E9FB7DF}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [TCP Query User{07B278D4-21FF-4CD2-A965-9B4438E8948A}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F79BB37B-92F4-474B-AD1B-CF9F1568C6B7}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{DF2CC86E-9A5F-4831-B378-C0A56490E11E}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [UDP Query User{BEB80554-9B9D-4AB0-90E7-0640D3A57881}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [TCP Query User{136FA891-6E6C-483B-8803-A3420AA28CD3}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [UDP Query User{11852EA3-54FD-4B1C-96D7-470540C49779}C:\program files (x86)\tams11\games\farkle\farkle.exe] => (Allow) C:\program files (x86)\tams11\games\farkle\farkle.exe (Tams11 Software) [File not signed]
FirewallRules: [{D1E14E70-55FD-433A-BA10-0FDA73C5FA47}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{702D7745-DB5D-4710-8D92-015A472B9C96}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CB1CDFB6-8E46-4267-A529-C2D1099F4180}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0CDC5D99-44C4-49B6-8130-528ED1F07E26}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83F18E26-E83F-4F9C-A56D-8B5D7A93C367}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD161ADE-0A7C-44D3-8915-BB5980B4305B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6A9097C-7008-48A2-AD29-13120F59BAAF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F39D004-385E-48B2-9AC7-02CFC9CB9DF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5E466D7-9CCD-4E00-B99F-B4B6D6F4D8D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C701C59-B17B-486B-9D50-93844C0B482F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD5590CC-017D-44AE-86A9-00E3FE28FB6D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C66BD5C9-1AB8-46C3-BC95-4795126CAECB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{071AC728-7D57-4B67-BAD1-F2BF4D1009DC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{75E91A46-1BBE-4E2D-A34A-3E22273BBB32}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B4F8DCE1-4FF7-4C1F-BC65-B49B02A489B3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C3F65FC8-FCC0-4EDC-841B-E344B116F68B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F92EFA33-3CBA-4D48-A37F-EAA5C3B85EAC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5BDC7800-C619-4DAF-9158-04EC99DFB02E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{1FA56378-6A82-4A35-99DE-8725DADA7EE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B5A22037-BC5A-4720-A169-8A51A0B6DD94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{B628FD1B-686E-4D16-9BD7-3D9B41C5AF98}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [UDP Query User{FAB3A586-55FD-47A4-B4D2-14B68F8DBD70}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe (Mercer Road Corp -> Vivox Inc.)
FirewallRules: [TCP Query User{3C2FA513-AA5A-4427-AEAD-A957A609EA28}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EE6ADDC5-C232-4D80-A82B-0308C9010AD3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CC01A756-2EF1-4FA6-8107-F93433E465E4}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [UDP Query User{F9F90827-647B-4FB0-BDFE-3FE832F4190F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{2BC42FBB-D2D1-472E-A402-80DF6FF7CE8D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A3DAD136-5C10-40B2-82E9-9EABF0FDD43B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D515E2DC-CBE9-4AC9-AE7E-6A2C09A3F619}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE9F8EF1-7E80-44B1-84FB-34D57EFF4F40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{946BCD20-935B-4846-A87B-0C0AF922B447}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/27/2021 03:26:50 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/27/2021 02:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig-0.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.3.9600.20144, time stamp: 0x615be385
Exception code: 0xc0000142
Fault offset: 0x0009d322
Faulting process id: 0xb00
Faulting application start time: 0x01d7e3cb743273f5
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
Faulting module path: KERNELBASE.dll
Report Id: b6effc51-4fbe-11ec-8352-3863bb8eae0e
Faulting package full name:
Faulting package-relative application ID:
Error: (11/27/2021 12:22:52 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/24/2021 11:19:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15407
Error: (11/24/2021 11:19:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15407
Error: (11/24/2021 11:19:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/24/2021 06:24:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 214
Start Time: 01d7e12d83fb2f8e
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 7aee476c-4d21-11ec-8352-3863bb8eae0e
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/24/2021 06:23:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig-44.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.3.9600.20144, time stamp: 0x615be385
Exception code: 0xc0000142
Fault offset: 0x0009d322
Faulting process id: 0x1274
Faulting application start time: 0x01d7e12e1aba332e
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exe
Faulting module path: KERNELBASE.dll
Report Id: 5b2f443e-4d21-11ec-8352-3863bb8eae0e
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/28/2021 11:32:35 AM) (Source: DCOM) (EventID: 10010) (User: MRSJOHNSON)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (11/28/2021 11:30:35 AM) (Source: DCOM) (EventID: 10010) (User: MRSJOHNSON)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
Error: (11/27/2021 12:06:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TimeBroker service.
Error: (11/23/2021 09:57:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The process cannot access the file because it is being used by another process.
Error: (11/23/2021 07:46:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:39:16 PM on 11/23/2021 was unexpected.
Error: (11/23/2021 07:40:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
Error: (11/23/2021 07:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPWMISVC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (11/23/2021 07:40:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HPWMISVC service to connect.
Windows Defender:
================
Date: 2021-11-15 11:05:01.426
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-07 07:45:24.149
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-11-07 06:57:34.879
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
Date: 2021-11-07 06:50:39.859
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
Date: 2021-11-07 06:50:26.468
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.B
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Annette\Desktop\FRST-OlderVersion\FRST64.exe;file:_C:\Users\Annette\Desktop\New folder\FRST64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\sdiagnhost.exe
Signature Version: AV: 1.325.1359.0, AS: 1.325.1359.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.17500.4, NIS: 2.1.14600.4
Event[0]:
Date: 2021-11-23 20:23:21.609
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 119.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14600.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2021-11-23 20:23:18.656
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2021-11-23 20:23:17.109
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2021-11-23 20:23:05.343
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.353.1331.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2021-11-23 20:23:05.343
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.353.1331.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
==================== Memory info ===========================
BIOS: Insyde F.33 08/04/2015
Motherboard: Hewlett-Packard 2330
Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3554.01 MB
Available physical RAM: 1016.32 MB
Total Virtual: 5986.01 MB
Available Virtual: 2797.44 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:677.63 GB) (Free:338.48 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.99 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{f0d011a2-f7dc-43a9-8b7c-0875843c6a46}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A9A16C4F)
Partition: GPT.
==================== End of Addition.txt =======================
#25
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 28 November 2021 - 04:58 PM
I'm still not seeing anything nefarious.
There is always the chance that something in your outdated operating system has scrambled. Obviously you know you are still running Windows 8 and the newest version is Windows 11. Let's try running this program that will help get Windows to repair istself.
Windows Repair (all in one) from here
or from - Download Windows Repair All-In-One (Portable Version) from here.
- Extract tweaking.com_windows_repair_aio.zip to your Desktop.
- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on 
and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)
- A window will appear. Click Step 2.
- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.
- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.
- Go to Step 3, then click Check in the See If Check Disk Is Needed.
- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
- Go to Step 4, then click Do It.
- Go to Step 5. Under System Restore click Create.
- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#26
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 04 December 2021 - 04:07 PM
I'm on Step 3 now.
#27
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 04 December 2021 - 11:19 PM
Thanks for letting me know.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#28
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 10 December 2021 - 06:02 AM
I apologize for the late response. My family and I caught the flu. I will pick up where I left off at which was at Step 4.
#29
BJ2011
-
- Authentic Member
-
- 151 posts
Authentic Member
Posted 12 December 2021 - 12:24 PM
Hi
I meant to ask if I were supposed to complete through step 5? Or continue through all of the tabs on Repairs/ProFeatures/Settings tab?
Edited by BJ2011, 12 December 2021 - 12:27 PM.
#30
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 12 December 2021 - 09:36 PM
Yes. I would do the backup before doing the repair.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users
