WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Mostly Just Slowing

Started by Zhora , Jun 14 2021 11:18 AM

This topic is locked

11 replies to this topic

#1 Zhora

Authentic Member

Authentic Member
96 posts

Posted 14 June 2021 - 11:18 AM

Computer is a i3-7100 3.9 Ghz 64 bit CPU with 8 gigs of RAM running Win 10. Updated as of yesterday, and today's updates are paused because I want to find out if something other than Windows is slowing my machine and I have an issue with M$ sending me automatic updates I don't need (I don't have Office but got a lot of those, and where the hell did they put the option to 'ask first' before downloading?? Grr!). Thank you guys ahead of time, because you're always awesome.

FRST:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{5d7c2cd5-9a75-1ac5-6245-118f1c411193}: [NameServer] 103.86.96.100,103.86.99.100
Tcpip\..\Interfaces\{96261aef-7f26-4ba9-8265-2890925fc27a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3a33dce-e272-417f-a7ed-aedd9a34a38e}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-14]
Edge HomePage: Default -> hxxps://www.twinspires.com/
Edge StartupUrls: Default -> "hxxps://www.twinspires.com/","hxxps://www.truenicks.com/","hxxps://myracehorse.com/","chrome-extension://bbcinlkgjjkejfdpemiealijmmooekmp/vault.html"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-06-11]
Edge Extension: (DuckDuckGo) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-05-17]
Edge Extension: (Avast Online Security) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-02-18]
Edge Extension: (uBlock Origin) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-11]

FireFox:
========
FF DefaultProfile: a7pntyse.default
FF DefaultProfile: lwl3wtl5.default
FF DefaultProfile: pmab3smd.default
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default [2020-11-14]
FF Homepage: Waterfox\Profiles\a7pntyse.default -> hxxp://forecast.weather.gov/MapClick.php?lat=48.759545508000485&lon=-122.48821576799969&site=all&smap=1#.WoodwX5S1PZ
FF Extension: (Google Data Compression Proxy for Firefox) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\@datacompressorforfirefox.xpi [2018-04-28] [Legacy]
FF Extension: (Classic Add-ons Archive) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\ca-archive@Off.JustOff.xpi [2019-03-05] [Legacy] [not signed]
FF Extension: (FireSSH) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\firessh@nightlight.ws [2018-02-18] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-11-14]
FF Extension: (PlayFlash 64bit) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\playflash64@xpi [2018-07-18] [Legacy]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\support@lastpass.com.xpi [2020-11-14]
FF Extension: (uBlock Origin) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\uBlock0@raymondhill.net.xpi [2020-10-04]
FF Extension: (Adobe Shockwave Flash Player) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{42baa93e-0cff-4289-b79e-6ae88df668c4}.xpi [2018-03-04]
FF Extension: (Make America Kittens Again) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{47c21db3-b82d-485d-b06d-dd70de414242}.xpi [2018-07-07]
FF Extension: (Skype Web Messenger) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{a0a8c450-9654-45ca-ac12-bd7653809f03}.xpi [2018-05-11]
FF Extension: (FireFTP) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2018-02-18] [Legacy]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-08-31]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default [2021-06-13]
FF Extension: (DOM Inspector) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\inspector@mozilla.org.xpi [2020-12-22] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2020-12-22] [Legacy] [not signed]
FF Extension: (FireFTP) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2020-12-17] [Legacy]
FF Extension: (Lightning) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi [2020-12-22] [Legacy] [not signed]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default [2020-02-25]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default\Extensions\sp@avast.com.xpi [2019-02-13]
FF Extension: (Avast Online Security) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default\Extensions\wrc@avast.com.xpi [2018-06-22]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release [2021-06-14]
FF Homepage: Mozilla\Firefox\Profiles\e5t0tgdt.default-release -> hxxps://forecast.weather.gov/MapClick.php?CityName=Bellingham&state=WA&site=SEW&textField1=48.7597&textField2=-122.487&e=0
FF NetworkProxy: Mozilla\Firefox\Profiles\e5t0tgdt.default-release -> type", 0
FF Extension: (Privacy Badger) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-06-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\support@lastpass.com.xpi [2021-05-06]
FF Extension: (uBlock Origin) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-05]
FF Extension: (uMatrix) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\uMatrix@raymondhill.net.xpi [2020-05-10]
FF Extension: (Avast Online Security) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\wrc@avast.com.xpi [2021-02-17]
FF Extension: (NoScript) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-05-20]
FF Extension: (Decepticon theme) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\{8f70ac5c-f6db-4d36-b511-d1ad8484fab1}.xpi [2021-06-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-11-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-09] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Extension: (Slides) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (Docs) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-08-13]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-08-16]
CHR Extension: (YouTube) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-07-04]
CHR Extension: (Acorns Found Money) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\facncfnojagdpibmijfjdmhkklabakgd [2020-04-09]
CHR Extension: (Sheets) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-15]
CHR Extension: (Avast Online Security) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-03]
CHR Extension: (Skype) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7879704 2021-03-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621608 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [352480 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56904 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-06-14] (Adlice -> )
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2748392 2018-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2814768 2018-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.4-0\NisSrv.exe [3304992 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.4-0\MsMpEng.exe [103168 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-10-05] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-22] (TEFINCOM S.A. -> )
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-04-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-06-14] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394464 2020-04-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64736 2020-04-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-19] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-14 09:26 - 2021-06-14 09:28 - 000020283 _____ C:\Users\Me!\Desktop\FRST.txt
2021-06-14 09:21 - 2021-06-14 09:21 - 002300416 _____ (Farbar) C:\Users\Me!\Desktop\FRST64.exe
2021-06-14 08:53 - 2021-06-14 08:53 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-06-14 08:40 - 2021-06-14 08:40 - 000011453 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-11 14:51 - 2021-06-11 14:51 - 000000000 ____D C:\Program Files (x86)\MSECache
2021-06-11 08:02 - 2021-06-11 08:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-11 08:02 - 2021-06-11 08:02 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-11 08:01 - 2021-06-11 08:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-11 08:01 - 2021-06-11 08:01 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-11 08:01 - 2021-06-11 08:01 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-11 08:00 - 2021-06-11 08:00 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-11 08:00 - 2021-06-11 08:00 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-11 08:00 - 2021-06-11 08:00 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-11 08:00 - 2021-06-11 08:00 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-11 07:59 - 2021-06-11 07:59 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-11 07:59 - 2021-06-11 07:59 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-11 07:58 - 2021-06-11 07:58 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-11 07:58 - 2021-06-11 07:58 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-11 07:58 - 2021-06-11 07:58 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-11 07:57 - 2021-06-11 07:57 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-11 07:57 - 2021-06-11 07:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-11 07:57 - 2021-06-11 07:57 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-02 14:10 - 2021-06-03 06:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-06-02 06:09 - 2021-06-02 06:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-01 19:52 - 2021-06-05 09:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-28 21:54 - 2021-05-15 11:31 - 000453884 ____R C:\WINDOWS\hosts.20210528-215430.backup
2021-05-27 15:16 - 2021-05-27 15:16 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-05-24 19:02 - 2021-05-24 19:02 - 013875488 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2021-05-15 11:31 - 2021-05-10 10:27 - 000453884 ____R C:\WINDOWS\hosts.20210515-113147.backup

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-14 09:28 - 2020-04-11 14:42 - 000053067 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-06-14 09:28 - 2018-02-19 00:18 - 000088609 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-14 09:27 - 2018-06-22 21:44 - 000000000 ____D C:\Users\Me!\AppData\Local\AVAST Software
2021-06-14 09:27 - 2018-04-09 13:11 - 000000000 ____D C:\FRST
2021-06-14 09:21 - 2018-02-18 12:18 - 000000000 ____D C:\Users\Me!\AppData\LocalLow\Mozilla
2021-06-14 09:08 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-14 09:00 - 2020-06-04 12:56 - 000937250 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-14 09:00 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-14 08:59 - 2019-11-09 11:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-14 08:57 - 2018-02-19 00:06 - 000000000 ____D C:\Program Files\CCleaner
2021-06-14 08:54 - 2018-02-18 04:37 - 000000000 __SHD C:\Users\Me!\IntelGraphicsProfiles
2021-06-14 08:53 - 2020-06-04 13:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-14 08:53 - 2020-06-04 12:44 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-14 08:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-14 08:51 - 2019-12-07 02:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2021-06-14 08:45 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-14 08:44 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-14 07:55 - 2020-06-04 12:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-14 07:05 - 2018-05-15 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-06-14 07:05 - 2018-05-15 10:59 - 000000000 ____D C:\Program Files\RogueKiller
2021-06-14 07:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-13 07:11 - 2020-06-04 13:08 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-12 20:43 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-12 17:22 - 2020-08-08 07:58 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-12 17:22 - 2020-08-08 07:58 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-12 17:22 - 2020-08-08 07:58 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-12 16:28 - 2021-01-24 08:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-11 21:57 - 2020-10-05 17:20 - 000000000 ____D C:\Users\Me!\AppData\Local\AMSDK
2021-06-11 15:11 - 2018-03-26 00:16 - 000000000 ____D C:\Users\Me!\AppData\Roaming\Jarte
2021-06-11 14:52 - 2017-10-14 10:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-11 10:45 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-11 10:38 - 2020-06-04 12:44 - 000438112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-11 10:32 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-10 06:34 - 2018-02-18 02:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-10 06:33 - 2018-02-18 02:11 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-09 23:15 - 2020-06-04 13:08 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-09 06:28 - 2021-04-25 07:49 - 000001805 _____ C:\Users\Me!\Desktop\NordVPN.lnk
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\Users\Me!\AppData\Local\NordVPN
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\ProgramData\NordVPN
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\Program Files\NordVPN
2021-06-08 22:17 - 2018-10-03 14:38 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-05 09:39 - 2018-04-03 19:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-05 09:38 - 2018-02-18 11:54 - 000000000 ____D C:\ProgramData\AVAST Software
2021-06-04 23:31 - 2020-10-25 07:33 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6aadb62406a63
2021-06-04 23:31 - 2020-10-05 17:21 - 000002500 _____ C:\WINDOWS\system32\Tasks\AMHelper
2021-06-04 23:31 - 2020-08-08 07:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-04 23:31 - 2020-08-08 07:58 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-04 23:31 - 2020-06-04 13:08 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-04 23:31 - 2020-06-04 13:08 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-04 23:31 - 2020-06-04 13:08 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-04 23:31 - 2020-06-04 13:08 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-06-04 23:31 - 2020-06-04 13:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-03 06:47 - 2018-02-18 12:18 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-02 06:09 - 2018-04-06 02:06 - 000002965 _____ C:\WINDOWS\wininit.ini
2021-06-02 06:08 - 2019-11-09 11:32 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-01 16:41 - 2017-10-14 11:52 - 000000000 ____D C:\ProgramData\Intel
2021-05-27 07:18 - 2018-02-18 11:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-27 07:18 - 2018-02-18 11:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-27 07:18 - 2018-02-18 11:48 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-25 07:48 - 2021-01-24 08:22 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2021-01-24 08:22 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-24 19:02 - 2010-02-07 10:19 - 000000000 ____D C:\swsetup
2021-05-24 19:01 - 2019-12-20 14:38 - 007865696 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelWLANdriver.dll
2021-05-24 16:07 - 2018-03-21 14:50 - 000000000 ____D C:\Users\Me!\AppData\Local\ElevatedDiagnostics
2021-05-23 22:09 - 2018-03-25 23:08 - 000000000 ____D C:\ProgramData\TEMP
2021-05-19 10:17 - 2018-03-26 00:15 - 000001055 _____ C:\Users\Public\Desktop\Jarte.lnk
2021-05-19 10:17 - 2018-03-26 00:15 - 000001055 _____ C:\ProgramData\Desktop\Jarte.lnk
2021-05-19 10:17 - 2018-03-26 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jarte
2021-05-19 10:17 - 2018-03-26 00:15 - 000000000 ____D C:\Program Files (x86)\Jarte
2021-05-15 09:20 - 2020-11-24 09:01 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-15 09:20 - 2020-08-29 12:11 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-15 09:20 - 2019-07-07 21:04 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-15 09:20 - 2019-07-07 21:04 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-15 09:19 - 2019-07-07 21:04 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories ========

2020-08-09 23:05 - 2020-08-09 23:05 - 000000256 _____ () C:\Users\Me!\AppData\Local\PUTTY.RND
2021-04-12 20:06 - 2021-04-12 20:06 - 000000856 _____ () C:\Users\Me!\AppData\Local\recently-used.xbel
2018-06-08 10:22 - 2018-06-08 10:22 - 000000017 _____ () C:\Users\Me!\AppData\Local\resmon.resmoncfg
2021-01-20 08:11 - 2021-01-20 08:11 - 000000000 _____ () C:\Users\Me!\AppData\Local\{052D7D69-4E00-410B-B15C-D89FACE3BF73}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2021
Ran by Me! (14-06-2021 09:30:51)
Running from C:\Users\Me!\Desktop
Windows 10 Home Version 20H2 19042.1055 (X64) (2020-06-04 20:10:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3778126099-3402256936-1862990622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3778126099-3402256936-1862990622-503 - Limited - Disabled)
Guest (S-1-5-21-3778126099-3402256936-1862990622-501 - Limited - Disabled)
Me! (S-1-5-21-3778126099-3402256936-1862990622-1001 - Administrator - Enabled) => C:\Users\Me!
WDAGUtilityAccount (S-1-5-21-3778126099-3402256936-1862990622-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Adobe Illustrator 10 (HKLM-x32\...\{412033BC-44CF-48D9-B813-4B835101F4D3}) (Version: 10 - Adobe Systems, Inc.)
Adobe Photoshop 7.0.1 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
Amazon Music (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Amazon Amazon Music) (Version: 7.5.0.1823 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.246 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.32.524306.1703416 - Audible, Inc.)
AudibleSync (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\AudibleSync) (Version: 1.8.5 - Audible Inc)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.81 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Easy Photo Scan (HKLM-x32\...\{41BDB1C2-0950-4F9A-8586-95B2B9BAE9D7}) (Version: 1.00.0011 - Seiko Epson Corporation)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version: - SEIKO EPSON Corporation)
Epson XP-520 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-520 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inkscape 0.92.5 (HKLM-x32\...\Inkscape) (Version: 0.92.5 - Inkscape Project)
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1004 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1841.2 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Jarte Plus (HKLM-x32\...\Jarte_is1) (Version: 6.2 - Carolina Road Software L.L.C.)
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Malwarebytes version 4.3.3.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.3.116 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
Mudlet (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Mudlet) (Version: 3.15.0 - Mudlet Makers)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.37.3.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31237 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RogueKiller version 15.0.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.1.0 - Adlice Software)
SeaMonkey 2.53.5.1 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.53.5.1 (x86 en-US)) (Version: 2.53.5.1 - Mozilla)
SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Stardust Screen Saver Control 2.1.60 (HKLM-x32\...\Stardust Screen Saver Control 2.1.60_is1) (Version: - Stardust Software)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.6.0.162 - Seagate)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Viking Kittens Screen Saver (HKLM-x32\...\Viking Kittens) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
Waterfox Classic 56.3 (x64 en-US) (HKLM\...\Waterfox Classic 56.3 (x64 en-US)) (Version: 56.3 - Waterfox Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Zemana AntiMalware version 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)
zMUD 7.21.0.0 (HKLM-x32\...\zMUD) (Version: 7.21.0.0 - Zugg Software)
Zoom (HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.60.0_x64__pwbj9vvecjh7j [2021-05-07] (Amazon Development Centre (London) Ltd)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-05-07] (Audible Inc)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2017-10-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-05-07] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.13.0_neutral__8xx8rvfyw5nnt [2021-05-07] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-05-07] (Microsoft Studios) [MS Ad]
myEvents+ -> C:\Program Files\WindowsApps\47054NKsoft.myEvents_1.1.6.0_x64__qv26zcc6ec1jt [2018-09-20] (NKsoft)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-05-07] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-05-07] (Random Salad Games LLC)
Zenkit -> C:\Program Files\WindowsApps\Zenkit.Zenkit_2.1.6.0_x64__1pr9t28frmx4j [2021-05-07] (Zenkit)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-02-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-02-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-02-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-02-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_246.dll [2019-03-30] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxDTCM.dll [2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-02-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-06-11 13:22 - 2021-06-11 13:22 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\9275694ef5dda2697a5951889d0a4a16\BRIDGECommon.ni.dll
2021-06-05 16:23 - 2021-06-05 16:23 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\14e8c310136b198ddead5f8cc8d96f05\BridgeExtension.ni.dll
2021-06-05 16:23 - 2021-06-05 16:23 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\3cd4b93358ada708da2214ce671a1365\CleanStartController.ni.dll
2021-06-05 16:23 - 2021-06-05 16:23 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\f5c232e52f2560a8c9c4660552dd82f5\CommonPortable.ni.dll
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA [360]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\123simsen.com -> www.123simsen.com

There are 7947 more sites.

2018-03-31 13:50 - 2021-04-23 12:47 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\RogueKiller;;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\PuTTY\
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\Control Panel\Desktop\\Wallpaper -> G:\OthersArt\Transformers\MiscArtists\BW_WP010.jpg
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\StartupApproved\Run: => "Amazon Music"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38EABB76-B2EE-41AB-B861-5A723CC953E9}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Waterfox)
FirewallRules: [{639EE7FA-3E26-4EF4-A08F-8DA861EBC6FC}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Limited -> Waterfox)
FirewallRules: [{7D90C1EA-2701-432A-912F-A8DD9EFEE1BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BB10C36-1482-4D09-945C-D355572C3BC4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A7C2D0B3-4B04-459E-A69D-A49FA320D924}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{D966B281-C80F-4B0D-AE0B-3222A349FB12}C:\users\me!\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\me!\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{C3AD4507-3007-49FC-BAF7-B9AC80C33C0C}C:\users\me!\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\me!\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)
FirewallRules: [TCP Query User{6796A265-A5B6-424E-A129-1D46CF5A9C9B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{8B26D9A7-9BC6-4F21-9A8C-4861B3383913}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{C2732467-9D2B-4609-8C43-719A768BD0AC}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9EB9FD3A-36AE-4366-87A3-AF5B96B8C95E}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{85A59B34-D8BF-4684-A4FF-89A8AA8F0E4B}] => (Allow) C:\Users\Me!\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9566BF28-2B2A-4FBA-880A-DA7904FD8DE1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ECF172F9-E8CC-4309-BFA8-DC85EAF6D805}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5BCF98BB-CC11-49B8-A445-2EAE61B22ED6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EC3401B-4BFB-42F5-9F80-DB56F8670B83}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0CBEE3B-5171-412C-A7C6-8315FA7D4EE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{334EFD98-9F03-4F0D-989E-43A65D4FE17D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-05-2021 08:21:30 Windows Update
05-06-2021 09:54:19 Windows Modules Installer
11-06-2021 07:01:57 Windows Modules Installer
11-06-2021 07:21:12 Windows Modules Installer
11-06-2021 14:51:47 Installed Compatibility Pack for the 2007 Office system
14-06-2021 07:49:46 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (06/13/2021 10:49:05 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3778126099-3402256936-1862990622-1001}/">.

Error: (06/12/2021 09:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15704

Error: (06/12/2021 09:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15704

Error: (06/12/2021 09:11:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2021 08:58:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3778126099-3402256936-1862990622-1001}/">.

Error: (06/12/2021 10:42:58 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/12/2021 10:42:58 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/11/2021 11:07:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15672

System errors:
=============
Error: (06/14/2021 09:30:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:56:25 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:54:55 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:54:22 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:53:14 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:51:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (06/14/2021 08:48:50 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/14/2021 08:48:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Windows Defender:
================
Date: 2021-01-19 07:35:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1456.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-01-19 07:35:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1456.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-01-19 07:35:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1456.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-01-19 07:35:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1456.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-01-19 07:35:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1456.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-06-14 09:01:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.45 06/29/2020
Motherboard: HP 82F2
Processor: Intel® Core™ i3-7100 CPU @ 3.90GHz
Percentage of memory in use: 67%
Total physical RAM: 8071.56 MB
Available physical RAM: 2610.6 MB
Total Virtual: 9991.56 MB
Available Virtual: 3907.44 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.72 GB) (Free:401.99 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.56 GB) (Free:1.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked)

\\?\Volume{ae9351fc-ad09-4828-b129-adc1eea1d4d7}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{775739fd-bbb8-4130-bd87-0fc263fc5858}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6F9DD808)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 6FB8D794)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 June 2021 - 04:18 PM

Have you had MalwareBytes and Zemena for a good while together?, working as they should?
I also saw that Windows Dender was trying to connect to search for current virus updates but couldn't connect to the server.

You ran a RogueKiller scan recently?, can you find and post that log if anything was found?

I did see a few things we could tidy up and remove but the entire FRST log wasn't showing but, first let's run another scan.

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

AdwCleaner log
Mbam.txt

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Zhora

Authentic Member

Authentic Member
96 posts

Posted 17 June 2021 - 04:58 PM

MBAM and Zemana aren't set to run automatically, just whenever I decide to use their scans as backup for Avast which does run all the time, so they're fine with eachother. RogueKiller was updated and run 3 days ago, before I made this topic, and came up with nothing. I don't know what happened with the FRST log, I thought I copied and pasted the whole thing correctly - do you need me to redo it? No idea why Windows Defender might not be able to update - could it be having trouble with my VPN? Or more likely my settings, because I hate having updates be automatic and of course M$ loves them to be always on.

ADW:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-17-2021
# Duration: 00:00:22
# OS:       Windows 10 Home
# Cleaned: 6
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1281 octets] - [23/04/2018 09:16:10]
AdwCleaner[C00].txt - [1368 octets] - [23/04/2018 09:18:01]
AdwCleaner[S01].txt - [1364 octets] - [17/06/2018 08:46:58]
AdwCleaner[S02].txt - [1425 octets] - [19/06/2018 19:48:59]
AdwCleaner[S03].txt - [1486 octets] - [24/06/2018 10:00:04]
AdwCleaner[C03].txt - [1672 octets] - [24/06/2018 10:01:13]
AdwCleaner[S04].txt - [25814 octets] - [22/07/2018 23:39:02]
AdwCleaner[C04].txt - [22813 octets] - [23/07/2018 00:30:42]
AdwCleaner[S05].txt - [25938 octets] - [05/08/2018 11:46:03]
AdwCleaner[C05].txt - [22937 octets] - [05/08/2018 11:47:39]
AdwCleaner[S06].txt - [1856 octets] - [10/08/2018 09:58:15]
AdwCleaner[C06].txt - [2042 octets] - [10/08/2018 09:59:07]
AdwCleaner_Debug.log - [561974 octets] - [10/08/2018 10:02:34]
AdwCleaner[S07].txt - [2079 octets] - [12/08/2018 00:44:12]
AdwCleaner[C07].txt - [2227 octets] - [12/08/2018 00:44:31]
AdwCleaner[S08].txt - [2163 octets] - [12/08/2018 19:26:07]
AdwCleaner[S09].txt - [26430 octets] - [27/08/2018 00:01:28]
AdwCleaner[C09].txt - [23430 octets] - [27/08/2018 00:01:49]
AdwCleaner[S10].txt - [26555 octets] - [01/09/2018 08:57:36]
AdwCleaner[C10].txt - [23554 octets] - [01/09/2018 08:58:15]
AdwCleaner[S11].txt - [2850 octets] - [01/09/2018 09:01:41]
AdwCleaner[C11].txt - [2980 octets] - [01/09/2018 09:01:55]
AdwCleaner[S12].txt - [2595 octets] - [01/09/2018 09:06:47]
AdwCleaner[S13].txt - [3420 octets] - [08/09/2018 01:23:32]
AdwCleaner[C13].txt - [3496 octets] - [08/09/2018 01:23:46]
AdwCleaner[S14].txt - [3530 octets] - [19/09/2018 04:45:48]
AdwCleaner[C14].txt - [3606 octets] - [19/09/2018 04:46:05]
AdwCleaner[S15].txt - [2896 octets] - [19/09/2018 04:50:03]
AdwCleaner[S16].txt - [3008 octets] - [26/09/2018 23:35:52]
AdwCleaner[C16].txt - [3156 octets] - [26/09/2018 23:37:32]
AdwCleaner[S17].txt - [3091 octets] - [06/10/2018 09:30:38]
AdwCleaner[C17].txt - [3277 octets] - [06/10/2018 09:30:50]
AdwCleaner[S18].txt - [3213 octets] - [06/10/2018 09:34:39]
AdwCleaner[S19].txt - [3274 octets] - [21/10/2018 10:02:29]
AdwCleaner[C19].txt - [3460 octets] - [21/10/2018 10:02:42]
AdwCleaner[S20].txt - [3396 octets] - [27/10/2018 10:26:25]
AdwCleaner[C20].txt - [3582 octets] - [27/10/2018 10:26:44]
AdwCleaner[S21].txt - [3518 octets] - [16/11/2018 20:35:13]
AdwCleaner[C21].txt - [3704 octets] - [16/11/2018 20:35:56]
AdwCleaner[S22].txt - [3640 octets] - [30/11/2018 14:34:06]
AdwCleaner[C22].txt - [3996 octets] - [30/11/2018 14:34:47]
AdwCleaner[S23].txt - [3762 octets] - [30/11/2018 14:39:03]
AdwCleaner[C23].txt - [4118 octets] - [30/11/2018 14:39:18]
AdwCleaner[S24].txt - [3884 octets] - [08/12/2018 13:47:38]
AdwCleaner[C24].txt - [4240 octets] - [08/12/2018 13:48:32]
AdwCleaner[S25].txt - [4006 octets] - [17/12/2018 11:18:24]
AdwCleaner[C25].txt - [4362 octets] - [17/12/2018 11:18:58]
AdwCleaner[S26].txt - [4128 octets] - [27/12/2018 21:58:58]
AdwCleaner[C26].txt - [4484 octets] - [27/12/2018 21:59:32]
AdwCleaner[S27].txt - [4250 octets] - [13/02/2019 12:11:56]
AdwCleaner[S28].txt - [9500 octets] - [17/06/2021 15:14:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C28].txt ##########

MBAM:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/17/21
Scan Time: 3:21 PM
Log File: 5b33c5f2-cfba-11eb-a417-18602474aeac.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.41845
License: Free

-System Information-
OS: Windows 10 (Build 19042.1055)
CPU: x64
File System: NTFS
User: Vector\Me!

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 331790
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 21 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 17 June 2021 - 05:24 PM

I don't know what happened with the FRST log

Thats OK we'll just run and post a new one.
The first one you posted really didn't show anything along the line of malware but we'll check again.
Just make sure to copy and paste each page totally.

No idea why Windows Defender might not be able to update - could it be having trouble with my VPN

Yes and no, I'll try to locate errors to see if IP is throwing out issues.

Please download Emsisoft Emergency Kit and save it to your desktop.

Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.

.
When asked to run an online update, click Yes.

.
When the update is finished, click the Back to Security Status link in the left corner.
On the main screen click the Scan PC button.
Select Smart Scan, then click the Scan button.
When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.

.
Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
Copy and paste the contents of that logfile in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

Post both logs when finished.

#5 Zhora

Authentic Member

Authentic Member
96 posts

Posted 18 June 2021 - 08:19 AM

Okay, there's a problem with getting Emsisoft Emergency Kit. I get this error and it won't even let me download it, let alone run it:

C:\Users\Me!\AppData\Local\Temp\DUysN5ne.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

Here's the full FRST log, too:

--Zhora

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 18 June 2021 - 09:52 AM

C:\Users\Me!\AppData\Local\Temp\DUysN5ne.exe.part could not be saved, because the source file could not be read.

an unstable internet connection or the connection between your computer the source server. So check that your Internet connection is not at fault.
Or Switch to another browser.

I'm still not getting a complete log from FRST
Quite a bit of the header is missing as by examples below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021 <== would show date run and version you have
Ran by young (administrator) on LAPTOP-6R6IN514 (HP HP Laptop 15-dw0xxx) (05-05-2021 15:28:25) would show your user name
Running from C:\Users\your name here\Downloads <== where it loaded on your machine
Loaded Profiles: your name here <== which profile was loaded when the scan run
Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================
was missing
==================== Registry (Whitelisted) ===================
was missing
==================== Scheduled Tasks (Whitelisted) ============
was missing

~~~~~~~~~~~~~~~~~~~

We can do a simple FRST fix and let's see if this will continue.

****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA [360]
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post this log in your next reply and also give me an update on how your machine is at the moment.

#7 Zhora

Authentic Member

Authentic Member
96 posts

Posted 20 June 2021 - 03:38 PM

Okay, posting the fixlog AND a new FRST log. Hopefully this time they both work. Avast and Windows Defender were interfering - Avast actually removed FRST as malware. So I temporarily disabled Avast while re-downloading, told Defender to leave it alone, and now here we are. BTW there isn't a 'All Users' option in FRST anymore...or maybe I just missed it.

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Me! (20-06-2021 14:06:17) Run:1
Running from C:\Users\Me!\Desktop
Loaded Profiles: Me!
Boot Mode: Normal
==============================================

fixlist content:
*****************
    CloseProcesses:
    CreateRestorePoint:
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA [360]
    EmptyTemp:
    C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
C:\ProgramData\TEMP => ":359B3BDA" ADS removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\c11085b3-1914-486d-95df-d3fd388ca517.tmp => moved successfully
C:\Windows\Temp\mat-debug-10044.log => moved successfully
C:\Windows\Temp\mat-debug-8276.log => moved successfully
C:\Windows\Temp\mat-debug-828.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8495625 B
Java, Flash, Steam htmlcache => 1155 B
Windows/system/drivers => 172 B
Edge => 3584 B
Chrome => 229376 B
Firefox => 25671342 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 13312 B
NetworkService => 19968 B
Me! => 4425515 B

RecycleBin => 0 B
EmptyTemp: => 47.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 14:08:01 ====

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
Ran by Me! (administrator) on VECTOR (HP HP Pavilion Desktop PC 570-p0xx) (20-06-2021 14:18:52)
Running from C:\Users\Me!\Desktop
Loaded Profiles: Me!
Platform: Windows 10 Home Version 20H2 19042.1055 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINPE.EXE
(Stardust Software) [File not signed] C:\Windows\FSScrCtl.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [116960 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5331376 2018-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINPE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINPE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [Amazon Music Helper] => C:\Users\Me!\AppData\Local\Amazon Music\Amazon Music Helper.exe [2385336 2019-06-26] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [Amazon Music] => C:\Users\Me!\AppData\Local\Amazon Music\Amazon Music.exe********깚坕㟶蠀C:\Users\Me!\AppData\Roaming\Microsoft\Windows\Libraries***
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3778126099-3402256936-1862990622-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Mozilla Firefox\firefox.exe -os-restarted -url hxxps://adlice.com/download/roguekiller/?utm_campaign=roguekiller&utm_source=soft&utm_medium=btn
HKLM\...\Print\Monitors\EPSON XP-520 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBNPE.DLL [179712 2013-12-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\stkMonitor: C:\WINDOWS\system32\stkMonitor.dll [104624 2019-03-30] (Amazon Services LLC -> Amazon.com, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.106\Installer\chrmstp.exe [2021-06-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2018-02-18]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screen Saver Control.lnk [2018-03-01]
ShortcutTarget: Screen Saver Control.lnk -> C:\Windows\FSScrCtl.exe (Stardust Software) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F47AC1-CAEA-4A23-A80A-52658D7AFBD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {070A49DE-BA40-4D5F-B3A1-92C06B37D8ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {14137D31-DFE0-40A5-AE8B-0CA4908DDA11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {1BCC53CF-FE23-46A5-B81C-5FCE6B3BDF23} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Me!\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {1D7EE327-8E6A-40A4-BD9B-16B2F06BC850} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {22E2FCF5-EC2B-49C0-8149-6E7D8E53C038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-18] (Google Inc -> Google Inc.)
Task: {2AA27007-233A-4796-AD3F-7B9571B74A68} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3778126099-3402256936-1862990622-1001 => C:\Users\Me!\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {30AB110F-4567-4CFC-9FDC-73350CD19547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {33F70CFA-A4D0-4D23-865B-53B245C26746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {3B9A3480-B731-45C9-861E-CA8BFC260B5A} - System32\Tasks\{27863660-B96B-4021-B897-0CE42A072E2B} => c:\program files\waterfox\waterfox.exe [488696 2020-10-04] (Waterfox Limited -> Waterfox)
Task: {62348BEB-7931-4188-AA17-50931998F448} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {758EF586-C490-4F9C-A5F6-82F8B82C51F5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {789F04BF-912D-4BC4-8CF5-5268844F4474} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {797D52D4-A7BF-48DC-B5A5-A1E55991C1D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7BBF7B08-4AE2-4CA2-B89A-C4F3DDA6C5F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {7D7B2EC4-9E9D-4744-838C-4EF98B85C523} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {81EEED48-D192-403C-B82E-3EEF3A3A9D32} - System32\Tasks\EPSON XP-520 Series Update {69B71E50-2CD1-4A36-94E1-BF9AD88D05B8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {90EDD28D-B4D7-4C8B-B455-3D561C264564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-18] (Google Inc -> Google Inc.)
Task: {91DAEC48-8797-4257-B796-D4761C144A69} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-05-12] (HP Inc. -> )
Task: {A79695A1-7F3F-4107-AABA-463E245AC51B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {A7FBBC79-2BB5-489F-A164-03EA5501D57D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-09] (Adobe Inc. -> Adobe)
Task: {AC6BD8E5-6284-4913-93D4-3E2A48F97A8F} - System32\Tasks\EPSON XP-520 Series Update {612575A9-F8C3-44F6-AC79-49723821AB44} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {B8852B0A-CD3A-4C54-A05E-DD88C5968B5E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-16] (Piriform Software Ltd -> Piriform)
Task: {B921F5BA-F3A6-42EF-BAA8-BA5C034F4162} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {BE4F78EF-4EC0-4B99-A363-1766E911EE00} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-04-07] (HP Inc. -> HP Inc.)
Task: {C1B89686-5E91-412B-A7D5-449687ED9650} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AMHelper" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d6aadb62406a63" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {C92DF144-3DDD-4217-8247-60416E778BCF} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {D19C26D2-901C-4F6F-A6AE-947D64DB6A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [352368 2021-05-17] (HP Inc. -> HP Inc.)
Task: {D303E659-9047-411C-8F25-64A191ADB934} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4682976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
Task: {DD5F27A7-77F9-49DB-94C4-9B95BD75999C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {E6DAE1EE-26A6-4C40-8241-8B7E2BF37443} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {FAD11FDD-ED71-4544-8CBF-F94927052CDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {612575A9-F8C3-44F6-AC79-49723821AB44}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE:/EXE:{612575A9-F8C3-44F6-AC79-49723821AB44} /F:UpdateWORKGROUP\VEEECTOR$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {69B71E50-2CD1-4A36-94E1-BF9AD88D05B8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE:/EXE:{69B71E50-2CD1-4A36-94E1-BF9AD88D05B8} /F:UpdateWORKGROUP\VEEECTOR$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{5d7c2cd5-9a75-1ac5-6245-118f1c411193}: [NameServer] 103.86.96.100,103.86.99.100
Tcpip\..\Interfaces\{96261aef-7f26-4ba9-8265-2890925fc27a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b3a33dce-e272-417f-a7ed-aedd9a34a38e}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-20]
Edge HomePage: Default -> hxxps://www.twinspires.com/
Edge StartupUrls: Default -> "hxxps://www.twinspires.com/","hxxps://www.truenicks.com/","hxxps://myracehorse.com/","chrome-extension://bbcinlkgjjkejfdpemiealijmmooekmp/vault.html"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2021-06-11]
Edge Extension: (DuckDuckGo) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-06-15]
Edge Extension: (Avast Online Security) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-02-18]
Edge Extension: (uBlock Origin) - C:\Users\Me!\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-11]

FireFox:
========
FF DefaultProfile: a7pntyse.default
FF DefaultProfile: lwl3wtl5.default
FF DefaultProfile: pmab3smd.default
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default [2020-11-14]
FF Homepage: Waterfox\Profiles\a7pntyse.default -> hxxp://forecast.weather.gov/MapClick.php?lat=48.759545508000485&lon=-122.48821576799969&site=all&smap=1#.WoodwX5S1PZ
FF Extension: (Google Data Compression Proxy for Firefox) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\@datacompressorforfirefox.xpi [2018-04-28] [Legacy]
FF Extension: (Classic Add-ons Archive) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\ca-archive@Off.JustOff.xpi [2019-03-05] [Legacy] [not signed]
FF Extension: (FireSSH) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\firessh@nightlight.ws [2018-02-18] [Legacy]
FF Extension: (Privacy Badger) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-11-14]
FF Extension: (PlayFlash 64bit) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\playflash64@xpi [2018-07-18] [Legacy]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\support@lastpass.com.xpi [2020-11-14]
FF Extension: (uBlock Origin) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\uBlock0@raymondhill.net.xpi [2020-10-04]
FF Extension: (Adobe Shockwave Flash Player) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{42baa93e-0cff-4289-b79e-6ae88df668c4}.xpi [2018-03-04]
FF Extension: (Make America Kittens Again) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{47c21db3-b82d-485d-b06d-dd70de414242}.xpi [2018-07-07]
FF Extension: (Skype Web Messenger) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{a0a8c450-9654-45ca-ac12-bd7653809f03}.xpi [2018-05-11]
FF Extension: (FireFTP) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2018-02-18] [Legacy]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Me!\AppData\Roaming\Waterfox\Profiles\a7pntyse.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-08-31]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default [2021-06-19]
FF Extension: (DOM Inspector) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\inspector@mozilla.org.xpi [2020-12-22] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2020-12-22] [Legacy] [not signed]
FF Extension: (FireFTP) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2020-12-17] [Legacy]
FF Extension: (Lightning) - C:\Users\Me!\AppData\Roaming\Mozilla\SeaMonkey\Profiles\lwl3wtl5.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi [2020-12-22] [Legacy] [not signed]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default [2021-06-20]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default\Extensions\sp@avast.com.xpi [2019-02-13]
FF Extension: (Avast Online Security) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\pmab3smd.default\Extensions\wrc@avast.com.xpi [2018-06-22]
FF ProfilePath: C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release [2021-06-20]
FF Homepage: Mozilla\Firefox\Profiles\e5t0tgdt.default-release -> hxxps://forecast.weather.gov/MapClick.php?CityName=Bellingham&state=WA&site=SEW&textField1=48.7597&textField2=-122.487&e=0
FF NetworkProxy: Mozilla\Firefox\Profiles\e5t0tgdt.default-release -> type", 0
FF Extension: (Privacy Badger) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-06-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\support@lastpass.com.xpi [2021-05-06]
FF Extension: (uBlock Origin) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-05-05]
FF Extension: (uMatrix) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\uMatrix@raymondhill.net.xpi [2020-05-10]
FF Extension: (Avast Online Security) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\wrc@avast.com.xpi [2021-02-17]
FF Extension: (NoScript) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-05-20]
FF Extension: (Decepticon theme) - C:\Users\Me!\AppData\Roaming\Mozilla\Firefox\Profiles\e5t0tgdt.default-release\Extensions\{8f70ac5c-f6db-4d36-b511-d1ad8484fab1}.xpi [2021-06-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-11-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-09] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default [2021-06-20]
CHR Extension: (Slides) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (Docs) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-08-13]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-08-16]
CHR Extension: (YouTube) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-07-04]
CHR Extension: (Acorns Found Money) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\facncfnojagdpibmijfjdmhkklabakgd [2020-04-09]
CHR Extension: (Sheets) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-15]
CHR Extension: (Avast Online Security) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-06-03]
CHR Extension: (Skype) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Me!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7879704 2021-03-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621608 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [352480 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56904 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-06-09] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-06-15] (Adlice -> )
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2748392 2018-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2814768 2018-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.4-0\NisSrv.exe [3304992 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.4-0\MsMpEng.exe [103168 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-10-05] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-15] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-22] (TEFINCOM S.A. -> )
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-04-25] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-06-20] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394464 2020-04-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64736 2020-04-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-19] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-20 14:09 - 2021-06-20 14:09 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-06-20 14:06 - 2021-06-20 14:08 - 000006707 _____ C:\Users\Me!\Desktop\Fixlog.txt
2021-06-20 13:47 - 2021-06-20 13:47 - 002300416 _____ (Farbar) C:\Users\Me!\Desktop\FRST64.exe
2021-06-20 13:44 - 2021-06-20 13:44 - 000000000 ___HD C:\$AV_ASW
2021-06-20 13:44 - 2021-06-20 13:44 - 000000000 ____D C:\Users\Me!\Desktop\FRST-OlderVersion
2021-06-18 21:12 - 2021-06-18 21:46 - 000000000 ____D C:\WINDOWS\Minidump
2021-06-17 16:43 - 2021-06-17 16:43 - 000000000 _____ C:\Users\Me!\Desktop\EmsisoftEmergencyKit.exe
2021-06-17 15:19 - 2021-06-17 15:19 - 000005473 _____ C:\Users\Me!\Desktop\AdwCleaner[C28].txt
2021-06-17 15:18 - 2021-06-17 15:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-17 15:10 - 2021-06-17 15:10 - 008534696 _____ (Malwarebytes) C:\Users\Me!\Desktop\adwcleaner_8.2.exe
2021-06-17 08:49 - 2021-06-18 21:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-14 09:30 - 2021-06-20 13:58 - 000044219 _____ C:\Users\Me!\Desktop\Addition.txt
2021-06-14 09:26 - 2021-06-20 14:21 - 000040578 _____ C:\Users\Me!\Desktop\FRST.txt
2021-06-14 08:40 - 2021-06-14 08:40 - 000011453 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-11 14:51 - 2021-06-11 14:51 - 000000000 ____D C:\Program Files (x86)\MSECache
2021-06-11 08:02 - 2021-06-11 08:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-11 08:02 - 2021-06-11 08:02 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-11 08:01 - 2021-06-11 08:01 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-11 08:01 - 2021-06-11 08:01 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-11 08:01 - 2021-06-11 08:01 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-11 08:00 - 2021-06-11 08:00 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-11 08:00 - 2021-06-11 08:00 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-11 08:00 - 2021-06-11 08:00 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-11 08:00 - 2021-06-11 08:00 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-11 07:59 - 2021-06-11 07:59 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-11 07:59 - 2021-06-11 07:59 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-11 07:58 - 2021-06-11 07:58 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-11 07:58 - 2021-06-11 07:58 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-11 07:58 - 2021-06-11 07:58 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-11 07:57 - 2021-06-11 07:57 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-11 07:57 - 2021-06-11 07:57 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-11 07:57 - 2021-06-11 07:57 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-02 14:10 - 2021-06-03 06:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-05-28 21:54 - 2021-05-15 11:31 - 000453884 ____R C:\WINDOWS\hosts.20210528-215430.backup
2021-05-27 15:16 - 2021-05-27 15:16 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-05-24 19:02 - 2021-05-24 19:02 - 013875488 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-20 14:23 - 2020-04-11 14:42 - 000048176 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-06-20 14:23 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-20 14:23 - 2018-02-19 00:18 - 000083868 _____ C:\WINDOWS\ZAM.krnl.trace
2021-06-20 14:20 - 2018-04-09 13:11 - 000000000 ____D C:\FRST
2021-06-20 14:18 - 2018-02-19 00:06 - 000000000 ____D C:\Program Files\CCleaner
2021-06-20 14:17 - 2020-06-04 12:56 - 000937250 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-20 14:16 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-20 14:16 - 2018-02-18 12:18 - 000000000 ____D C:\Users\Me!\AppData\LocalLow\Mozilla
2021-06-20 14:14 - 2019-11-09 11:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-20 14:10 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-20 14:10 - 2018-02-18 04:37 - 000000000 __SHD C:\Users\Me!\IntelGraphicsProfiles
2021-06-20 14:09 - 2020-06-04 13:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-20 14:09 - 2020-06-04 12:44 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-20 14:08 - 2019-12-07 02:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2021-06-20 14:08 - 2018-02-18 11:54 - 000000000 ____D C:\ProgramData\AVAST Software
2021-06-20 14:07 - 2021-03-03 08:46 - 000000000 ____D C:\Users\Me!\AppData\LocalLow\Temp
2021-06-20 13:32 - 2020-06-04 12:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-20 07:18 - 2018-06-22 21:44 - 000000000 ____D C:\Users\Me!\AppData\Local\AVAST Software
2021-06-20 06:47 - 2020-06-04 13:08 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-19 17:24 - 2020-08-08 07:58 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-19 17:24 - 2020-08-08 07:58 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-19 17:24 - 2020-08-08 07:58 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-19 17:24 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-19 17:24 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-19 00:02 - 2020-06-04 12:03 - 000000000 ____D C:\Users\Me!
2021-06-18 21:17 - 2020-06-04 13:08 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-18 21:13 - 2020-10-25 07:33 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6aadb62406a63
2021-06-18 21:13 - 2020-10-05 17:21 - 000002500 _____ C:\WINDOWS\system32\Tasks\AMHelper
2021-06-18 21:13 - 2020-08-08 07:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-18 21:13 - 2020-08-08 07:58 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-18 21:13 - 2020-06-04 13:08 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-18 21:13 - 2020-06-04 13:08 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-18 21:13 - 2020-06-04 13:08 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-18 21:13 - 2020-06-04 13:08 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-06-18 21:12 - 2018-04-03 19:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-18 18:07 - 2020-06-04 13:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-17 15:18 - 2019-11-09 11:32 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-17 15:18 - 2018-04-06 02:06 - 000003045 _____ C:\WINDOWS\wininit.ini
2021-06-17 11:02 - 2019-03-05 18:06 - 000000000 ____D C:\Users\Me!\Documents\My Kindle Content
2021-06-16 07:09 - 2018-05-15 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-06-16 07:09 - 2018-05-15 10:59 - 000000000 ____D C:\Program Files\RogueKiller
2021-06-15 07:31 - 2018-02-18 11:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-15 07:31 - 2018-02-18 11:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-15 07:31 - 2018-02-18 11:48 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-14 08:45 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-14 08:44 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-12 16:28 - 2021-01-24 08:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-11 21:57 - 2020-10-05 17:20 - 000000000 ____D C:\Users\Me!\AppData\Local\AMSDK
2021-06-11 15:11 - 2018-03-26 00:16 - 000000000 ____D C:\Users\Me!\AppData\Roaming\Jarte
2021-06-11 14:52 - 2017-10-14 10:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-11 10:45 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-11 10:38 - 2020-06-04 12:44 - 000438112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-11 10:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-11 10:33 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-11 10:32 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-10 06:34 - 2018-02-18 02:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-10 06:33 - 2018-02-18 02:11 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-09 06:28 - 2021-04-25 07:49 - 000001805 _____ C:\Users\Me!\Desktop\NordVPN.lnk
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\Users\Me!\AppData\Local\NordVPN
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\ProgramData\NordVPN
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-06-09 06:28 - 2021-04-25 07:49 - 000000000 ____D C:\Program Files\NordVPN
2021-06-08 22:17 - 2018-10-03 14:38 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-03 06:47 - 2018-02-18 12:18 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-01 16:41 - 2017-10-14 11:52 - 000000000 ____D C:\ProgramData\Intel
2021-05-25 07:48 - 2021-01-24 08:22 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2021-01-24 08:22 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-24 19:02 - 2010-02-07 10:19 - 000000000 ____D C:\swsetup
2021-05-24 19:01 - 2019-12-20 14:38 - 007865696 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelWLANdriver.dll
2021-05-24 16:07 - 2018-03-21 14:50 - 000000000 ____D C:\Users\Me!\AppData\Local\ElevatedDiagnostics
2021-05-23 22:09 - 2018-03-25 23:08 - 000000000 ____D C:\ProgramData\TEMP

==================== Files in the root of some directories ========

2020-08-09 23:05 - 2020-08-09 23:05 - 000000256 _____ () C:\Users\Me!\AppData\Local\PUTTY.RND
2021-04-12 20:06 - 2021-04-12 20:06 - 000000856 _____ () C:\Users\Me!\AppData\Local\recently-used.xbel
2018-06-08 10:22 - 2018-06-08 10:22 - 000000017 _____ () C:\Users\Me!\AppData\Local\resmon.resmoncfg
2021-01-20 08:11 - 2021-01-20 08:11 - 000000000 _____ () C:\Users\Me!\AppData\Local\{052D7D69-4E00-410B-B15C-D89FACE3BF73}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 21 June 2021 - 05:23 AM

That worked as expected and all I can see is where some restrictions had been placed by your security apps.

We can see if we can get those released.

****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Not finding anything malicious. Are you using the Web through your internet provider or are you using the net totally through a VPN?

Give me an update on how your machine is at the moment.

#9 Zhora

Authentic Member

Authentic Member
96 posts

Posted 21 June 2021 - 06:53 PM

I don't really see much difference, but that's okay. I am running my computer and iPhone through a VPN, an a Roku directly to the internet. Bizarrely, the clipboard drops its contents seemingly rather quickly, as it took 3 times to get the log copied.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Me! (21-06-2021 17:32:04) Run:2
Running from C:\Users\Me!\Desktop
Loaded Profiles: Me!
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully

The system needed a reboot.

==== End of Fixlog 17:33:41 ====

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 June 2021 - 05:31 AM

Whatever the problems are it doesn't appear to be malware related because nothing can pick up anything outstanding.

What I've pulled up is a listing of the security apps on the machine

Avast Online Security
MBAMService;
SDUpdateService
Zemana Ltd.
StartupApproved\Run: => "OneDrive"

They might be set as disabled, but in theory, they are going to update or are scripted, to check the internet once an hour or so to update definitions.

The one app thats going to pull the most in resources is Avast Online Security.

What you could do as an experiment is disable Avast, enable Windows Defender and check the machine to see if functions return to what you think is normal.

#11 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 28 June 2021 - 05:48 PM

bump.....

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 04 July 2021 - 05:52 AM

Glad we could help.
Since this issue appears resolved ... this Topic is closed.

Body Background

skin color theme