WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93092 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

McAfee Virus [Closed]

Started by NicoleD , Jul 26 2021 08:15 PM

This topic is locked

16 replies to this topic

#1 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 26 July 2021 - 08:15 PM

Hello,
I'm hoping you can help me. Recently I purchased McAfee Total Protection for my pc, and shortly afterwards I started getting these pop outs from McAfee (not that I believe it) telling me my pc was infected, but as you can see from the attachment when I ran a scan this is what it came back with.

Advertisements

Register to Remove

#2 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 27 July 2021 - 07:53 PM

I'm sorry I forgot to include the pop out that never stops.

Edited by NicoleD, 27 July 2021 - 07:54 PM.

#3 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 29 July 2021 - 12:20 PM

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Please post these 2 logs when finished.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#4 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 30 July 2021 - 03:04 AM

Thank you for your response. I ran both reports, but I wasn't sure if you wanted me to post directly in this window or attach the files.

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 7/30/21

Scan Time: 4:52 AM

Log File: 82ca71fe-f113-11eb-9e6b-f44d30b723c3.json

-Software Information-

Version: 4.4.4.126

Components Version: 1.0.1404

Update Package Version: 1.0.43710

License: Trial

-System Information-

OS: Windows 10 (Build 19043.1110)

CPU: x64

File System: NTFS

User: Home\user

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 426175

Threats Detected: 76

Threats Quarantined: 76

Time Elapsed: 1 min, 48 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 4

PUP.Optional.HideMySearches, HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gjamfbppkhdlfbepaflbkpblgninaoia, Quarantined, 245, 752291, , , , , ,

Adware.SearchEngineHijack.Generic, HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|cpdccciomiehnollheboilabphjhgnml, Quarantined, 16752, 799722, , , , , ,

PUP.Optional.Spigot.Generic, HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|migfejcjanidbmhaenjnnjcmchmhcgdo, Quarantined, 199, 774168, , , , , ,

PUP.Optional.MapsAssist, HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ifgcapbjomolkdhhdjklellkppiplhob, Quarantined, 4683, 852186, , , , , ,

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 13

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia, Quarantined, 245, 752291, , , , , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia, Quarantined, 245, 752291, , , , , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GJAMFBPPKHDLFBEPAFLBKPBLGNINAOIA, Quarantined, 245, 752291, 1.0.43710, , ame, , ,

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml, Quarantined, 16752, 799722, , , , , ,

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, Quarantined, 16752, 799722, , , , , ,

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 2\EXTENSIONS\CPDCCCIOMIEHNOLLHEBOILABPHJHGNML, Quarantined, 16752, 799722, 1.0.43710, , ame, , ,

PUP.Optional.Spigot.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\migfejcjanidbmhaenjnnjcmchmhcgdo, Quarantined, 199, 774168, , , , , ,

PUP.Optional.Spigot.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo, Quarantined, 199, 774168, , , , , ,

PUP.Optional.MapsAssist, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IFGCAPBJOMOLKDHHDJKLELLKPPIPLHOB, Quarantined, 4683, 852186, 1.0.43710, , ame, , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 245, 759626, , , , , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, Quarantined, 245, 759626, , , , , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 245, 759626, , , , , ,

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, Quarantined, 245, 759626, , , , , ,

File: 59

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 245, 752291, , , , , 564E2B2AFFE8A62B435939FA1744FB2F, 410AAD506C4C0D289F1C0495E337058FC25719E39974C3B113D7C97F9C3F22B6

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 245, 752291, , , , , 162CDCEDBE2C2782EE087BD0828C8BF1, EDF636732CFF0B12E2D66D7295008F0A19FA36DBE0757BC8AF9DE38F9A7F2CDF

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\000003.log, Quarantined, 245, 752291, , , , , 2143E84749D4BC10EC89600FB9910B79, 32DF97FF7415200119001304165AD3E748682A1ADC8F56F63BBC0B59049B9AE2

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\CURRENT, Quarantined, 245, 752291, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\LOCK, Quarantined, 245, 752291, , , , , ,

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\LOG, Quarantined, 245, 752291, , , , , 44D1C7B36759ADCF412BF08C72FF94AB, 786FE1262637FED69F1A2C2F1ED9DA7FCB55D730B01B1BD336E24A7569BFCBE6

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\MANIFEST-000001, Quarantined, 245, 752291, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\000003.log, Quarantined, 245, 752291, , , , , D97EE5FF7238439B719699ADA5EC1126, 1D67C16A187582B8BEDC466B04C97ACFDAF150CCC080ABFE9D75E1FAF1EBCFB8

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\CURRENT, Quarantined, 245, 752291, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\LOCK, Quarantined, 245, 752291, , , , , ,

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\LOG, Quarantined, 245, 752291, , , , , AFB718E13B2992B138674745F679ACB7, A2D0DB0307D34FCE968DEFED9D0D599DEC4A7F95352734407955DB8B8D14CF8A

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\LOG.old, Quarantined, 245, 752291, , , , , 126434297390FB41FF018797776F6FF0, 810762530662DB1EA9A30A885F7931FEBB380A271D77D22FAE3C6F07F8A2589A

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gjamfbppkhdlfbepaflbkpblgninaoia\MANIFEST-000001, Quarantined, 245, 752291, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GJAMFBPPKHDLFBEPAFLBKPBLGNINAOIA\1.0.0.2_0\MANIFEST.JSON, Quarantined, 245, 752291, 1.0.43710, , ame, , 1C55FD92F11A099CF1CD2C51A6C3B93C, 40D5042E2E1C813031CA66072BDAFE494B7588411467C4DDC5987EF443C37B8A

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, Replaced, 16752, 799722, , , , , F41F59DDB4536AF8C587FAD57E1CDD8F, FFD475AB739448B4ACF90F3DFF5F7F5353EC47FC4B06F52205DC5B8D6BDDEC92

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, Replaced, 16752, 799722, , , , , 778423F9D17CF1BA6871E1EA5EEC5AD2, 14DC6CB2D8FA45E2077BD47F307CB119D75068CD7EE20A1B41E726F5BAE65AEA

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\000003.log, Quarantined, 16752, 799722, , , , , 86F8B41A434A430C1D9EC74B9CECB3B3, FACE365078995833EE652418D8B0FF95B509593C70F846F4C249AE48CEAED2AA

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\CURRENT, Quarantined, 16752, 799722, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\LOCK, Quarantined, 16752, 799722, , , , , ,

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\LOG, Quarantined, 16752, 799722, , , , , 30A5CE22FB0801D2A8EF67061CC938DB, 210DE7D00A4F8C1C6E6234C6D04107336924DDB7D750FD21CBC9B894F1B22FC1

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\LOG.old, Quarantined, 16752, 799722, , , , , 6D3AC288C213875E76DA8EA2C19D2005, 0D2FDE35134060ACB2AE8C4FB5A2A3FA66049173796688605BB3DB219C94E563

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Extension Settings\cpdccciomiehnollheboilabphjhgnml\MANIFEST-000001, Quarantined, 16752, 799722, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000005.ldb, Quarantined, 16752, 799722, , , , , 8A72C7733BE0F1E2BEE31FCCA21A1090, CC9C87280DB6B7D6844762D89D64338DDF09D218B9E9C4DCF61B3234FC5A1666

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\008925.ldb, Quarantined, 16752, 799722, , , , , F98A54ABFA798158E0875F819565CA38, C9C664548A527AB1F873951F469690475C41A8D39171511A40D4051475E1BA28

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\008926.log, Quarantined, 16752, 799722, , , , , DD98573F568E0DC39E1E66ACC420A1E3, 00E7BEAD3D8DB5C97E66064E339EC3AD023BDD344FA96B91DB90D345F78594A9

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\008927.ldb, Quarantined, 16752, 799722, , , , , F49F8007F885A2BAC50C1136E017970C, EC37EFF25FA8813EB01944E87B9A49F271BDF980CD68AE1A0AFA058A96803EFF

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\CURRENT, Quarantined, 16752, 799722, , , , , 4B8E19F19AE2EC78D39E38D187F29B74, DAFCCE2BFE596E50425161B427BF44786A698B6CD75A3ED0782EB5F233135233

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOCK, Quarantined, 16752, 799722, , , , , ,

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG, Quarantined, 16752, 799722, , , , , DEC47C190E0259E37E2D3B601B5BED1A, C01CD6C0C5F31E9AB67515E189F77494B8F15FEE81A1CA43127D0A64BEFAAD38

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG.old, Quarantined, 16752, 799722, , , , , 19A65DDB7181D781DE874F03AC058818, FD3A62C05ACD923614D3D8B40B1DC453839124195E168DCADD9F0BC42C575BB8

Adware.SearchEngineHijack.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\MANIFEST-008408, Quarantined, 16752, 799722, , , , , 54F5BF2EFC055B5595103BCB18F95304, 2C287EAD32CDC25E78D90D176445F5D5F8BDDE022E4EDA4CA715A74C645313C8

Adware.SearchEngineHijack.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 2\EXTENSIONS\CPDCCCIOMIEHNOLLHEBOILABPHJHGNML\1.1.0_0\MANIFEST.JSON, Quarantined, 16752, 799722, 1.0.43710, , ame, , C084BCEA4881C1AFC4266BF9EFDE4092, 430B4CB3962D53FAA6C71301B9D8E895248AE47AD2E70AB0C8FDD6570BDB746D

PUP.Optional.Spigot.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 199, 774168, , , , , 564E2B2AFFE8A62B435939FA1744FB2F, 410AAD506C4C0D289F1C0495E337058FC25719E39974C3B113D7C97F9C3F22B6

PUP.Optional.Spigot.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 199, 774168, , , , , 162CDCEDBE2C2782EE087BD0828C8BF1, EDF636732CFF0B12E2D66D7295008F0A19FA36DBE0757BC8AF9DE38F9A7F2CDF

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\000003.log, Quarantined, 199, 774168, , , , , FC34281E6831214B9E80B2CA5009160F, 158DC8F80D5B901E1113B1C6109C327D472C79ED95D53956FCDE9651652C39D1

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\CURRENT, Quarantined, 199, 774168, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\LOCK, Quarantined, 199, 774168, , , , , ,

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\LOG, Quarantined, 199, 774168, , , , , 8349068F5F28224BB91F2465751A175B, 59ECBF0C09790B0CBFC98B71CDD138C65C27B0216DEC6CDB007A6A03B5E79A51

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\LOG.old, Quarantined, 199, 774168, , , , , 8A1228A91EDFB909FB462673FBA6F74D, 62BCB541F31D9410DEACCBD8973785C990AB176276A71252B5F60E2507F469B5

PUP.Optional.Spigot.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\migfejcjanidbmhaenjnnjcmchmhcgdo\MANIFEST-000001, Quarantined, 199, 774168, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4

PUP.Optional.Spigot.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MIGFEJCJANIDBMHAENJNNJCMCHMHCGDO\1.8_0\APP\BACKGROUND.JS, Quarantined, 199, 774168, 1.0.43710, , ame, , AD4A0BEBA68DB1A38FB337E85B857FC8, 5F10AAD628BE6B0F776EA909EAB61403C241DB323963AF1DAF9FC5691AB3AE53

PUP.Optional.MapsAssist, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 4683, 852186, , , , , 564E2B2AFFE8A62B435939FA1744FB2F, 410AAD506C4C0D289F1C0495E337058FC25719E39974C3B113D7C97F9C3F22B6

PUP.Optional.MapsAssist, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 4683, 852186, , , , , 162CDCEDBE2C2782EE087BD0828C8BF1, EDF636732CFF0B12E2D66D7295008F0A19FA36DBE0757BC8AF9DE38F9A7F2CDF

PUP.Optional.MapsAssist, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IFGCAPBJOMOLKDHHDJKLELLKPPIPLHOB\1.0.0.6_0\MANIFEST.JSON, Quarantined, 4683, 852186, 1.0.43710, , ame, , B62BBCE7EE82BB2E0C9BF1695DF250C3, F631D1033291B9D0D15684CFB683FF643AE3E99E959C6DC9AC1FE88B26345F82

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 245, 759626, , , , , 19A7E0D50A44DAC0CC7DC71CEA8BDEC5, 8EF4236DBF3B1FFEA5F3B237A21378E6C8B1221FB71B2BF1286C87543E34C9E2

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\061862.ldb, Quarantined, 245, 759626, , , , , FF2FE8A7E373DBAECA33A65D64413F69, 0DF383A941AE54B6D5833121E8165ADF311602D2B40C4BF1C867964E73C095FD

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\061865.ldb, Quarantined, 245, 759626, , , , , 2C16F813B40F7671E0123DF00D83BC6D, D4D99DFDDBF0677828D944E6023A5C3191A15A19766FB9F124844C825065081E

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\061867.ldb, Quarantined, 245, 759626, , , , , A2C77BBB335B5464EB23B8015DF08D22, 079E8E2240E50E2C6E3F2F5E586A9166378A446D478DF7752722F3246CE81B05

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\061868.log, Quarantined, 245, 759626, , , , , FBC648A4ACFF321EB735543397410EC4, 127C6FAC80710F4F2BAFECE264C739C3193FC50702A33ED7A733E06F72ABAF2F

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\061869.ldb, Quarantined, 245, 759626, , , , , 0039056F1088F882818C36211ED2E0C0, DB7EBA4A866867EB5DAF4BBC274C541EB9769357D655D8A9A1510EA15CB481B2

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 245, 759626, , , , , 13A5140D91905E79E3C266553F3DC7DC, 4EAF273090C8CF2885F7678BB46BE3BEF5C41A5AB9DE71640010BD8AD6DEFDD0

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 245, 759626, , , , , ,

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 245, 759626, , , , , CD41A1BC7CC1EFB69A08F1ADBFFBF99B, AE439805D96109E31062B8B3C99422163683C2B54F96E66D7620D53232606765

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 245, 759626, , , , , 346C9E96B5263D284DB1021284258C79, 6861CA403C149AC3F0C5153DEB8901E9AD6370F857F3ECEB7B8B0D96B4DA9628

PUP.Optional.HideMySearches, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-054005, Quarantined, 245, 759626, , , , , 936DE4336FF40CFA914DC89AD0A96862, 29987689694BA93E4240FC20B9974DEBBA3C8418ED7E19A53286E731518C283A

PUP.Optional.HideMySearches, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 245, 759626, 1.0.43710, , ame, , 564E2B2AFFE8A62B435939FA1744FB2F, 410AAD506C4C0D289F1C0495E337058FC25719E39974C3B113D7C97F9C3F22B6

PUP.Optional.Spigot, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 151, 791127, 1.0.43710, , ame, , 162CDCEDBE2C2782EE087BD0828C8BF1, EDF636732CFF0B12E2D66D7295008F0A19FA36DBE0757BC8AF9DE38F9A7F2CDF

PUP.Optional.PushNotifications, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, Replaced, 203, 846248, 1.0.43710, , ame, , 778423F9D17CF1BA6871E1EA5EEC5AD2, 14DC6CB2D8FA45E2077BD47F307CB119D75068CD7EE20A1B41E726F5BAE65AEA

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

# -------------------------------

# Malwarebytes AdwCleaner 8.3.0.0

# -------------------------------

# Build: 06-29-2021

# Database: 2021-06-29.1 (Local)

# Support: https://www.malwarebytes.com/support

# -------------------------------

# Mode: Clean

# -------------------------------

# Start: 07-30-2021

# Duration: 00:00:07

# OS: Windows 10 Home

# Cleaned: 29

# Awaiting reboot:1

# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Default\AppData\Local\Host App Service

Deleted C:\Users\TEMP.HOME.000\AppData\Local\Host App Service

Deleted C:\Users\TEMP.HOME\AppData\Local\Host App Service

Deleted C:\Users\TEMP\AppData\Local\Host App Service

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\App Host Service

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForUser

Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK

Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Someone Else\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Someone Else\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\Users\user\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1E14ACF0-1480-4467-A73D-67C4FD35A5F4}

Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EBD077C6-0032-4309-AA04-C67836D717DA}

Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER

Deleted Preinstalled.LenovoIMController Folder C:\Users\Someone Else\AppData\Local\LENOVO\IMCONTROLLER

Deleted Preinstalled.LenovoIMController Folder C:\Users\user\AppData\Local\LENOVO\IMCONTROLLER

Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER

Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER

Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1

Needs Reboot Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS

*************************

[+] Delete Tracing Keys

[+] Reset Winsock

*************************

***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS

*************************

AdwCleaner[S00].txt - [3455 octets] - [27/05/2018 20:46:18]

AdwCleaner[C00].txt - [3066 octets] - [27/05/2018 20:46:54]

AdwCleaner[S01].txt - [3159 octets] - [26/03/2019 21:35:54]

AdwCleaner[C01].txt - [3069 octets] - [26/03/2019 21:36:24]

AdwCleaner[S02].txt - [5367 octets] - [30/07/2021 04:57:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

#5 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 30 July 2021 - 09:06 AM

You did perfect.

How are things looking now?

Are you still getting the popup? If so, can you post a screen shot?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#6 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 03 August 2021 - 02:15 AM

Hi Tomk,

It's better but I'm still getting these annoying popups while I'm working that look like this however my mcafee says everything is good. (see screenshot attachment)

Attached Thumbnails

#7 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 03 August 2021 - 02:20 AM

Here is the screenshot of the home screen of my the mcafee software I have installed.

Attached Thumbnails

#8 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 03 August 2021 - 09:03 AM

Let's dig a little deeper.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#9 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 08 August 2021 - 06:33 PM

I apologize Tom, I thought I sent this a couple days ago. The program won't download. Do you think it's because of my antivirus? Update: The popups became so annoying I shut my pc down.

#10 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 08 August 2021 - 10:21 PM

Can you run Malwarebytes and Adaware again?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#11 NicoleD

Authentic Member

Authentic Member
225 posts

Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 10 August 2021 - 02:38 AM

Hi I was able to run Farbar when I turned my firewall off. Here is this report first.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021

Ran by user (administrator) on HOME (LENOVO 90DG002XUS) (10-08-2021 04:29:35)

Running from C:\Users\user\Downloads

Loaded Profiles: user

Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe

() [File not signed] C:\Windows\jmesoft\Service.exe

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe

(Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe

(EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe

(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe

(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe

(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\Lenovo.Vantage.AddinHost.exe

(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\LenovoVantageService.exe

(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe

(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe

(Malwarebytes Corporation -> Malwarebytes) C:\ProgramData\MB3Install\MBAMIService.exe

(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe <3>

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.4.103.0\McCSPServiceHost.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee.com\Agent\mcupdate.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\CoreUI\Launch.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe <3>

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe <2>

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14228.20226\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe <3>

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <5>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296864 2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)

HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [331344 2015-07-22] (Hewlett-Packard -> HP Development Company, L.P.)

HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-05] (Adobe Inc. -> )

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-06-30] (Adobe Inc. -> Adobe Inc.)

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23967520 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\user\AppData\Local\Microsoft\Teams\Update.exe [2453704 2021-03-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680776 2021-06-11] (Adobe Inc. -> Adobe Systems Incorporated)

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [HP OfficeJet Pro 8020 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> )

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680776 2021-06-11] (Adobe Inc. -> Adobe Systems Incorporated)

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5550304 2021-07-24] (Adobe Inc. -> Adobe Systems Incorporated)

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Uninstall 19.232.1124.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64"

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\RunOnce: [Uninstall 19.232.1124.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Someone Else\AppData\Local\Microsoft\OneDrive\19.232.1124.0012"

HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DLL [597792 2013-09-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)

HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)

HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-03] (Google LLC -> Google LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2021-06-30]

ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)

HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {071419F6-5533-4204-9B02-AF359BD2BEAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {10A4EF20-1973-4DEF-8705-392A00E7B4E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {12229541-7014-438C-A373-AB8402A46C6E} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-49PEJRG-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {1B5042E0-46DE-4188-A295-1BDEC01BD669} - \Lenovo\ImController\TimeBasedEvents\972eb0a7-797e-4bb7-9abd-27ea9e70cf2f -> No File <==== ATTENTION

Task: {1B55A146-8B6F-4350-9EED-AE6B665A7679} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-01] (Mozilla Corporation -> Mozilla Foundation)

Task: {1C057A45-4224-4599-B7A2-903FFF36375A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-24] (Google Inc -> Google Inc.)

Task: {1CA96F7C-6DC6-4CD9-9254-0B60F3128783} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4702928 2021-06-08] (McAfee, LLC -> McAfee, LLC)

Task: {211741E4-7721-41DA-8CF4-E22F8DB1E015} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {31F61030-2199-493A-B3C0-31360F182BAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH9C72Q14T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

Task: {33558C9B-2B8A-46D9-8CB1-E0ACD46879DB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {38C5328D-4C5F-4F2F-9C5E-2F296BA812D0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-05-12] (McAfee, LLC -> McAfee, LLC)

Task: {4317C26F-7ECB-4F15-A5B7-D692E4AC9CEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)

Task: {4B2F8A30-6377-47C1-B052-70B408FD673A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {4DC447F1-7909-4754-A6BB-30A7FC06FC76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {52087E12-6A2C-47C5-A557-61DA9D943F2E} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4114728 2021-04-29] (McAfee, LLC -> McAfee, LLC)

Task: {5A3ADC37-CC4F-4D52-9A6F-0125ACF06242} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {627053EE-5EC2-4FEB-ABF6-FBB76D5EF08E} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION

Task: {634E4A4F-EF5F-49B5-A3B4-D0AC9CBD4171} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {72A37BE9-E85B-4FDD-9BC0-EFDBEC7F9090} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService

Task: {75118EC5-CEAE-4510-81C7-0878CD26E32F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-24] (Google Inc -> Google Inc.)

Task: {768C8F5A-47B8-4CAB-A0D1-4E4F6D65B71B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38560 2021-07-23] (HP Inc. -> HP Inc.)

"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION

Task: {7869C6BD-AE4B-401E-AD10-86C3F85D6DAC} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-05-12] (McAfee, LLC -> McAfee, LLC)

Task: {7F23F20E-BD9D-405C-80C1-3036747287EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)

Task: {7F35FCDC-5754-425F-937E-1A3B785085F7} - System32\Tasks\AdobeAAMUpdater-1.0-HOME-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {826E10E5-85CF-4B60-91D6-EE15C9359C06} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {8538E05E-C835-43E3-92DE-DDE0798B2D58} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\ScheduleEventAction.exe [23968 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

Task: {895519C8-DC3F-4C91-9E89-C3173ED2B6E3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe

Task: {8A77DAA9-E108-4BED-B85B-0319B414FDEB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1150872 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {8C67E23A-67D4-4F1B-B196-915D70718E8E} - \Lenovo\ImController\TimeBasedEvents\430f9acc-3f4a-4af1-b919-67ca1dc1b488 -> No File <==== ATTENTION

Task: {9B6F2748-27D9-49AF-A828-9623E4E9FDB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {A6B447D3-A991-45AA-A412-596A04BA32CF} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION

Task: {AEF9487A-605D-4309-82E1-2FB563C9CD32} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe

Task: {B0758A0F-10B1-4C39-BD40-D755B25FD862} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38560 2021-07-23] (HP Inc. -> HP Inc.)

Task: {B2C74C01-D7A8-4FCC-A376-B8BED9C7C916} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)

Task: {B739DC11-CE72-4094-AA93-B49458AFB2C8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)

Task: {B89F491A-623F-4E97-A443-BBEDBDDBDCD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {C10E7859-4F8D-466F-B238-7280CCB197EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

Task: {C116D9EF-C620-42F0-BFED-9E7FCAF96B03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe

Task: {C23D0B02-21E6-4691-B68B-3FE8E7B0869F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {CDF557D9-82EA-4924-B7BD-8BF5CB44FCFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)

Task: {CE0E4961-A59C-4714-B42E-B47F8C781E25} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8020 series => C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)

Task: {DE933A65-AA88-42D3-BA87-6195477A39D3} - \Lenovo\ImController\TimeBasedEvents\b98bf4a3-a43e-4deb-9c18-23920eaf91be -> No File <==== ATTENTION

Task: {E1C6E54B-C5AE-420C-ADA8-6FEA4030DD8F} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION

Task: {EF91FB6C-8BC3-4C21-B520-92E40091C166} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe

Task: {F1304262-E5B9-4157-B7EE-CE9FFA2500CD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {F2FB44B9-7D43-4F51-A973-3E66A18744EE} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [91728 2015-08-20] (Hewlett-Packard -> HP Development Company, L.P.)

Task: {F35E4B78-A079-459A-B077-070CC86F14A2} - \Lenovo\ImController\TimeBasedEvents\3e624320-8d20-49d0-84d2-2017300a53db -> No File <==== ATTENTION

Task: {F5324FF7-B479-4455-A24C-2F73E8547267} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 65.19.96.252 65.19.96.253

Tcpip\..\Interfaces\{41bc1862-9b17-48cf-9726-a914d3b1a3d4}: [DhcpNameServer] 65.19.96.252 65.19.96.253

Edge:

=======

DownloadDir:

Edge HomeButtonPage: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> hxxp://www.google.com/

Edge Notifications: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> hxxps://www.facebook.com

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

Edge DefaultProfile: Profile 5

Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-02-15]

Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5 [2021-08-10]

Edge Notifications: Profile 5 -> hxxps://business.facebook.com; hxxps://highercaptcha-settle.com; hxxps://pshsbscapr.xyz; hxxps://www.intelius.com

Edge HomePage: Profile 5 -> hxxp://www.google.com/

Edge StartupUrls: Profile 5 -> "hxxp://www.google.com/"

Edge Extension: (McAfee® WebAdvisor) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2021-07-01]

Edge Extension: (True Key™ by McAfee) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 5\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2021-07-01]

Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Profile 6 [2021-06-01]

Edge Notifications: Profile 6 -> hxxps://www.facebook.com

FireFox:

========

FF DefaultProfile: v1bw4wjg.default-1610534553716

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v1bw4wjg.default-1610534553716 [2021-08-03]

FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]

FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-08-06] [Legacy] [not signed]

FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-06-29] (McAfee, LLC -> )

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-06-30] (Adobe Inc. -> Adobe Systems)

FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-06-23] (Glance Networks Inc -> Glance Networks, Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-06-29] (McAfee, LLC -> )

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-06-30] (Adobe Inc. -> Adobe Systems)

Chrome:

=======

CHR DefaultProfile: Profile 2

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2021-06-07]

CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://depositphotos.com; hxxps://dispatch.m.io; hxxps://my.dotloop.com; hxxps://outlook.office.com; hxxps://recordsfinder.com; hxxps://www.bestbuy.com; hxxps://www.bhg.com; hxxps://www.inman.com; hxxps://www.pinterest.com; hxxps://www.techradar.com; hxxps://www.truthfinder.com

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR NewTab: Default -> Active:"chrome-extension://jicihihokpllhhnpjbnflpgffcgjfpnb/modern_newtab.html"

CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]

CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-05-23]

CHR Extension: (Facebook Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-09]

CHR Extension: (WebAdBlocker.org) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifcailncnlobddlehplcimgnehnldio [2021-05-23]

CHR Extension: (Photo to Cartoon App) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiionnfmbokfpleilfihlofncgkchjbe [2019-07-21]

CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-01]

CHR Extension: (Driving Maps Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicihihokpllhhnpjbnflpgffcgjfpnb [2020-08-02]

CHR Extension: (Wave Accounting) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2018-11-06]

CHR Extension: (TRC PPAPI Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lamefdhfniilbngefmkhfihkchggeekg [2020-12-19]

CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-21]

CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-21]

CHR Extension: (Sooth Gradient) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamnhppfegefocfcinlhnblodaglebjg [2020-05-11]

CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-08-10]

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-08-10]

CHR Notifications: Profile 2 -> hxxps://business.facebook.com; hxxps://depositphotos.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.reddit.com

CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1494G0&p={searchTerms}

CHR DefaultSearchKeyword: Profile 2 -> mcafee

CHR DefaultSuggestURL: Profile 2 -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}

CHR Extension: (Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-19]

CHR Extension: (Mobility Print) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alhngdkjgnedakdlnamimgfihgkmenbh [2021-08-07]

CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-19]

CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-19]

CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-19]

CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-02-18]

CHR Extension: (Fonts Ninja) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2021-07-24]

CHR Extension: (Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-19]

CHR Extension: (McAfee® WebAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-07-01]

CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-25]

CHR Extension: (Zoom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-07-08]

CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-19]

CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-28]

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-10]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2018-05-27]

CHR HKU\S-1-5-21-93585695-1239137162-3987457199-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Brave:

=======

BRA Profile: C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2019-08-29]

BRA Extension: (Brave Local Data Files Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-08-29]

BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-08-29]

BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-08-29]

BRA Extension: (PDF Viewer) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-04-13]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-08-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-06-30] (Adobe Inc. -> Adobe Inc.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9141648 2021-07-21] (Microsoft Corporation -> Microsoft Corporation)

R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] (Dolby Laboratories, Inc. -> )

R2 FastbootService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe [297752 2017-02-25] (LENOVO -> Lenovo)

S3 GameZoneService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\GameZoneService.exe [27184 2016-10-10] (LENOVO -> )

S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-07-23] (HP Inc. -> HP Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]

R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.7.19.0\LenovoVantageService.exe [28576 2021-05-17] (Lenovo -> Lenovo Group Ltd.)

R2 MBAMIService; C:\ProgramData\MB3Install\MBAMIService.exe [231120 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-07-29] (McAfee, LLC -> McAfee, LLC)

R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [797576 2021-07-07] (McAfee, LLC -> McAfee, LLC)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.4.103.0\\McCSPServiceHost.exe [2825792 2021-06-11] (McAfee, LLC -> McAfee, LLC)

S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)

R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)

R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669200 2021-06-11] (McAfee, LLC -> McAfee, LLC)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]

R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4289856 2021-06-15] (McAfee, LLC -> McAfee, LLC)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70936 2017-02-25] (LENOVO -> Windows ® Win 7 DDK provider)

R0 FBFsmon; C:\WINDOWS\System32\DRIVERS\FBFsmon.sys [42776 2017-02-25] (LENOVO -> Windows ® Win 7 DDK provider)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC)

R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)

R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)

S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)

R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)

U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2020-07-24] (Adlice -> )

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

R3 YLED; C:\WINDOWS\System32\drivers\YLED.sys [23960 2016-04-15] (LENOVO -> )

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-03] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-10 04:29 - 2021-08-10 04:30 - 000043227 _____ C:\Users\user\Downloads\FRST.txt

2021-08-10 04:28 - 2021-08-10 04:28 - 002300416 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2021-08-06 06:32 - 2021-08-06 06:32 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk

2021-08-06 05:31 - 2021-08-06 05:31 - 000411059 _____ C:\Users\user\Downloads\Seller CD.pdf

2021-08-06 05:31 - 2021-08-06 05:31 - 000074185 _____ C:\Users\user\Downloads\Seller Settlement Statement.pdf

2021-08-06 04:20 - 2021-08-06 04:20 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement (1) (1).pdf

2021-08-06 04:19 - 2021-08-06 04:19 - 002373030 _____ C:\Users\user\Downloads\Buyer Seller Flyer.pdf

2021-08-06 04:19 - 2021-08-06 04:19 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement (1).pdf

2021-08-06 04:16 - 2021-08-06 04:16 - 000419680 _____ C:\Users\user\Downloads\HSA & Fox & Roach Interactive Application (2).pdf

2021-08-06 04:10 - 2021-08-06 04:10 - 001161617 _____ C:\Users\user\Downloads\Fox and Roach Service Agreement.pdf

2021-08-05 06:58 - 2021-08-05 06:58 - 000053054 _____ C:\Users\user\Downloads\dog trainer recommendations.pdf

2021-08-05 06:48 - 2021-08-05 06:48 - 009409844 _____ C:\Users\user\Downloads\OneDrive_2021-08-05.zip

2021-08-05 06:48 - 2021-08-05 06:48 - 000002325 _____ C:\Users\user\Downloads\20-22(7)At Home With Diversity (AHWD) PA Required for Fair Housing__(BHHS Fox &amp

2021-08-05 06:39 - 2021-08-05 06:39 - 000054912 _____ C:\Users\user\Downloads\Wire Authorization Form.pdf

2021-08-05 06:36 - 2021-08-05 06:36 - 000400135 _____ C:\Users\user\Downloads\NTA58943 2016 ALTA Commitment (NJRB 3-09) (A, A-5, B1, B2).PDF

2021-08-04 23:09 - 2021-08-04 23:09 - 000043612 _____ C:\Users\user\Downloads\107 Harrison Ave Commission Memo.docx [1].pdf

2021-08-04 04:58 - 2021-08-04 04:58 - 000045241 _____ C:\Users\user\Downloads\507 Sam Naples Rd Commission Memo.docx.pdf

2021-08-04 04:56 - 2021-08-04 04:56 - 000464707 _____ C:\Users\user\Downloads\rultzCOMM.pdf

2021-08-03 04:28 - 2021-08-03 04:28 - 000116542 _____ C:\Users\user\Downloads\Letter to Attorney re Repair Request.pdf

2021-07-30 05:55 - 2021-07-30 05:55 - 001110730 _____ C:\Users\user\Downloads\backup_2021-07-30-0545_Smires_and_Associates_Real_Estat_11b88434e6ca-db.gz

2021-07-30 05:12 - 2021-07-30 05:12 - 000069950 _____ C:\Users\user\Downloads\America Trotto Application.pdf

2021-07-30 05:00 - 2021-07-30 05:00 - 000000000 ____D C:\ProgramData\MB3Install

2021-07-30 04:56 - 2021-07-30 04:57 - 008553680 _____ (Malwarebytes) C:\Users\user\Downloads\adwcleaner_8.3.0.exe

2021-07-30 04:55 - 2021-07-30 05:00 - 000000000 ____D C:\Users\user\Desktop\malware

2021-07-30 04:47 - 2021-07-30 04:47 - 000000000 ____D C:\ProgramData\Malwarebytes

2021-07-30 04:46 - 2021-07-30 04:46 - 002040904 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup-076981.076981-Consumer (1).exe

2021-07-30 04:42 - 2021-07-30 04:42 - 000000000 ____D C:\ProgramData\MB3Migration

2021-07-30 04:42 - 2021-07-30 04:42 - 000000000 ____D C:\ProgramData\MB3CoreBackup

2021-07-30 04:41 - 2021-07-30 04:41 - 002040904 _____ (Malwarebytes) C:\Users\user\Downloads\MBSetup-076981.076981-Consumer.exe

2021-07-30 04:38 - 2021-07-30 04:40 - 064333800 _____ (Malwarebytes ) C:\Users\user\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe

2021-07-28 22:31 - 2021-07-28 22:31 - 000172502 _____ C:\Users\user\Downloads\JKB Ventures LLC to Zdinarsic revised AR ltr from Francis Jun 28.pdf

2021-07-28 22:29 - 2021-07-28 22:29 - 000047939 _____ C:\Users\user\Downloads\housing_code_certificate_of_approval_for_occupancy_30559_07-16-2021-35022.pdf

2021-07-28 22:29 - 2021-07-28 22:29 - 000047939 _____ C:\Users\user\Downloads\housing_code_certificate_of_approval_for_occupancy_30559_07-16-2021-35022 (1).pdf

2021-07-28 22:24 - 2021-07-28 22:24 - 000111843 _____ C:\Users\user\Downloads\PDFS-Forms (2) (1).pdf

2021-07-28 22:07 - 2021-07-28 22:07 - 000083401 _____ C:\Users\user\Downloads\NTA58943 Confirmation Copy.PDF

2021-07-28 22:03 - 2021-07-28 22:03 - 000311023 _____ C:\Users\user\Downloads\107 - Lead-Based Paint Disclosure 062921 (1).pdf

2021-07-28 22:03 - 2021-07-28 22:03 - 000309613 _____ C:\Users\user\Downloads\107 - FHA VA Addendum 062921 (2).pdf

2021-07-28 21:58 - 2021-07-28 21:58 - 005045578 _____ C:\Users\user\Downloads\NTA58943 Title Report.PDF

2021-07-28 21:54 - 2021-07-28 21:54 - 003350121 _____ C:\Users\user\Downloads\Sellers Disclosure (1).pdf

2021-07-28 21:00 - 2021-07-28 21:00 - 000111843 _____ C:\Users\user\Downloads\PDFS-Forms (2).pdf

2021-07-27 21:58 - 2021-07-27 21:58 - 001244420 _____ C:\Users\user\Downloads\mike_mccormick.jpeg

2021-07-26 06:03 - 2021-07-26 06:03 - 057452222 _____ C:\Users\user\Downloads\MTSummary_Message trace report - _2021-07-26T090030.141Z__b9c3cb84-ee28-4765-925a-9a6dde7c43bd.csv

2021-07-26 05:15 - 2021-07-26 05:15 - 000007513 _____ C:\Users\user\Downloads\AutoForwardedMsgDetails_Summary.csv

2021-07-24 07:23 - 2021-07-24 07:23 - 000000000 ____D C:\Users\user\AppData\Local\AAR

2021-07-24 07:17 - 2021-07-24 07:17 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2021.lnk

2021-07-23 06:20 - 2021-07-23 06:20 - 000078751 _____ C:\Users\user\Downloads\users_7_23_2021 10_20_17 AM.csv

2021-07-23 06:16 - 2021-07-23 06:16 - 000001709 _____ C:\Users\user\Downloads\MailFlowForwarding_Details_2021-07-22_2021-07-22__1 (1).csv

2021-07-23 05:54 - 2021-07-23 05:54 - 000001709 _____ C:\Users\user\Downloads\MailFlowForwarding_Details_2021-07-22_2021-07-22__1.csv

2021-07-23 05:52 - 2021-07-23 05:53 - 000000054 _____ C:\Users\user\Downloads\MailFlowForwarding_Summary_2021-04-24_2021-07-22__1.csv

2021-07-22 07:06 - 2021-07-22 07:06 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk

2021-07-21 21:48 - 2021-07-21 21:48 - 049138804 _____ C:\Users\user\Desktop\fran.zip

2021-07-21 20:40 - 2021-07-21 21:38 - 000000000 ____D C:\Users\user\Desktop\fran

2021-07-21 04:41 - 2021-07-21 04:41 - 006069620 _____ C:\Users\user\Downloads\2991072_DM_13853676_110_2.pdf

2021-07-16 14:12 - 2021-07-16 14:12 - 006447245 _____ C:\Users\user\Downloads\2991072_DM_13853676_109_1.pdf

2021-07-14 00:30 - 2021-07-14 00:30 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb

2021-07-14 00:30 - 2021-07-14 00:30 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb

2021-07-14 00:30 - 2021-07-14 00:30 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb

2021-07-14 00:30 - 2021-07-14 00:30 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb

2021-07-14 00:29 - 2021-07-14 00:29 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2021-07-14 00:29 - 2021-07-14 00:29 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

2021-07-13 06:43 - 2021-07-13 06:44 - 000347238 _____ C:\Users\user\Downloads\Travisano.2 Concluding AR.pdf

2021-07-13 06:36 - 2021-07-13 06:36 - 003883473 _____ C:\Users\user\Downloads\listings (21).pdf

2021-07-13 05:58 - 2021-07-13 05:58 - 000103647 _____ C:\Users\user\Downloads\437319_7-13-2021.pdf

2021-07-13 05:26 - 2021-07-13 05:29 - 000010818 _____ C:\Users\user\Downloads\nicole_dandrea_sphere.csv

2021-07-13 05:20 - 2021-07-13 05:21 - 000005510 _____ C:\Users\user\Downloads\jl_507samnaples_dandrea.csv

2021-07-13 04:20 - 2021-07-13 04:20 - 001024000 _____ C:\Users\user\Downloads\AdobeStock_206100739 (1).indt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-10 04:30 - 2020-07-24 00:47 - 000857998 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-08-10 04:30 - 2020-07-24 00:44 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8F64D61C-7D50-49F0-A569-657BFAFDD7F8}

2021-08-10 04:30 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps

2021-08-10 04:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2021-08-10 04:30 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF

2021-08-10 04:30 - 2018-09-16 23:48 - 000094378 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2021-08-10 04:30 - 2018-05-27 06:27 - 000000000 ____D C:\FRST

2021-08-10 04:30 - 2018-01-24 22:26 - 000000000 ____D C:\Program Files (x86)\Google

2021-08-10 04:30 - 2017-02-25 15:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2021-08-10 04:24 - 2021-07-01 03:39 - 000000000 __RSD C:\Users\user\OneDrive - NA\Documents\McAfee Vaults

2021-08-10 04:23 - 2021-05-27 06:05 - 000000000 ___RD C:\Users\user\OneDrive - Smires and Associates

2021-08-10 04:23 - 2020-07-24 00:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-08-10 04:23 - 2020-07-24 00:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee

2021-08-10 04:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState

2021-08-10 04:23 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2021-08-10 04:23 - 2018-01-26 01:29 - 000000000 ___RD C:\Users\user\Google Drive

2021-08-10 04:23 - 2018-01-22 16:36 - 000000000 ___RD C:\Users\user\OneDrive

2021-08-10 04:23 - 2017-02-25 15:43 - 000000000 ____D C:\ProgramData\NVIDIA

2021-08-08 05:20 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2021-08-08 05:19 - 2020-07-24 00:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2021-08-07 06:59 - 2021-07-01 03:37 - 000000000 ____D C:\Program Files\McAfee

2021-08-07 06:59 - 2021-07-01 03:37 - 000000000 ____D C:\Program Files (x86)\McAfee

2021-08-07 06:59 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2021-08-07 06:59 - 2018-02-21 21:42 - 000000000 ____D C:\ProgramData\McAfee

2021-08-07 06:50 - 2020-07-24 01:03 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-08-06 22:32 - 2020-07-24 00:44 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0

2021-08-06 06:34 - 2021-01-16 00:55 - 000000000 __HDC C:\adobeTemp

2021-08-06 06:32 - 2018-01-24 23:39 - 000000000 ____D C:\Program Files\Common Files\Adobe

2021-08-06 06:32 - 2018-01-24 23:38 - 000000000 ____D C:\Program Files\Adobe

2021-08-06 06:28 - 2018-01-24 23:38 - 000000000 ___RD C:\Users\user\Creative Cloud Files

2021-08-06 04:36 - 2018-02-21 21:42 - 000000000 ____D C:\Program Files\Common Files\McAfee

2021-08-06 04:35 - 2021-07-01 03:38 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon

2021-08-04 13:25 - 2021-02-20 07:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2021-08-04 13:23 - 2020-07-24 00:44 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2021-08-04 13:23 - 2020-07-24 00:44 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2021-08-03 19:14 - 2018-01-24 22:44 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2021-08-03 05:28 - 2019-02-12 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2021-07-31 13:34 - 2018-05-28 16:33 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps

2021-07-30 13:34 - 2018-01-24 23:55 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

2021-07-30 13:34 - 2018-01-24 23:55 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk

2021-07-30 13:30 - 2020-12-08 07:14 - 000000000 ___RD C:\Users\user\OneDrive - NA

2021-07-30 13:30 - 2020-07-24 00:44 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-93585695-1239137162-3987457199-1001

2021-07-30 13:30 - 2020-07-24 00:38 - 000002383 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2021-07-30 07:10 - 2021-06-01 19:00 - 000000000 ____D C:\Program Files\Mozilla Firefox

2021-07-30 07:10 - 2019-08-14 23:16 - 000000000 ____D C:\ProgramData\Mozilla

2021-07-30 07:09 - 2018-03-13 22:06 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla

2021-07-30 06:52 - 2018-01-24 17:47 - 000000000 ____D C:\ProgramData\Hewlett-Packard

2021-07-30 04:58 - 2021-06-03 05:49 - 000000000 ____D C:\Users\Someone Else\AppData\Roaming\Hewlett-Packard

2021-07-30 04:58 - 2021-06-03 05:49 - 000000000 ____D C:\Users\Someone Else\AppData\Local\Hewlett-Packard

2021-07-30 04:58 - 2020-07-24 00:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo

2021-07-30 04:58 - 2020-03-20 00:17 - 000000000 ____D C:\WINDOWS\Lenovo

2021-07-30 04:58 - 2019-02-12 07:12 - 000000000 ____D C:\Users\user\AppData\Roaming\Hewlett-Packard

2021-07-30 04:58 - 2019-02-12 01:06 - 000000000 ____D C:\Users\user\AppData\Local\Hewlett-Packard

2021-07-30 04:58 - 2019-02-12 01:06 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard

2021-07-30 04:58 - 2018-06-14 19:59 - 000000000 ____D C:\Users\Someone Else\AppData\Local\Lenovo

2021-07-30 04:58 - 2018-01-22 16:40 - 000000000 ____D C:\Users\user\AppData\Local\Lenovo

2021-07-30 04:58 - 2017-02-25 15:06 - 000000000 ____D C:\ProgramData\Lenovo

2021-07-30 04:22 - 2020-07-24 00:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-07-30 04:22 - 2020-07-24 00:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-07-27 21:59 - 2018-01-22 17:35 - 000000000 ____D C:\Users\user\AppData\Local\Packages

2021-07-27 14:34 - 2021-07-01 03:37 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)

2021-07-24 07:52 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-07-24 07:50 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing

2021-07-24 07:45 - 2021-02-12 00:42 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

2021-07-24 07:19 - 2018-04-13 21:31 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics

2021-07-21 04:50 - 2020-12-21 04:53 - 000000000 ____D C:\Users\user\OneDrive - NA\Documents\smires

2021-07-16 09:45 - 2021-02-20 07:22 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll

2021-07-16 09:45 - 2021-02-20 07:22 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

2021-07-15 14:51 - 2020-07-24 00:36 - 000806664 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources

2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2021-07-15 14:51 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System

2021-07-14 13:26 - 2018-01-24 23:55 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2021-07-14 00:22 - 2020-07-23 17:09 - 000000000 ___HD C:\$WinREAgent

2021-07-14 00:18 - 2019-08-14 21:39 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore

2021-07-14 00:18 - 2018-01-22 17:42 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-07-14 00:16 - 2018-01-22 17:42 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2018-01-28 18:02 - 2018-12-14 01:45 - 000000033 _____ () C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat

2018-08-16 02:42 - 2019-04-24 22:29 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json

2021-02-11 08:06 - 2021-02-11 08:06 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs

2018-01-27 03:26 - 2018-01-28 03:26 - 000000052 _____ () C:\Users\user\AppData\Local\bpDLTbpDLT

2018-09-26 01:08 - 2018-09-26 01:08 - 000000000 _____ () C:\Users\user\AppData\Local\oobelibMkey.log

2018-12-03 10:55 - 2018-12-03 10:59 - 000000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021

Ran by user (10-08-2021 04:31:02)

Running from C:\Users\user\Downloads

Windows 10 Home Version 21H1 19043.1110 (X64) (2020-07-24 04:44:59)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-93585695-1239137162-3987457199-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-93585695-1239137162-3987457199-503 - Limited - Disabled)

Guest (S-1-5-21-93585695-1239137162-3987457199-501 - Limited - Disabled)

Someone Else (S-1-5-21-93585695-1239137162-3987457199-1003 - Limited - Enabled) => C:\Users\Someone Else

user (S-1-5-21-93585695-1239137162-3987457199-1001 - Administrator - Enabled) => C:\Users\user

WDAGUtilityAccount (S-1-5-21-93585695-1239137162-3987457199-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)

Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_1) (Version: 11.1 - Adobe Inc.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)

Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_1) (Version: 21.1 - Adobe Inc.)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)

Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)

Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_3) (Version: 16.3 - Adobe Inc.)

Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_4) (Version: 15.4 - Adobe Inc.)

Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.)

AgentMetrics 5.3.56 (HKLM-x32\...\0525-1095-4455-6583) (Version: 5.3.56 - Terradatum, Inc)

Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)

Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: 1.52.2054 - EnTech Taiwan)

Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)

Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Version: 0.7.5.67 - Dolby Laboratories, Inc.)

File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.11 - Sharpened Productions)

File Viewer Plus (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 2.2.1 - Sharpened Productions)

Find my Font (Free) (HKLM-x32\...\Find my Font (Free)) (Version: 3.4.02 - Softonium Developments)

GlanceGuest version 4.2.0.38 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.2.0.38 - Glance Networks, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)

GoTo Opener (HKLM-x32\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)

HP Dropbox Plugin (HKLM-x32\...\{96A402D4-6126-4899-AEA8-AA764304A7B1}) (Version: 49.1.321.0 - HP)

HP EmailSMTP Plugin (HKLM-x32\...\{39BEAF4B-67DB-4820-9864-BCCD4E6C5987}) (Version: 49.1.321.0 - HP)

HP FTP Plugin (HKLM-x32\...\{F6E456FC-18B7-4F41-AF13-9EECFF500A46}) (Version: 49.1.321.0 - HP)

HP Google Drive Plugin (HKLM-x32\...\{9EDF968A-5D0C-4AF3-9669-1369E2921AA1}) (Version: 49.1.321.0 - HP)

HP OfficeJet Pro 8020 series Basic Device Software (HKLM\...\{7D2A3164-AFBF-4225-9C99-2A2DD82CD4F1}) (Version: 49.3.4475.19206 - HP Inc.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)

HP SFTP Plugin (HKLM-x32\...\{1A3B3517-5C77-4382-9915-B8F0C2AB691F}) (Version: 49.1.321.0 - HP)

HP SharePoint Plugin (HKLM-x32\...\{DB2306C6-0DEA-4468-AE0F-9CDEA7BE842E}) (Version: 49.1.321.0 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPLJUTCore (HKLM-x32\...\{06C9D648-CFC6-48CC-A11B-C4A21BEDDAF1}) (Version: 018.000.0001 - HP) Hidden

hpStatusAlerts (HKLM-x32\...\{32DE03E8-D0B3-4D13-A885-D3EDFC959EEC}) (Version: 180.040.00267 - HP Development Company, L.P.) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)

Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden

IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)

JPEG-EXIF_autorotate (HKLM-x32\...\JPEG-EXIF_autorotate) (Version: - )

Lenovo App Explorer (HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\Host App Service) (Version: 0.271.1.400 - SweetLabs for Lenovo) <==== ATTENTION

Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)

Lenovo Nerve Center (HKLM-x32\...\{93EA1F94-3617-47CE-9EB2-B8DC3AC0B880}) (Version: 1.50.1010 - Lenovo)

Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.)

Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)

Manual (HKLM-x32\...\{A79C1D34-2831-4A5D-91C7-279EF892B5CF}) (Version: 2.02.0813 - Lenovo)

McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R35 - McAfee, LLC)

Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.67 - Microsoft Corporation)

Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{2D98CD18-5754-4D94-B7E8-E6E11DAA56B1}) (Version: 13.0.811.168 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-93585695-1239137162-3987457199-1003\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\Teams) (Version: 1.4.00.7174 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)

Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0.2 - Mozilla)

NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Product Improvement Study for HP OfficeJet Pro 8020 series (HKLM\...\{5F486205-E3D0-40CA-BDD1-92C41A09B153}) (Version: 49.3.4475.19206 - HP Inc.)

psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)

Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10332 - Qualcomm Atheros)

Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.242 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31217 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)

Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)

Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)

Top Producer Editor (HKLM-x32\...\Top Producer Editor_is1) (Version: - )

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)

UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.)

WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.609 - McAfee, LLC)

WinDirStat 1.1.2 (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\WinDirStat) (Version: - )

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)

Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)

Zoom (HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\ZoomUMX) (Version: 5.4.2 (58740.1105) - Zoom Video Communications, Inc.)

Packages:

=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-05-28] (Adobe Systems Incorporated)

Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-06-12] (Adobe Systems Incorporated)

Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.4.353.0_x64__ynb6jyjzte8ga [2021-07-08] (Adobe Inc.)

Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_42.1.22.4_x64__adky2gkssdxte [2021-08-06] (Adobe Systems Incorporated)

Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-18] (Amazon.com)

Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1165.0_x64__rz1tebttyb220 [2021-07-23] (Dolby Laboratories)

Hitting the Road -> C:\Program Files\WindowsApps\Microsoft.HittingtheRoad_1.0.0.0_neutral__8wekyb3d8bbwe [2020-10-26] (Microsoft Corporation)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-23] (HP Inc.)

Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.15.0_neutral__8xx8rvfyw5nnt [2021-06-25] (Instagram)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-06-30] (Apple Inc.) [Startup Task]

Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-06-10] (LENOVO INC.)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad]

Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{04271989-4A69-962C-A545-E842D1072B5A} -> [OneDrive - Smires and Associates] => C:\Users\user\OneDrive - Smires and Associates [2021-05-27 06:05]

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{04271989-C4D2-376D-6581-A2BA318B25C1} -> [OneDrive - NA] => C:\Users\user\OneDrive - NA [2020-12-08 07:14]

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2018-01-24 23:38]

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-93585695-1239137162-3987457199-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-30] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-11] (Adobe Inc. -> )

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File

ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mobility Print.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=alhngdkjgnedakdlnamimgfihgkmenbh

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 5"

==================== Loaded Modules (Whitelisted) =============

2021-08-10 04:23 - 2021-08-10 04:23 - 000114176 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_ctypes.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000172544 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_elementtree.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 002255872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_hashlib.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000032256 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_multiprocessing.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000046080 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_psutil_windows.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000047616 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_socket.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 002825216 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_ssl.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000026112 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\_yappi.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000080896 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\bz2.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000015872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\common.time34.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000007680 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\hashobjs_ext.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000301568 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\PIL._imaging.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000168448 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pyexpat.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 001084416 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pysqlite2._sqlite.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000548864 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pythoncom27.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 000137728 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\pywintypes27.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 000010752 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\select.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000020992 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\thumbnails_ext.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000689664 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\unicodedata.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000119808 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\usb_ext.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000128512 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32api.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000438784 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32com.shell.shell.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000011776 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32crypt.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000023040 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32event.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000149504 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32file.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000223232 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32gui.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000048128 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32inet.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000029696 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32pdh.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000027648 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32pipe.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000044032 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32process.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000020480 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32profile.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000136192 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32security.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000026624 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\win32ts.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000034304 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.conditional.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000037888 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.connectivity.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000071680 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.device_monitor.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000103936 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.volumes.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000019968 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\windows.winwrap.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 001325056 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._controls_.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 001489408 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._core_.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 001007104 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._gdi_.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000103424 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._html2.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 000916992 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._misc_.pyd

2021-08-10 04:23 - 2021-08-10 04:23 - 001039872 _____ () [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wx._windows_.pyd

2017-02-25 15:44 - 2011-05-17 17:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll

2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll

2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll

2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll

2013-05-16 07:52 - 2013-05-16 07:52 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll

2013-05-16 07:52 - 2013-05-16 07:52 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll

2021-07-23 22:17 - 2021-07-23 22:18 - 103578624 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6\HP.Smart.dll

2021-04-03 21:24 - 2021-04-03 21:24 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll

2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\python27.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxbase30u_net_vc90_x64.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxbase30u_vc90_x64.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_adv_vc90_x64.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_core_vc90_x64.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_html_vc90_x64.dll

2021-08-10 04:23 - 2021-08-10 04:23 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\user\AppData\Local\Temp\_MEI113122\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17swin10.msn.com/?pc=LJSE

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE

SearchScopes: HKU\S-1-5-21-93585695-1239137162-3987457199-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-07-29] (McAfee, LLC -> McAfee, LLC)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-24] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-07-29] (McAfee, LLC -> McAfee, LLC)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-27] (Microsoft Corporation -> Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-06-29] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\sharepoint.com -> hxxps://dandrearealestate-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2018-05-27 06:15 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 api.recommendedsw.com

0.0.0.0 rp.yefeneri2.com

0.0.0.0 os.yefeneri2.com

0.0.0.0 os2.yefeneri2.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\HP\Common\HPDestPlgIn\

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-21-93585695-1239137162-3987457199-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 65.19.96.252 - 65.19.96.253

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "ZAM"

HKLM\...\StartupApproved\Run32: => "StatusAlerts"

HKLM\...\StartupApproved\Run32: => "Dropbox"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\StartupApproved\Run: => "Lync"

HKU\S-1-5-21-93585695-1239137162-3987457199-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B293253A-D574-41EC-A4BF-BC44FE6DDFCC}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS6EF1\HPDiagnosticCoreUI.exe => No File

FirewallRules: [{5B61915F-5F4C-4BEC-AEAE-44B0CC06BAEF}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS6EF1\HPDiagnosticCoreUI.exe => No File

FirewallRules: [UDP Query User{E7ECAFFC-D355-422A-B6E8-640145757BC6}C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe => No File

FirewallRules: [TCP Query User{49B2FB1F-D36D-476E-8116-9F3E69AA71CE}C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe] => (Allow) C:\users\user\appdata\local\temp\7zs0227\enterprisedu.exe => No File

FirewallRules: [{103E5198-B619-4B7C-BD3E-3730671C42D3}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS61CE\HPDiagnosticCoreUI.exe => No File

FirewallRules: [{8AA22F5E-D8D7-4171-B424-44E0E9B57C0A}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS61CE\HPDiagnosticCoreUI.exe => No File

FirewallRules: [{1748E934-13DC-4BA7-A36A-52214B774626}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4DDE\HPDiagnosticCoreUI.exe => No File

FirewallRules: [{CB6AC2A2-CAA2-4E19-BB69-B004A557065C}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4DDE\HPDiagnosticCoreUI.exe => No File

FirewallRules: [{AC2DFC58-4713-4D18-ACCA-419A53425C07}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe => No File

FirewallRules: [{F20285E6-2077-4707-B122-40DD97A70B7A}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\4b849805-3b07-4b35-874a-705c0d103672\Installer\hpbcsiInstaller.exe => No File

FirewallRules: [UDP Query User{2DC7E615-0A02-45CE-A41B-626BFD500DE2}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File

FirewallRules: [TCP Query User{1D326AA3-9ABF-4F21-A98B-F01AA278487A}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File

FirewallRules: [UDP Query User{61207B7E-6395-4AF7-9363-B8C6FA3927D8}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{718C1D26-E8B8-4187-9FE3-45D60165EE47}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{FBB5AA06-D21B-4C28-865C-2B40552757D1}] => (Allow) C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [UDP Query User{AAD8261A-8442-4728-B15F-6148496D6F1F}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{36AAEE0A-C23B-44E5-B5E3-263AD8572760}C:\users\user\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\user\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B2E6B352-4AD8-44FD-93DD-55B7E65E2C4C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)

FirewallRules: [{2E30F016-157E-4EA4-9118-49B9857642FB}] => (Allow) LPort=5357

FirewallRules: [{7C8B1F5E-2814-4B36-A25A-79CC319D244B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)

FirewallRules: [{A60A25E7-E1F7-4B1B-8E55-A2F8A717DCD8}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)

FirewallRules: [{FFCE71FE-60A9-4359-9EB3-002D2457BA2C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\SendAFax.exe (HP Inc -> HP Inc.)

FirewallRules: [{3FF3FCFA-1970-4661-955C-96A7D15D9D0F}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)

FirewallRules: [{870B4DEA-98B0-4A73-B689-9AD37D1DD91B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8020 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)

FirewallRules: [{601C37F8-9F36-4C19-84E3-BC88EE50D5F9}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)

FirewallRules: [{155BB0C6-7ADE-439B-8FA6-921F9BE21E7B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)

FirewallRules: [{8105E030-7946-4470-A828-0CAA5DE08707}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{58505E77-6B40-4D28-855D-475A2BD5F93E}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File

FirewallRules: [UDP Query User{123AEE70-B073-4960-BF05-9B933E3F601F}C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2019\node\node.exe => No File

FirewallRules: [{D4E9441F-1E13-45B8-BD2E-7E5EE2EAB746}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{BD6213BE-82E7-49A9-9780-9ABC3297E3D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{924C4CB0-A6FB-47CC-AE44-00091957D9EB}C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe => No File

FirewallRules: [UDP Query User{87D74F84-FE6B-4E3B-B198-3AEE0E2640B9}C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2220\g2viewer.exe => No File

FirewallRules: [TCP Query User{2D30C0DD-BFC1-4A40-A18B-9B2F405A6614}C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe => No File

FirewallRules: [UDP Query User{79F8A03A-3B02-4D0C-879A-8B19BFB966C2}C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\user\appdata\local\temp\g2_2329\g2viewer.exe => No File

FirewallRules: [{2457204E-5881-4312-A350-49A4A2629881}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS24FC\HP.EasyStart.exe => No File

FirewallRules: [TCP Query User{357F8607-169E-4F3C-BE2D-8925F04F6AE4}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

FirewallRules: [UDP Query User{DA1B006F-09B0-4B42-9CDE-B3F8E27EBE2C}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

FirewallRules: [{86511D05-E03B-4458-91A2-88ABD8A1EE10}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4775159B-8BA3-4CBA-B7BF-F88A4A15A5E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DC336918-C8E6-4C1A-8F16-C16F84DD7F0F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E0B4A776-A31C-475E-BD25-DFC1DD5F13F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{4ADD4002-C28C-4876-B322-D51035AD3A41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{EC0AF323-7F31-410E-8465-332CA2D645C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{029F5576-BD36-4015-A513-73A18B6F8EEC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{780F1184-A60F-4464-B68C-A6C16F0A1EEE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{9DB5DAEF-53C4-4F20-847C-321C7B70CF59}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{50B8F4F5-F7B6-47D8-AB0F-AFCC7E870F85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{A9A9BF95-3F97-4DED-96E0-6C125128716C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{A54CCC8B-AFA6-4B12-A8BF-4CF91F4B6B7D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{66D1EE90-FF7D-4E86-8B8C-5F23B6C0A148}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{5A77F68E-05DC-4F26-835D-9620F193847E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{93A8F448-F5B6-448B-A322-DE5186B1EC07}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File

FirewallRules: [{08D4C69C-C5A7-4CC5-80B8-D0F8A4C3E246}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4387B5EC-37F7-47C6-BE6F-A682D55B30ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{30C95D44-F5D9-4C65-961E-7C065EF176D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{B823BCC0-808D-408D-B64F-58FE6972B290}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{ED3AFC1D-A97B-44B9-8FE1-2DB260C8264B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1917BE9A-60A7-49B3-A1B2-B6F2FFC8BB8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{8551CF36-C86E-49F8-A1CA-C921B2894414}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:117.89 GB) (Free:5.05 GB) (4%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (08/10/2021 04:23:07 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/10/2021 04:23:07 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/07/2021 07:47:21 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/07/2021 07:47:21 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/07/2021 07:09:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (08/07/2021 06:59:31 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/07/2021 06:59:31 AM) (Source: MBAMIService) (EventID: 0) (User: )

Description: Event-ID 0

Error: (08/02/2021 12:54:15 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: FbService.exe, version: 3.0.0.1, time stamp: 0x55e67147

Faulting module name: ntdll.dll, version: 10.0.19041.1110, time stamp: 0xe7a22463

Exception code: 0xc0000374

Fault offset: 0x00000000000ff259

Faulting process id: 0x10a8

Faulting application start time: 0x01d7852134bb770e

Faulting application path: C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 3713901c-bb3f-499e-aaba-9826c89fdecd

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (08/10/2021 04:24:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The System Interface Foundation Service service failed to start due to the following error: