WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unrelenting popups - "Virus Found (5)!" System Error w

Started by Getoutandstayout , Aug 12 2022 10:08 AM

This topic is locked

6 replies to this topic

#1 Getoutandstayout

Authentic Member

Authentic Member
82 posts

Posted 12 August 2022 - 10:08 AM

I just started getting these popups that appear whenever I go online. They occur in either Firefox or Edge. They alternate between the warning "Critical Virus Alert!" and "Virus Found(5)!" They're also becoming more and more frequent. There's an X to click them away, but it takes between 5-6 clicks to make them go away; then they come back in a few minutes.

I'm attaching the scans. I hope you can help.

Attached Thumbnails

Attached Files

FRST.txt 41.3KB 1258 downloads
Addition.txt 41.81KB 1281 downloads

Advertisements

Register to Remove

#2 Getoutandstayout

Authentic Member

Authentic Member
82 posts

Posted 12 August 2022 - 10:36 AM

I just realized that I didn't save FRST to my desktop. I did that, then rescanned. Here are the new scans.

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by young (administrator) on LAPTOP-6R6IN514 (HP HP Laptop 15-dw0xxx) (12-08-2022 12:28:49)
Running from C:\Users\young\Desktop
Loaded Profiles: young & Administrator
Platform: Microsoft Windows 10 Home Version 21H1 19043.1889 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MpCopyAccelerator.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2f34d6b29296286a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2f34d6b29296286a\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe [3453824 2022-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-17] (Realtek Semiconductor Corp. -> Realtek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS FixTool] => C:\Program Files (x86)\EaseUS\EaseUS Tools M\bin\UpdateExe.exe [132776 2020-01-14] (CHENGDU YIWO Tech Development Co., Ltd. -> )
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [904288 2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [460896 2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [uTorrent] => C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-19] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [3FDB53E6025D31ACCA9E8EA7D3615DB60EAE8958._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [GoToMeeting] => C:\Users\young\AppData\Local\GoToMeeting\19796\g2mstart.exe [31176 2021-06-26] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280952 2021-06-12] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\young\AppData\Local\WebEx\WebexHost.exe [7595448 2022-03-31] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\Run: [CiscoSpark] => C:\Users\young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1475 2022-04-03] () [File not signed]
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\MountPoints2: {1c7f14bf-5b87-11ea-817b-e86f383bdec6} - "D:\install.EXE" id= ver=1.0.0.0
HKU\S-1-5-21-2242047713-980872803-1690996654-500\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [1114112 2019-05-10] (HP Inc.) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55872 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2020-03-02]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EAAE7A7-8194-43E1-B7F4-1A059DDBB92D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MpCmdRun.exe [1335968 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19581C18-59F9-4ED2-B526-FE07A48E2C7C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {1ED65B7F-684D-4403-A5A2-1308109F138C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {2DAD7EEE-6D9F-47F0-A09A-9D8C06A42FDD} - System32\Tasks\G2MUpdateTask-S-1-5-21-2242047713-980872803-1690996654-1001 => C:\Users\young\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-05-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {325A135B-F023-4C60-B344-94995823BF29} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {3E66A025-525A-4EE4-BB1B-AC30D35CD4C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MpCmdRun.exe [1335968 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52261021-7F4C-4DDA-969C-18E715BB6FAC} - System32\Tasks\G2MUploadTask-S-1-5-21-2242047713-980872803-1690996654-1001 => C:\Users\young\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-05-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {596ABEA4-0C80-4793-8F25-E0FB5839CCBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {686F36EC-7C32-4F31-B67A-05E7539F7677} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1099640 2020-03-09] (HP Inc. -> HP Inc.)
Task: {7104A1A9-3DFC-4A23-9E22-EB6CDF8E34CF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BB44CFA-08A6-4A5A-BD79-C6E422824A58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1099640 2020-03-09] (HP Inc. -> HP Inc.)
Task: {937A970B-B659-4F12-9F6D-1D61424D4167} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MpCmdRun.exe [1335968 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94BF8624-8BCC-4E7F-A2DE-72573EA581D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [147320 2020-03-09] (HP Inc. -> HP Inc.)
Task: {9EA03DE0-E2CE-49AF-9F0B-63E0258D67C7} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {ABD2DB27-BE5D-4512-B3E0-01DD13D247B9} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {AFCA6EBE-E833-45A2-ACB8-AC91FBD2DE60} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {B31F40D8-52C3-485E-9B50-45B09DDD2EEE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DACAE5B9-2712-4729-8BCE-D01F396C167B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MpCmdRun.exe [1335968 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0020B91-7E5B-47B4-9D80-247D5397B341} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61856 2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F04C128C-359A-4D5B-A9F0-B311DC422A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {F119489D-CDE3-4A06-BCEE-0EC160A4F5F0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {FDE874A7-9493-46E1-A871-8430B1717473} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-youngearth@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2242047713-980872803-1690996654-1001.job => C:\Users\young\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2242047713-980872803-1690996654-1001.job => C:\Users\young\AppData\Local\GoToMeeting\19950\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{43f43aaa-5f1b-422d-b3cf-6e907129b7c2}: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{94405d69-9694-4e12-b88c-309919e46921}: [DhcpNameServer] 208.67.222.123 208.67.220.123

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\young\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-07]

FireFox:
========
FF DefaultProfile: vejzafav.default
FF ProfilePath: C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\vejzafav.default [2021-05-06]
FF ProfilePath: C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\qz9fvi9b.default-release [2022-08-12]
FF Homepage: Mozilla\Firefox\Profiles\qz9fvi9b.default-release -> www.duckduckgo.com
FF Notifications: Mozilla\Firefox\Profiles\qz9fvi9b.default-release -> hxxps://ptsemail.pilotcat.com; hxxps://www.tapatalk.com; hxxps://tinder.com; hxxps://2.mous0.biz
FF Extension: (AdBlock — best ad blocker) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\qz9fvi9b.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2022-07-18]
FF Extension: (AdBlocker for YouTube™) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\qz9fvi9b.default-release\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2022-06-29]
FF Extension: (uBlock Origin) - C:\Users\young\AppData\Roaming\Mozilla\Firefox\Profiles\qz9fvi9b.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-06-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2021-04-22] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2242047713-980872803-1690996654-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\young\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2242047713-980872803-1690996654-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\young\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\young\AppData\Local\Google\Chrome\User Data\Default [2022-08-12]
CHR Notifications: Default -> hxxps://pl4fulbunny.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://erd.allstate.com/vpn/images/AccessGateway.ico
CHR Extension: (Accurence) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdemjalhbjphbbmnibpneopekgmnclb [2020-09-01]
CHR Extension: (ERD) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjhahnjekojlhchcdmpppimlbilkdmkn [2020-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-02]
CHR Extension: (Honorlock) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmpkmhjackfpkpcbapafmpepgmmddc [2022-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\young\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
S2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [43616 2020-08-25] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe [770544 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe [762376 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_29c6c876bdaf5af9\x64\TouchpointAnalyticsClientService.exe [489696 2022-05-26] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-05-16] (Malwarebytes Inc -> Malwarebytes)
S2 MSSQL$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [281464 2021-06-12] (nordvpn s.a. -> TEFINCOM S.A.)
R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [741832 2022-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
S4 SQLAgent$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-21] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [127936 2019-03-28] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287744 2022-02-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [154112 2021-10-15] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-05-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-06] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslc81bb442; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0420F2AF-582F-4A37-B531-8E7E6F492A2C}\MpKslDrv.sys [141576 2022-08-12] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\6.48.18.0\Drivers\NDivert.sys [131456 2022-04-05] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2021-06-09] (nordvpn s.a. -> TEFINCOM S.A.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-03-11] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-12 12:28 - 2022-08-12 12:31 - 000028153 _____ C:\Users\young\Desktop\FRST.txt
2022-08-12 11:41 - 2022-08-12 11:41 - 002370048 _____ (Farbar) C:\Users\young\Desktop\FRST64.exe
2022-08-12 11:40 - 2022-08-12 11:41 - 000000000 ____D C:\Users\young\Documents\Computer-related
2022-08-12 11:29 - 2022-08-12 11:29 - 000041206 _____ C:\Users\young\Downloads\Benefits summary Nov 2 2021.pdf
2022-08-10 23:45 - 2022-08-10 23:45 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 23:45 - 2022-08-10 23:45 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 23:44 - 2022-08-10 23:44 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 23:43 - 2022-08-10 23:43 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 23:43 - 2022-08-10 23:43 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 23:42 - 2022-08-10 23:42 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 23:42 - 2022-08-10 23:42 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 23:42 - 2022-08-10 23:42 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 22:46 - 2022-08-10 22:46 - 000000000 ___HD C:\$WinREAgent
2022-08-09 14:33 - 2022-08-09 14:33 - 003833981 _____ C:\Users\young\Desktop\ice_video_20220809-143302.webm
2022-08-09 09:29 - 2022-08-09 09:29 - 001821125 _____ C:\Users\young\Desktop\ice_video_20220809-092934.webm
2022-08-09 09:28 - 2022-08-09 09:28 - 000000000 ____D C:\ProgramData\NordUpdater
2022-08-09 00:46 - 2022-08-09 00:46 - 003849237 _____ C:\Users\young\Desktop\ice_video_20220809-004642.webm
2022-08-07 13:23 - 2022-08-07 13:24 - 000000000 ____D C:\Users\young\Documents\Politics
2022-08-07 13:01 - 2022-08-07 13:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-06 12:53 - 2022-08-10 22:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-28 12:57 - 2022-07-28 12:58 - 034214459 _____ C:\Users\young\Desktop\ice_video_20220728-125711.webm
2022-07-27 13:10 - 2022-07-27 13:10 - 001210651 _____ C:\Users\young\Desktop\ice_video_20220727-131024.webm
2022-07-26 13:05 - 2022-07-26 13:06 - 000000000 ____D C:\Users\young\Documents\Trees
2022-07-22 00:05 - 2022-06-21 04:04 - 000513232 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2022-07-22 00:05 - 2022-06-21 04:04 - 000446536 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2022-07-22 00:05 - 2022-06-21 04:03 - 000960312 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2022-07-22 00:05 - 2022-06-21 04:03 - 000719032 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2022-07-22 00:05 - 2022-06-21 04:03 - 000602960 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2022-07-22 00:05 - 2022-06-21 04:03 - 000461968 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 027897712 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 001871440 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-22 00:05 - 2022-06-21 03:39 - 001871440 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-07-22 00:05 - 2022-06-21 03:39 - 001451096 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-22 00:05 - 2022-06-21 03:39 - 001451096 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-07-22 00:05 - 2022-06-21 03:39 - 001116728 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 001116728 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 000970296 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 000970296 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 000464240 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 000382320 _____ C:\WINDOWS\system32\ze_loader.dll
2022-07-22 00:05 - 2022-06-21 03:39 - 000150896 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2022-07-22 00:05 - 2022-06-21 03:38 - 020640112 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2022-07-22 00:05 - 2022-06-21 03:38 - 000508784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-07-22 00:05 - 2022-06-21 03:38 - 000371568 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-07-22 00:04 - 2022-06-21 04:01 - 000370752 _____ C:\WINDOWS\system32\ControlLib.dll
2022-07-21 14:54 - 2022-07-21 14:54 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-07-21 14:54 - 2022-07-21 14:54 - 000000000 ____D C:\ProgramData\Samsung
2022-07-21 14:54 - 2021-10-08 11:00 - 000043640 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver2.sys
2022-07-19 10:20 - 2022-07-19 10:20 - 000000288 _____ C:\Users\young\Documents\Qustodio-notes.txt
2022-07-18 12:10 - 2022-07-18 12:11 - 000000000 ____D C:\Users\young\Documents\Qustodio
2022-07-15 10:31 - 2022-07-15 10:31 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-15 10:31 - 2022-07-15 10:31 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-15 10:31 - 2022-07-15 10:31 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-15 10:31 - 2022-07-15 10:31 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-15 10:31 - 2022-07-15 10:31 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-15 10:31 - 2022-07-15 10:31 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-15 10:30 - 2022-07-15 10:30 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-15 10:30 - 2022-07-15 10:30 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-15 10:30 - 2022-07-15 10:30 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-15 10:30 - 2022-07-15 10:30 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-15 10:30 - 2022-07-15 10:30 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-15 10:30 - 2022-07-15 10:30 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-15 10:29 - 2022-07-15 10:29 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-15 10:29 - 2022-07-15 10:29 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-15 10:28 - 2022-07-15 10:28 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-15 10:28 - 2022-07-15 10:28 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-15 10:27 - 2022-07-15 10:27 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 12:39 - 2022-06-12 23:31 - 050563699 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-07-14 12:39 - 2020-10-12 08:14 - 000028850 _____ C:\WINDOWS\system32\Drivers\gen3p1pkey.dat

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-12 12:30 - 2021-05-05 15:27 - 000000000 ____D C:\FRST
2022-08-12 12:04 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-12 12:02 - 2020-07-14 12:10 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-12 11:29 - 2021-10-12 11:45 - 000000000 ____D C:\Users\young\Documents\Datafield
2022-08-12 11:22 - 2022-02-12 18:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-08-12 11:21 - 2020-02-29 19:03 - 000000000 ____D C:\Users\young\AppData\LocalLow\Mozilla
2022-08-12 11:20 - 2020-09-08 04:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-12 11:20 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-12 10:32 - 2021-07-21 02:47 - 000000879 _____ C:\Users\young\Desktop\JRT.txt
2022-08-12 09:40 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-12 09:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-12 09:39 - 2020-06-20 01:03 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-11 20:09 - 2020-02-29 23:12 - 000000000 ____D C:\Users\young\AppData\Roaming\uTorrent
2022-08-11 19:33 - 2020-02-29 23:12 - 000000000 ____D C:\Users\young\AppData\Local\BitTorrentHelper
2022-08-11 19:10 - 2020-03-14 19:48 - 000000000 ____D C:\Users\young\AppData\Roaming\vlc
2022-08-11 18:40 - 2019-05-24 14:58 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-11 02:06 - 2020-03-07 16:52 - 000000000 ____D C:\Users\young\AppData\Local\Adobe
2022-08-11 01:42 - 2020-02-29 11:48 - 000000000 __SHD C:\Users\young\IntelGraphicsProfiles
2022-08-11 01:28 - 2020-09-08 04:21 - 000970184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-11 01:23 - 2020-09-08 04:03 - 005139696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-11 01:22 - 2020-09-01 09:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-08-11 01:20 - 2020-09-08 04:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-11 01:20 - 2020-09-08 04:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-11 01:20 - 2019-12-29 23:20 - 000000000 ____D C:\Intel
2022-08-11 01:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-11 01:18 - 2019-12-07 05:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2022-08-11 01:17 - 2020-09-06 08:41 - 000000000 ____D C:\WINDOWS\HoloShell
2022-08-11 01:17 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-11 01:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-11 00:32 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 23:42 - 2020-09-08 04:09 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 22:31 - 2019-04-15 11:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-10 22:22 - 2022-02-19 00:42 - 000000000 ____D C:\Users\young\AppData\Local\NordVPN
2022-08-10 22:12 - 2020-02-29 19:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-10 22:08 - 2020-09-06 10:06 - 000000000 ____D C:\Users\young
2022-08-10 13:54 - 2022-02-19 00:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2022-08-10 13:54 - 2022-02-19 00:41 - 000000000 ____D C:\Program Files\NordVPN
2022-08-10 13:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 13:09 - 2020-03-01 02:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 12:53 - 2020-03-01 02:02 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-09 12:44 - 2020-04-18 21:49 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-08-09 09:28 - 2022-03-06 15:12 - 000000000 ____D C:\Program Files\NordUpdater
2022-08-08 22:55 - 2020-07-14 12:11 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-08 22:55 - 2020-07-14 12:11 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-07 13:01 - 2020-02-29 19:03 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-08-06 19:26 - 2020-03-16 19:52 - 000000000 ____D C:\Sites
2022-07-29 21:58 - 2020-02-29 19:15 - 000000000 ____D C:\Users\young\Documents\Noah
2022-07-28 11:56 - 2021-12-12 19:26 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2242047713-980872803-1690996654-1001
2022-07-28 11:56 - 2020-09-08 04:26 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2242047713-980872803-1690996654-1001
2022-07-28 11:56 - 2020-09-06 10:06 - 000002386 _____ C:\Users\young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 21:32 - 2020-09-08 04:26 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 21:32 - 2020-09-08 04:26 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 09:28 - 2020-10-23 14:06 - 000000000 ____D C:\Users\young\AppData\Local\CrashDumps
2022-07-19 14:04 - 2020-02-29 19:11 - 000000000 ____D C:\Users\young\Documents\Christian
2022-07-16 02:02 - 2020-10-15 00:18 - 000000000 ____D C:\Users\young\AppData\Local\Notepad
2022-07-16 01:46 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 01:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 01:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 01:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 01:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents

==================== Files in the root of some directories ========

2021-02-27 17:51 - 2021-07-31 12:01 - 000000132 _____ () C:\Users\young\AppData\Roaming\Adobe PNG Format CS6 Prefs
2020-07-18 17:36 - 2020-07-18 17:39 - 000013824 _____ () C:\Users\young\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-12-20 13:15 - 2020-12-20 13:15 - 000007601 _____ () C:\Users\young\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

And the "Addition.txt"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by young (12-08-2022 12:33:41)
Running from C:\Users\young\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1889 (X64) (2020-09-08 08:27:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2242047713-980872803-1690996654-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2242047713-980872803-1690996654-503 - Limited - Disabled)
Guest (S-1-5-21-2242047713-980872803-1690996654-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2242047713-980872803-1690996654-504 - Limited - Disabled)
young (S-1-5-21-2242047713-980872803-1690996654-1001 - Administrator - Enabled) => C:\Users\young

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.002.20191 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - Canon Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\ActiveTouchMeetingClient) (Version: 42.3.1 - Cisco Webex LLC)
Citrix Authentication Manager (HKLM-x32\...\{6F4A8C65-4F1F-49C6-8302-A7CB16AD6EDA}) (Version: 20.6.200.262 - Citrix Systems, Inc.) Hidden
Citrix Screen Casting for Windows (HKLM-x32\...\{4D46B3A6-67F5-4385-86D2-8E769EA07827}) (Version: 19.11.100.48 - Citrix Systems, Inc) Hidden
Citrix Web Helper (HKLM-x32\...\{6BAFBCC8-3059-477C-8D25-4691BEB61F81}) (Version: 20.8.0.29 - Citrix Systems, Inc.) Hidden
Citrix Workspace 2008 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 20.8.0.46 - Citrix Systems, Inc.)
Citrix WorkSpace Browser (HKLM-x32\...\{30BED3FE-B5BC-47D0-87CF-B74AF931669F}) (Version: 20.8.0.12 - Citrix Systems, Inc.) Hidden
Citrix Workspace Inside (HKLM-x32\...\{BC10CD76-F501-4F0D-B58C-116017E41CF1}) (Version: 20.8.0.65534 - Citrix Systems, Inc.) Hidden
Citrix Workspace(DV) (HKLM-x32\...\{20118706-E36F-46E7-9F45-FFF3A7593537}) (Version: 20.8.0.24 - Citrix Systems, Inc.) Hidden
Citrix Workspace(USB) (HKLM-x32\...\{4B87730A-F4C7-410F-B303-CDC6FABAD843}) (Version: 20.8.0.24 - Citrix Systems, Inc.) Hidden
EaseUS Tools M Beta 0.6.5 (HKLM-x32\...\D72C2F7D-B75E-4641-AFBE-199B95066617_is1) (Version: - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
GoTo Opener (HKLM-x32\...\{C6B5D864-7BAF-43A7-A09D-550C0938441F}) (Version: 1.0.548 - LogMeIn, Inc.)
GoToMeeting 10.19.0.19950 (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\GoToMeeting) (Version: 10.19.0.19950 - LogMeIn, Inc.)
Grammarly (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\GrammarlyForWindows) (Version: 1.5.78 - Grammarly)
Icecream Screen Recorder version 4.50 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.50 - Icecream Apps)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{94979CD2-0904-47DE-A4AC-04F1C4524650}) (Version: 17.2.8.1029 - Intel Corporation)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15427.20210 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.47 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM-x32\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2242047713-980872803-1690996654-500\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (HKLM-x32\...\{DFB059F4-DBB2-497F-999E-AD86FA90E6DD}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{FEC535DD-0EB2-4709-87BD-1708C6364EB6}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 103.0.1 (x64 en-US)) (Version: 103.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.50 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.48.18.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{2DD52CE9-DE2C-4842-86EB-639E761F546D}) (Version: 20.8.0.24 - Citrix Systems, Inc.) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Self-service Plug-in (HKLM-x32\...\{12B40BBD-B0D8-4C37-AB68-CB27E49E2881}) (Version: 20.8.0.29 - Citrix Systems, Inc.) Hidden
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Webex (HKLM\...\{32E8818C-AA8B-5494-9CA9-FA0E093140B8}) (Version: 42.3.0.21576 - Cisco Systems, Inc)
WebM Project Directshow Filters (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinX DVD Ripper Platinum 8.20.3 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zoom (HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.35.264.0_x64__v10z8vjag6ke6 [2022-07-14] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-01-02] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-02-08] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1026.0_x64__8j3eq9eme6ctt [2022-04-01] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Studios) [MS Ad]
One Photo Viewer -> C:\Program Files\WindowsApps\48914EllipticPhenomena.OnePhotoViewer_1.17.0.0_neutral__8w313s78tpvfc [2022-06-20] (Elliptic Phenomena)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-08] (Microsoft Corporation)
Slow Motion Video -> C:\Program Files\WindowsApps\6291Lachlan.SlowMotionVideo_1.1.12.0_x64__kqhy9awb13v5j [2021-03-13] (Lachlan) [MS Ad]
VUDU Movies and TV -> C:\Program Files\WindowsApps\95FE1D22.VUDUMoviesandTV_3.0.1.0_neutral__0wkekwh8d6p78 [2022-01-16] (VUDU Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2242047713-980872803-1690996654-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\young\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2242047713-980872803-1690996654-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\young\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2242047713-980872803-1690996654-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\young\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-07-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-07-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-06] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-08-09 09:28 - 2022-08-10 22:31 - 009102848 _____ () [File not signed] C:\Program Files\NordVPN\6.48.18.0\telio.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2242047713-980872803-1690996654-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2242047713-980872803-1690996654-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {D171451B-94CB-4952-98E9-77D25F23F10D} hxxps://claimaccess.allstate.com/ngaa/AllstateCTSNG/Desktop/EComm/VSSPELL8.CAB
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-06] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2020-08-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\allstate.com -> allstate.com
IE trusted site: HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\pilotcat.com -> pilotcat.com
IE trusted site: HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\surfshark.com -> hxxps://surfshark.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2020-03-07 17:42 - 000001028 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2242047713-980872803-1690996654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\young\Pictures\Animals\Ocean creatures\whale-diver-underwater-1600x900.jpg
HKU\S-1-5-21-2242047713-980872803-1690996654-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "RtlS5Wake"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Data Migration Tool"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "XCDownloadApplet"
HKLM\...\StartupApproved\Run32: => "EaseUS FixTool"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "3FDB53E6025D31ACCA9E8EA7D3615DB60EAE8958._service_run"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "CiscoSpark"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-2242047713-980872803-1690996654-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FA2741CACE004C7CBCCC3EE92FE5E63D"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{94B08DB1-C795-4325-8B27-FB62948DB85F}C:\users\young\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\young\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3B2969FD-9B26-4E4F-99F0-1FAD91C341F9}C:\users\young\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\young\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8CCC298-CCFA-4630-B289-F46203924683}] => (Allow) C:\Users\young\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D1A38A40-A7C9-4F06-868D-8D0A34615A6B}] => (Allow) LPort=7935
FirewallRules: [{EF175066-4B3B-40E7-B2B5-BDB2683621B7}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{91615912-D203-4D56-9472-E0A99E9F7B8E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{DE76BBFF-3A6B-4611-8FAA-CC164B90A8AC}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B0A989BB-B4EA-4782-AA10-6859A92AB184}] => (Allow) C:\Users\young\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C6A12427-3085-48C5-80C7-35B0765A2D9F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2AAC56DE-AD82-4CAE-BC7C-D84B2665F5D6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{62897341-874B-4DC3-AA97-AB1382463D1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DE6D4A31-5CB7-4688-9EE8-8B7509117026}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{01812A90-D801-4B11-9F3D-DDCDA610CA01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{673BC802-A6D5-428F-A18C-BF5026F3FAB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{EFA75C2D-52A7-4E63-AAD6-FE62F362F070}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9605A672-EC18-4E2B-8519-037654A15381}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{0F8E9BAF-44B8-4E23-80E4-D9F3E70298DF}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{9BB8CDA2-6C74-498E-8919-2431125AF5D2}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
FirewallRules: [{3269BDFF-536C-437B-9FC1-89B4075C5A82}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A479499-E99A-47D9-BC7A-AB6A73D5A9CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C0C1223-B488-4109-B564-262B4F8E9943}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C491F609-D75F-4873-8D08-6E7C83BE8057}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{99ECCEDC-0EE4-4AFB-8421-6D4623CB1440}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09401B40-8453-439A-BC10-764DB74B7008}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{355584E9-8C4B-4265-92B0-F75C18F4D696}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

20-07-2022 09:24:10 JRT Pre-Junkware Removal
30-07-2022 19:54:58 Scheduled Checkpoint
07-08-2022 19:39:18 Scheduled Checkpoint
10-08-2022 13:18:55 Windows Modules Installer
10-08-2022 18:21:34 Windows Modules Installer
10-08-2022 21:31:39 Windows Modules Installer
10-08-2022 21:40:39 Windows Modules Installer
10-08-2022 22:47:41 Windows Modules Installer
12-08-2022 10:23:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/12/2022 10:28:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3a10

Start Time: 01d8ae5771952316

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 547dc096-5738-4011-b2de-97a0c292e9d3

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Cross-thread

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/11/2022 01:18:16 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/10/2022 10:09:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

System errors:
=============
Error: (08/11/2022 01:22:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (XACTWARE) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2022 01:22:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Citrix Workspace Updater Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2022 01:22:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the SQL Server (XACTWARE) service to connect.

Error: (08/11/2022 01:22:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Citrix Workspace Updater Service service to connect.

Error: (08/11/2022 01:22:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2022 01:22:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.

Error: (08/11/2022 01:21:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WildTangentHelper service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/11/2022 12:22:35 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6R6IN514)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2022-08-11 01:14:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-10 22:46:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-06 13:01:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-06 01:46:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-04 21:25:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-08-12 10:26:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2f34d6b29296286a\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.53 10/15/2021
Motherboard: HP 85EF
Processor: Intel® Core™ i3-8145U CPU @ 2.10GHz
Percentage of memory in use: 69%
Total physical RAM: 8079.3 MB
Available physical RAM: 2449.18 MB
Total Virtual: 16271.3 MB
Available Virtual: 9129.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.7 GB) (Free:333.53 GB) (Model: WDC WD10SPZX-60Z10T0) NTFS
Drive d: () (Removable) (Total:29.28 GB) (Free:29.02 GB) FAT32
Drive e: (Windows) (RAMDisk) (Total:930.7 GB) (Free:329.51 GB) (Model: WDC WD10SPZX-60Z10T0) NTFS

\\?\Volume{a262b600-9771-4112-b2f6-4e4dd0d6ad5c}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS
\\?\Volume{dbc9bedb-b95e-4778-8596-5f67c7ca7135}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D43069B4)

Partition: GPT.

==========================================================
Disk: 1 (Size: 29.3 GB) (Disk ID: C654FC01)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)

==================== End of Addition.txt =======================

#3 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 13 August 2022 - 07:40 AM

Not seeing anything in the logs that look suspicious or wrong....

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent).
I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Right click on the FRST icon and select Run as administrator, just open it and let it wait.

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start::
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://pl4fulbunny.com
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]
FirewallRules: [TCP Query User{0F8E9BAF-44B8-4E23-80E4-D9F3E70298DF}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{9BB8CDA2-6C74-498E-8919-2431125AF5D2}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes AdwCleaner

-------------------

Please download AdwCleaner and save it to your Desktop
Close all open programs and browsers
Right click on the icon and select Run as administrator
Click Scan now
Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
When completed click View Scan Log File
Copy and paste the contents in your reply
Click Skip Basic Repair if it appears then close the program

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.

Download ESET Free Online Scanner and save it to your Desktop
Right click on esetonlinescanner_enu.exe and select Run as administrator
Click Computer Scan
Click Full scan
Select Enable ESET to detect and quarantine potentially unwanted applications
Click Start scan
Once completed click Save scan log and save it to your Desktop as ESETScan.txt
Click Continue then finally click Close
Copy and paste the ESETScan.txt file contents in your reply
================

Please post these results when finished.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 Getoutandstayout

Authentic Member

Authentic Member
82 posts

Posted 15 August 2022 - 06:57 AM

I'm including the Fixlog.txt and adwarecleaner files here. As for the ESET Online scanner, it took all night to run, which I had run overnight last night. When it was finished, I clicked "continue" a couple of times, then the last window disappeared - and it didn't produce a log file or anything saved to my desktop. I guess I'm going to have to run it again, but it's going to have to be during the night, because it takes so long and I have work to do on my laptop during the day.

*One note - on the annoying popup I kept getting that had the McAfee logo on it, I noticed a small URL on it which I see in the results of the Farbar Recovery Scan Tool >>> "hxxps://pl4fulbunny.com." It seems to be somehow responsible for my issue, I think.

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by young (13-08-2022 12:23:54) Run:2
Running from C:\Users\young\Desktop
Loaded Profiles: young
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://pl4fulbunny.com
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]
FirewallRules: [TCP Query User{0F8E9BAF-44B8-4E23-80E4-D9F3E70298DF}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
FirewallRules: [UDP Query User{9BB8CDA2-6C74-498E-8919-2431125AF5D2}C:\program files (x86)\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\5kplayer\5kplayer.exe => No File
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
C:\Windows\Temp\*.*
End::
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\WildTangentHelper => removed successfully
WildTangentHelper => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0F8E9BAF-44B8-4E23-80E4-D9F3E70298DF}C:\program files (x86)\5kplayer\5kplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BB8CDA2-6C74-498E-8919-2431125AF5D2}C:\program files (x86)\5kplayer\5kplayer.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_Helper.log => moved successfully
C:\Windows\Temp\APPX.4uobj6xtinw32_cq9vtxzmn8c.tmp => moved successfully
C:\Windows\Temp\APPX.6bnlkurnqwjc5lzj6besfatqf.tmp => moved successfully
C:\Windows\Temp\APPX.7ebvu0eh40gfrkuu7bg_fwfnd.tmp => moved successfully
C:\Windows\Temp\APPX.a52bqxazg_m5bhpqzpi7xyxme.tmp => moved successfully
C:\Windows\Temp\APPX.cjcm_t_n63nyv1nc7yft9cq_d.tmp => moved successfully
C:\Windows\Temp\APPX.gwp9ig3f5fktw03ndabtg4rse.tmp => moved successfully
C:\Windows\Temp\APPX.lscrbv4ee3ojo6vwx9au94vdb.tmp => moved successfully
C:\Windows\Temp\APPX.t27_8l9jpy56oi8a7v7ut_qzf.tmp => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220728-1727.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1156.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1209.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1210.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1219.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1219a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1301.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1301a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1724.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1724a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1724b.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1811.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1811a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1955.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-1955a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2041.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2041a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2322.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2323.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2351.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2351a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2352.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220806-2352a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-0033.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-0033a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1301.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1304.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1304a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1304b.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1912.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1913.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1917.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-1917a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2056.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2056a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2216.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2216a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2229.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220807-2229a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-0742.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-0751.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-0751a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-0853.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-0853a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1212.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1212a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1231.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1231a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1232.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1232a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1258.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1259.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1304.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1751.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1751a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1751b.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1754.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-1755.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220808-2141.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-0828.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-0830.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-0923.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-1530.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-1601.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220809-1620.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1257.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1257a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1257b.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1544.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1554.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1559.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-1619.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-2214.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-2223.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220810-2245.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0100.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0122.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0147.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0147a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0400.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0637.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-0934.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1347.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1348.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1419.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1419a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1458.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1458a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1533.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1840.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1840a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1841.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1841a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-1938.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-2007.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-2049.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220811-2212.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-0913.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-0915.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1036.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1333.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1424.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1424a.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1440.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1446.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1451.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1501.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-1707.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-2001.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220812-2030.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220813-1205.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220813-1208.log => moved successfully
C:\Windows\Temp\LAPTOP-6R6IN514-20220813-1208a.log => moved successfully
Could not move "C:\Windows\Temp\LAPTOP-6R6IN514-20220813-1224.log" => Scheduled to move on reboot.
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202208121440151138).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202208131223572464).log" => Scheduled to move on reboot.
C:\Windows\Temp\perfboost.exe_c2rdll(20220808175321738).log => moved successfully
C:\Windows\Temp\perfboost.exe_c2rdll(2022081118403826A8).log => moved successfully
C:\Windows\Temp\Setup Log 2022-08-09 #001.txt => moved successfully
C:\Windows\Temp\Setup Log 2022-08-10 #001.txt => moved successfully
C:\Windows\Temp\TS_334.tmp => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-08-2022 12:33:58)

C:\Windows\Temp\LAPTOP-6R6IN514-20220813-1224.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202208131223572464).log => Is moved successfully

==== End of Fixlog 12:33:58 ====

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-13-2022
# Duration: 00:00:09
# OS:       Windows 10 Home
# Cleaned: 4
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\young\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2800 octets] - [06/05/2021 20:24:34]
AdwCleaner[C00].txt - [3157 octets] - [06/05/2021 20:27:51]
AdwCleaner[S01].txt - [1960 octets] - [13/08/2022 12:49:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Edited by Getoutandstayout, 15 August 2022 - 07:01 AM.

#5 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 August 2022 - 07:23 AM

For Eset Online
When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked View detected results
Did this come up?

I had placed an entry for CHR Notifications: Default -> hxxps://pl4fulbunny.com <= says removed successfully

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 August 2022 - 08:25 AM

Try resetting defaults on Google Chrome

https://support.goog...r/3296214?hl=en

#7 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 26 August 2022 - 05:54 AM

Glad we could help.
Since this issue appears resolved ... this Topic is closed.

Body Background

skin color theme