Solved Intermittent Startup Times 1.5min to 3min & suspect virus

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Start up time to welcome display sometimes 20 seconds and to desktop with WinDefender 1min 30sec. other times up to 3minutes even after on for 6 hours.
Also Autoruns displayed Agentactivationruntimestarter , using duckduckgo this shows up many times as a virus.
xxxxxxxxxxxxxx FRST.TXT xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Ellen (administrator) on LAPTOP-58PSTIC9 (HP HP 15 Notebook PC) (17-09-2021 17:35:53)
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (Hewlett-Packard -> HP)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-29] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1942400 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Print\Monitors\EPSON NX530 Series 64MonitorBA: C:\WINDOWS\system32\E_YLMHTA.DLL [118784 2010-09-28] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032390EF-562C-4A5E-A5A4-F3507412AE00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A86DBB5-A798-47F3-A507-4DDE09E5DF04} - \{310FA174-6864-D976-B5C3-66BA81B91CB9} -> No File <==== ATTENTION
Task: {2E51498B-4A1F-4BAF-B090-0963A14046D2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {3EC7C0B9-8DEF-45D1-99CE-7FD09F3F6DF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {4D520021-16C5-4AD9-B1EC-C94E2EC3EDFF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [627128 2021-09-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {549FDA9F-942C-4754-B7A8-A663B49CE994} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {643B598A-AC05-44BB-A00E-1063BB700BD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {64F57F25-B2AC-4407-B44E-6A36149227E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {65FC85CD-76D0-4B29-8D06-5C8C1CA7BA00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {663A7A95-6CFB-40F6-A090-F8BF4122F140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {734FF164-081B-43E9-A400-BE1097151A30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7806B780-A4C3-4E87-896E-6D390CB4610D} - System32\Tasks\RunHomeTechSupportUpdateSVC => C:\Program Files (x86)\Home Tech Support\HomeTechSupportUpdateSVC.exe
Task: {7CA61D66-A59C-488E-9F76-6A5ABE96A41F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {89F27ED7-25FE-4221-A763-DE4475A25482} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {B751C05F-9C29-4A35-A91D-DEC2BF442C5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B8A10C6D-567F-48CE-AB5A-1B71A0433ED8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {BD8794BE-26D1-4E7D-838E-EE1B99CF1CB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C599B510-3A91-4585-A19D-EB10863C6212} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CACD12B9-F9FC-4756-B9E5-92932693DC61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E1C97093-F475-42E5-8C1A-470EE5F6E0A6} - System32\Tasks\CCleanerSkipUAC => C:\Users\Ellen\Desktop\TechTools\Scanners\CCleaner\CCleaner.exe
Task: {E519B2B8-D9A6-42C9-8780-FA0499C15F39} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2862440 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {F73785E0-EBAF-405F-A57D-75BCE23E2E2D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {FEF13405-E1D5-4243-9CD1-430487A9D7D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {FF692097-51D3-460E-ACFF-7D7A4B133CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {FFB6C9A3-C86B-4888-A369-BD3FDA30DA5F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-06-02] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{414092d5-c777-48c2-b7a4-de6098042d0b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7458add5-b96b-4bfb-b1e3-73018cb2bbd7}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{cbc5855e-ff92-457a-94e2-37cd5d584b00}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{ccfae9ef-b1b3-4af7-bf67-0dd0312d9ec1}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Ellen\Downloads
Edge Notifications: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> hxxps://mg.mail.yahoo.com; hxxps://mail.google.com; hxxps://www.facebook.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-17]
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://usdollarreports.com; hxxps://www.facebook.com; hxxps://www.instagram.com
Edge HomePage: Default -> hxxps://duckduckgo.com/
Edge NewTab: Default -> Not-active:"chrome-extension://pmgpmnhnchfkodemhkbodiflgacdfehf/modern_newtab.html"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Smarty) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2021-07-22]
Edge Extension: (Daily Recipe Ideas BETA EXTENSION) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmgpmnhnchfkodemhkbodiflgacdfehf [2020-08-31]

FireFox:
========
FF DefaultProfile: 7ise2ylt.default-1630949907107
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\TomTom\HOME\Profiles\510v9lkp.default [2021-02-19]
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 [2021-09-17]
FF Homepage: Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 -> hxxps://duckduckgo.com/
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default [2021-09-12]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://trendingconsumerdeals.com; hxxps://www.12up.com; hxxps://www.facebook.com; hxxps://www.newsbreak.com
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-17]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S4 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\FileSyncHelper.exe [2198376 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-08-25] (HP Inc. -> HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-12] (Malwarebytes Inc -> Malwarebytes)
S4 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\OneDriveUpdaterService.exe [2573160 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S4 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]
S4 LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359; "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0B9E1001.tmp\LMI_Rescue_srv.exe" -service -sid 34794400-e9ec-fdef-bc50-b00f67184359 -wd "C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet\LMIR0B9A8001.tmp\\"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (AVAST Software a.s. -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-20] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41400 2015-08-31] (CyberLink Corp. -> CyberLink Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-15] (Malwarebytes Inc -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-17 17:35 - 2021-09-17 17:42 - 000018462 _____ C:\Users\Ellen\Desktop\FRST.txt
2021-09-17 17:34 - 2021-09-17 17:38 - 000000000 ____D C:\FRST
2021-09-17 17:33 - 2021-09-17 17:30 - 002304000 _____ (Farbar) C:\Users\Ellen\Desktop\FRST64.exe
2021-09-17 16:56 - 2021-09-17 16:56 - 000000000 ____D C:\Users\Ellen\Desktop\Autoruns
2021-09-16 16:28 - 2021-09-16 16:28 - 000000000 ____D C:\WINDOWS\Panther
2021-09-16 12:59 - 2021-09-16 12:59 - 000001663 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TFC.exe - Shortcut.lnk
2021-09-15 23:08 - 2021-09-15 23:08 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 23:08 - 2021-09-15 23:08 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-15 23:08 - 2021-09-15 23:08 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-15 23:07 - 2021-09-15 23:07 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-15 21:15 - 2021-09-15 21:15 - 000000000 ___HD C:\$WinREAgent
2021-09-15 17:54 - 2021-09-15 17:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-15 14:30 - 2021-09-15 14:30 - 000000112 ___SH C:\bootTel.dat
2021-09-14 09:03 - 2021-09-14 09:03 - 000001705 _____ C:\Users\Ellen\Desktop\swriter.exe - Shortcut.lnk
2021-09-14 08:53 - 2021-09-14 08:53 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\OpenOffice
2021-09-14 08:47 - 2021-09-14 08:47 - 000001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.10.lnk
2021-09-14 08:47 - 2021-09-14 08:47 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.10
2021-09-14 08:45 - 2021-09-14 08:45 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-09-13 18:47 - 2021-09-13 18:47 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\WINDOWS\ERUNT
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\JRT
2021-09-13 15:15 - 2021-09-13 15:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-13 08:45 - 2021-09-13 08:45 - 000425304 _____ (Secure By Design Inc.) C:\Users\Ellen\Downloads\Ninite OpenOffice Installer.exe
2021-09-12 15:54 - 2021-09-12 15:54 - 000000000 ____D C:\Users\Ellen\AppData\Local\MBAM
2021-09-12 15:51 - 2021-09-12 15:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-12 15:50 - 2021-09-12 15:46 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-12 15:49 - 2021-09-12 15:47 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-12 15:47 - 2021-09-12 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-08 15:08 - 2021-09-08 15:08 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-09-08 15:06 - 2021-09-17 16:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-07 17:58 - 2021-09-07 17:59 - 000000000 ____D C:\WINDOWS\pss
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
2021-09-07 08:29 - 2021-09-07 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-09-07 08:29 - 2021-09-07 08:29 - 000000000 ____D C:\Program Files\VS Revo Group
2021-09-06 17:56 - 2021-09-07 13:18 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-09-06 13:53 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\My Files Shortcuts
2021-09-06 13:52 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\GAMES
2021-09-06 13:36 - 2021-09-17 17:08 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-06 13:28 - 2021-09-06 13:29 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-06 08:56 - 2021-09-06 08:56 - 000001047 _____ C:\Users\Ellen\Desktop\MAINTAIN - Tools.lnk
2021-09-06 08:54 - 2021-09-06 08:54 - 000000884 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN.lnk
2021-09-06 08:36 - 2021-09-06 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:37 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:35 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-09-06 08:22 - 2021-09-06 08:30 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2021-09-06 08:22 - 2021-09-06 08:22 - 000000000 ____D C:\Program Files (x86)\CleanUp!
2021-09-05 17:18 - 2021-09-05 17:18 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-05 17:16 - 2021-09-05 17:16 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-05 17:16 - 2021-09-05 17:16 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-05 17:15 - 2021-09-05 17:15 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-05 17:14 - 2021-09-05 17:14 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-05 17:11 - 2021-09-05 17:11 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-05 17:11 - 2021-09-05 17:11 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-05 17:09 - 2021-09-05 17:09 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-05 17:08 - 2021-09-05 17:08 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-05 17:07 - 2021-09-05 17:07 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-31 18:29 - 2021-09-15 23:37 - 000676464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-31 17:34 - 2021-08-31 17:34 - 000002335 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HTS PC Assistant.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-17 17:52 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-17 17:33 - 2018-06-18 19:36 - 000000000 ____D C:\Users\Ellen\AppData\LocalLow\Mozilla
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-17 17:15 - 2016-11-17 19:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-17 16:53 - 2016-11-05 19:32 - 000000000 __SHD C:\Users\Ellen\IntelGraphicsProfiles
2021-09-17 16:52 - 2020-10-09 01:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-17 16:51 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-17 16:25 - 2020-10-09 00:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-16 16:30 - 2018-07-26 15:21 - 000000000 ____D C:\Users\Ellen\AppData\Local\D3DSCache
2021-09-16 14:36 - 2020-10-10 08:14 - 000000000 ____D C:\WINDOWS\Minidump
2021-09-16 13:05 - 2020-05-19 20:13 - 000000000 ____D C:\Users\Ellen\MAINTAIN
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-15 23:34 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-15 23:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-15 18:18 - 2021-07-15 19:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-15 18:18 - 2017-01-27 10:08 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-15 10:44 - 2016-11-18 13:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-15 10:29 - 2016-11-18 13:16 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 09:07 - 2021-08-02 11:06 - 000002359 _____ C:\Users\Ellen\Desktop\Microsoft Edge.lnk
2021-09-14 09:02 - 2018-08-15 17:24 - 000000000 ____D C:\Users\Ellen\AppData\Local\CrashDumps
2021-09-14 08:20 - 2017-12-15 00:03 - 000000000 ____D C:\Users\Ellen\AppData\Local\Packages
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-09-13 15:15 - 2018-01-01 16:38 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-13 14:41 - 2020-10-09 00:52 - 000000000 ____D C:\Users\Ellen
2021-09-13 03:10 - 2020-06-15 08:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-12 17:51 - 2016-09-11 03:43 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-09-12 17:51 - 2016-08-11 17:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-09-12 17:51 - 2016-04-15 21:08 - 000000000 ___HD C:\hp
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hewlett-Packard
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\Hewlett-Packard
2021-09-12 17:50 - 2016-09-11 04:07 - 000000000 ____D C:\ProgramData\HP
2021-09-12 17:50 - 2016-08-11 17:19 - 000000000 ____D C:\Program Files\HP
2021-09-12 17:49 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\HP
2021-09-12 15:50 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-08 15:22 - 2018-02-18 04:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-08 15:07 - 2018-08-02 09:37 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2021-09-08 14:59 - 2016-09-11 04:09 - 000000000 ____D C:\ProgramData\AVAST Software
2021-09-08 14:57 - 2016-11-23 07:49 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\AVAST Software
2021-09-08 14:52 - 2020-10-09 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-08 07:46 - 2017-05-22 04:13 - 000000000 ____D C:\Program Files\Intel
2021-09-07 18:10 - 2020-10-09 18:56 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-05 18:38 - 2020-10-09 01:06 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-05 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-04 06:32 - 2018-01-20 18:24 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Card Games 2012
2021-09-04 02:45 - 2020-09-29 23:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-03 10:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-01 10:54 - 2020-05-26 12:17 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Puzzle and Board Games
2021-09-01 09:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-01 09:28 - 2020-05-26 12:12 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2021-08-31 19:16 - 2017-01-10 16:30 - 000000000 ____D C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet
2021-08-18 22:00 - 2020-10-09 01:28 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 22:00 - 2020-10-09 01:28 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-05-26 22:10 - 2020-05-26 22:10 - 000000372 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp.bat
2020-05-26 22:10 - 2020-05-26 22:10 - 000000297 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp_r.bat
2017-08-19 08:21 - 2018-07-17 00:55 - 000000457 _____ () C:\Users\Ellen\AppData\Roaming\WB.CFG
2017-12-23 18:55 - 2017-12-23 19:48 - 000000056 _____ () C:\Users\Ellen\AppData\Local\b5wqke8ztn
2017-12-12 14:45 - 2017-12-19 14:45 - 000000052 _____ () C:\Users\Ellen\AppData\Local\JzvrnjfbXN
2018-07-26 15:57 - 2018-10-22 17:54 - 000007605 _____ () C:\Users\Ellen\AppData\Local\resmon.resmoncfg
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ () C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (17-09-2021 17:54:08)
Running from C:\Users\Ellen\Desktop
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-10-09 05:32:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1090913373-2922820011-1866748315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1090913373-2922820011-1866748315-503 - Limited - Disabled)
Ellen (S-1-5-21-1090913373-2922820011-1866748315-1001 - Administrator - Enabled) => C:\Users\Ellen
Guest (S-1-5-21-1090913373-2922820011-1866748315-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1090913373-2922820011-1866748315-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-cd44445c-5a21-4774-a0a4-189779d2b187) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-3efeb4f5-d32d-450c-ad7a-48896a784198) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-e3be35f2-6e86-43f7-85f0-9455e2f52ef4) (Version: 3.0.2.48 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Coyote The Outlander (HKLM-x32\...\WTA-3c1af691-02cf-4749-9fb3-35e38ccbd9e2) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-91ef5cee-232d-44d8-9912-2a4a76c522ca) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-55adafa3-427d-46bc-8055-9883c90ede6f) (Version: 3.0.2.59 - WildTangent) Hidden
EPSON NX530 Series Printer Uninstall (HKLM\...\EPSON NX530 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-0ef3874c-5391-4d6d-b3d7-31a9d3cb18c5) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Hidden Expedition - Everest (remove only) (HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Hidden Expedition - Everest) (Version: - )
Home Makeover (HKLM-x32\...\WTA-d26d5c19-5118-455f-a5ed-f4f4d67049af) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}) (Version: 1.0.0 - Encore)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-a1105700-2b36-4779-8c3a-6f33cec127a7) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-27b54f59-aa98-4682-be10-b315507a91d4) (Version: 3.0.2.59 - WildTangent) Hidden
IMSI MasterPublisher (HKLM-x32\...\IMSI MasterPublisher) (Version: - )
IMSI Utilities (HKLM-x32\...\IMSI Utilities) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jack the Ripper Extended Edition (HKLM-x32\...\Jack the Ripper Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Jewel Match Snowscapes (HKLM-x32\...\WTA-11dbe5a3-9e67-4305-8958-8e05baba0c10) (Version: 3.0.2.118 - WildTangent) Hidden
Jewel Quest (HKLM-x32\...\Jewel Quest) (Version: 1.1.0.0 - MumboJumbo)
Jungo (HKLM-x32\...\Jungo) (Version: 1.1.0.0 - MumboJumbo)
Little Farm (HKLM-x32\...\Little Farm) (Version: 1.1.0.0 - MumboJumbo)
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-b1872084-7f51-4aeb-98ff-e7ed87a9feee) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-2ec50624-927d-4554-9f88-beb7990c9e35) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-62ee8973-c1a8-4ec6-aeb4-496cf924399f) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-edf52ba9-d27c-41af-8e9e-2069da535f70) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-8402d08b-401f-40cd-b20c-dada5c1d4689) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox 92.0 (x86 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-4d39ff92-c2a8-4e6d-9f9f-21f4303895bb) (Version: 3.0.2.59 - WildTangent) Hidden
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Plagiarii (HKLM-x32\...\WTA-5e5658bd-c67b-476f-ba0c-1c84973c29c8) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6dfb1fa1-8321-46f9-b3cf-49cf8adff495) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.3.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.0 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-ccc66206-bece-4d25-ae60-508e375caa0c) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-7b708e94-5265-406a-a3fb-0d35074a5576) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-f08a939b-c9d5-46a8-8894-0ff17cd0e33b) (Version: 3.0.2.59 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.72.10.0_x86__kgqvnymyfvs32 [2021-09-02] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.202.400.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Wallpapers -> C:\Program Files\WindowsApps\Microsoft.CandyCrushWallpapers_4.0.0.0_neutral__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2021-06-05] (SEIKO EPSON CORPORATION)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-04-03] (Random Salad Games LLC)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.43.4305.0_x86__ytsefhwckbdv6 [2021-09-06] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-25] (HP Inc.)
Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.8.5.0_x64__np8fj6akx2czy [2021-08-16] (ZiMAD)
Mahjong Deluxe Free -> C:\Program Files\WindowsApps\664D3057.MahjongDeluxeFree_7.6.24.0_x86__wwtpmf9bcrwqj [2021-09-08] (EnsenaSoft S.A. de C.V.) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NANO Antivirus Sky Scan -> C:\Program Files\WindowsApps\NANOSecurity.NANOAntivirusSkyScan_1.0.0.136_neutral__ngys1jhtztczt [2020-03-18] (NANO Security)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Pet Rescue Saga -> C:\Program Files\WindowsApps\king.com.PetRescueSaga_1.308.12.0_x86__kgqvnymyfvs32 [2021-09-15] (king.com)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-26] (Microsoft Corporation)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.0.59.0_x64__kx24dqmazqk8j [2021-08-20] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-04] (Random Salad Games LLC)
Simple Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleWordSearch_4.0.10.0_x64__kx24dqmazqk8j [2021-04-21] (Random Salad Games LLC)
Simply.Write -> C:\Program Files\WindowsApps\63182Timothep.Simply.Write_1.1.0.2_neutral__seant9jxjqdtj [2020-05-09] (Timothep)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-09] (Snapfish)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0 [2021-09-17] (Spotify AB) [Startup Task]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2021-06-05] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ellen Cottrell (Ellen Cottrell Smith) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359,"c:\program files (x86)\logmein rescue applet\lmir0b9e1001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_5f60a53f-02f1-5f92-fdc9-a53623887aac,"c:\program files (x86)\logmein rescue applet\lmir0a570001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2020-05-26 14:37 - 000000906 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-10-13 14:17 - 2019-10-13 14:22 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DriverUpdSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeTechSupportDownloadService => 2
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: iWin Games Manager (Watcher) V4 => 3
MSCONFIG\Services: iWin Games Manager V4 => 2
MSCONFIG\Services: LMIRescue_018eade4-1b0c-8247-fc7d-6e083df3eb18 => 2
MSCONFIG\Services: LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ScreenConnect Client (8335db6403be2f46) => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WildTangentHelper => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Home Tech Support.lnk"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "DeliveryAndStatusCheck"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1DC6DF64-E3F9-4086-A4FA-B26D95E28198}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{860FE18B-CFEF-4CEC-8890-67E99242FE20}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F69001DD-31B2-4F52-BFD5-3C17D6ABCA01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B3346371-94F3-4729-B0C2-DC2ADE1B9E2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{C694BDBE-4FAC-4677-B229-51E2BB7FE0B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{513302BB-433D-4F52-9489-4D478CD436A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6A087ED-5059-4910-B6DF-C6296E239A96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{38F64F3E-8527-4E20-AD19-75DA78786DCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D68D6FED-5948-4676-940B-5E0033A1E001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46E683AE-EB49-4F2A-A070-F4A1E7EDB54D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F8FB427-3B6D-4177-BA72-0091AA3BBA1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A45D4EF6-56E0-4853-9C66-434F6AF3720F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{221A2624-9C41-4B0D-820B-AC740B1B0A4C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{5717A864-C22A-45A4-B874-907AF3871E10}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6F602E2-2C49-4E6D-B330-0D23B548AC81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{13E0A4E8-DB07-49E5-A9DE-C74DE1ECDD4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90C009AD-E28A-45DA-90C9-38384828143D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E592674C-5794-4F33-A43F-791DA21EFBB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7C9B078-E0A8-4714-A2D0-716742E867BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{015C453D-A55D-435A-81A1-582D22212871}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D569565A-F6DF-4C58-9F34-65EB8C071A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0B2B3821-38AD-4D13-8E58-FC3D819AA0BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DA03F08-2A6C-4B13-82D3-C75BAD3355C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

15-09-2021 20:59:58 Windows Modules Installer
15-09-2021 21:27:08 Windows Modules Installer
16-09-2021 07:40:54 test5
16-09-2021 08:33:18 Windows Backup

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/16/2021 07:49:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/16/2021 08:07:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/16/2021 04:11:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/16/2021 04:11:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (09/15/2021 08:10:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (09/15/2021 08:05:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bcacbe78-722c-45a9-a939-9b3f9f536661}

Error: (09/14/2021 09:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934
Exception code: 0xc000027b
Fault offset: 0x000000000010be3e
Faulting process id: 0x1924
Faulting application start time: 0x01d7a96247d99dd2
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 08d325b9-f6e1-49d0-97b4-ac9eea429da9
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.

Error: (09/16/2021 10:12:03 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume F: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.

Error: (09/15/2021 05:51:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2021 05:51:36 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/15/2021 05:51:24 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


Windows Defender:
================
Date: 2021-09-15 09:23:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-09 12:36:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-09 09:00:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-09 08:04:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-08 18:29:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-09-15 17:05:44
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-09-15 14:31:06
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-09-15 14:21:08
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-09-15 08:30:28
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.778.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-09-13 13:08:32
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2021-09-12 16:47:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-09-12 16:03:09
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-09-07 14:43:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-09-07 14:43:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.27 04/07/2016
Motherboard: Hewlett-Packard 233F
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 34%
Total physical RAM: 8081.95 MB
Available physical RAM: 5331.95 MB
Total Virtual: 14081.95 MB
Available Virtual: 11490.07 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.5 GB) (Free:362.18 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.05 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{8ceba3ad-a0a1-41ed-b3fd-addff0347fae}\ () (Fixed) (Total:0.94 GB) (Free:0.39 GB) NTFS
\\?\Volume{4745f964-7290-4a5d-9e52-aea0281f0801}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 52937533)

Partition: GPT.

==================== End of Addition.txt =======================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,553
Hello Boonski910 and welcome to TSG,

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\LMIR0B9E1001.tmp.bat
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.
  • Repeat the above steps for the following file

C:\Program Files (x86)\LMIR0B9E1001.tmp_r.bat

Do you still use Avast security program..?

Thank you,

Kevin.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,553
Hiya Don,

Thanks for the update, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.



The system will be rebooted after the fix has run.

Next,

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Close out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Open Malwarebytes
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/wi...otection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,

Kevin.
 

Attachments

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Did you want to view Fixlist.log that was created after running FRST and clicking FIX?
I had to manually restart.
Then ran Malewarebytes configured as advised. Zero threats found.
Running Microsoft Safety Scanner and advised would take several hours. Will send log when scan completes.
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Reread instructions. Sorry about that, will send Fixlog.txt when MS Safety Scanner completes.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,553
Thanks for the update, let me see the logs when complete...
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Took long time to install AdwCleaner.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-19-2021
# Duration: 00:01:47
# OS: Windows 10 Home
# Scanned: 31998
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [8494 octets] - [12/09/2021 17:43:53]
AdwCleaner[C00].txt - [9091 octets] - [12/09/2021 17:51:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
While scanning Microsoft Safety Scanner I noticed 22 items were indicated.

---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.349, (build 1.349.981.0)
Started On Sat Sep 18 15:40:03 2021

Engine: 1.1.18600.1
Signatures: 1.349.981.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sun Sep 19 11:21:05 2021


Return code: 0 (0x0)
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Here are the contents of Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (18-09-2021 12:57:59) Run:1
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2A86DBB5-A798-47F3-A507-4DDE09E5DF04} - \{310FA174-6864-D976-B5C3-66BA81B91CB9} -> No File <==== ATTENTION
Task: {89F27ED7-25FE-4221-A763-DE4475A25482} - \YCMServiceAgent -> No File <==== ATTENTION
S4 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S4 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (AVAST Software a.s. -> The OpenVPN Project)
C:\WINDOWS\System32\drivers\aswTap.sys
2021-09-08 15:07 - 2018-08-02 09:37 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2021-09-08 14:59 - 2016-09-11 04:09 - 000000000 ____D C:\ProgramData\AVAST Software
2021-09-08 14:57 - 2016-11-23 07:49 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\AVAST Software
2021-09-08 14:52 - 2020-10-09 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2017-12-23 18:55 - 2017-12-23 19:48 - 000000056 _____ () C:\Users\Ellen\AppData\Local\b5wqke8ztn
2017-12-12 14:45 - 2017-12-19 14:45 - 000000052 _____ () C:\Users\Ellen\AppData\Local\JzvrnjfbXN
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ () C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
Hosts:
cmd: dism /online /cleanup-image /restorehealth
cmd: sfc /scannow
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EmptyTemp:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
"HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo" => removed successfully
"HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch" => removed successfully
"HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A86DBB5-A798-47F3-A507-4DDE09E5DF04}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A86DBB5-A798-47F3-A507-4DDE09E5DF04}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{310FA174-6864-D976-B5C3-66BA81B91CB9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89F27ED7-25FE-4221-A763-DE4475A25482}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89F27ED7-25FE-4221-A763-DE4475A25482}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YCMServiceAgent" => not found
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
HKLM\System\CurrentControlSet\Services\HPTouchpointAnalyticsService => removed successfully
HPTouchpointAnalyticsService => service removed successfully
HKLM\System\CurrentControlSet\Services\aswTap => removed successfully
aswTap => service removed successfully
C:\WINDOWS\System32\drivers\aswTap.sys => moved successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\Ellen\AppData\Roaming\AVAST Software => moved successfully
C:\WINDOWS\system32\Tasks\Avast Software => moved successfully
C:\Users\Ellen\AppData\Local\b5wqke8ztn => moved successfully
C:\Users\Ellen\AppData\Local\JzvrnjfbXN => moved successfully
C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52} => moved successfully
"AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}" => removed successfully
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= dism /online /cleanup-image /restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19043.1237


[== 3.8% ]

[== 3.8% ]

[== 3.8% ]

[== 4.0% ]

[== 4.2% ]

[== 4.2% ]

[== 4.3% ]

[== 4.4% ]

[== 4.5% ]

[== 4.7% ]

[== 4.7% ]

[== 4.8% ]

[== 4.8% ]

[== 4.9% ]

[== 5.0% ]

[== 5.1% ]

[== 5.1% ]

[== 5.1% ]

[=== 5.3% ]

[=== 5.4% ]

[=== 5.5% ]

[=== 5.7% ]

[=== 5.7% ]

[=== 5.8% ]

[=== 5.9% ]

[=== 6.0% ]

[=== 6.2% ]

[=== 6.3% ]

[=== 6.4% ]

[=== 6.6% ]

[=== 6.7% ]

[=== 6.8% ]

[=== 6.9% ]

[==== 7.0% ]

[==== 7.2% ]

[==== 7.4% ]

[==== 7.5% ]

[==== 7.6% ]

[==== 7.7% ]

[==== 7.8% ]

[==== 7.9% ]

[==== 8.1% ]

[==== 8.2% ]

[==== 8.3% ]

[==== 8.3% ]

[==== 8.4% ]

[==== 8.5% ]

[==== 8.5% ]

[==== 8.5% ]

[===== 8.7% ]

[===== 8.8% ]

[===== 8.9% ]

[===== 9.0% ]

[===== 9.1% ]

[===== 9.1% ]

[===== 9.3% ]

[===== 9.4% ]

[===== 9.4% ]

[===== 9.5% ]

[===== 9.7% ]

[===== 10.0% ]

[===== 10.1% ]

[===== 10.3% ]

[====== 10.6% ]

[====== 10.8% ]

[====== 10.9% ]

[====== 11.0% ]

[====== 11.1% ]

[====== 11.3% ]

[====== 11.5% ]

[====== 11.6% ]

[====== 12.0% ]

[======= 12.4% ]

[======= 12.8% ]

[======= 13.1% ]

[======= 13.5% ]

[======== 13.9% ]

[======== 14.3% ]

[======== 14.6% ]

[======== 14.8% ]

[======== 15.1% ]

[======== 15.2% ]

[========= 15.5% ]

[========= 15.8% ]

[========= 16.1% ]

[========= 16.2% ]

[========= 16.5% ]

[========= 16.6% ]

[========= 16.7% ]

[========= 16.7% ]

[========= 16.8% ]

[========= 17.0% ]

[========= 17.1% ]

[========== 17.4% ]

[========== 17.6% ]

[========== 17.7% ]

[========== 17.7% ]

[========== 17.9% ]

[========== 18.0% ]

[========== 18.2% ]

[========== 18.2% ]

[========== 18.3% ]

[========== 18.6% ]

[========== 18.7% ]

[========== 18.9% ]

[=========== 19.1% ]

[=========== 19.2% ]

[=========== 19.2% ]

[=========== 19.5% ]

[=========== 19.6% ]

[=========== 19.8% ]

[=========== 20.0% ]

[=========== 20.2% ]

[=========== 20.2% ]

[=========== 20.4% ]

[=========== 20.5% ]

[============ 20.8% ]

[============ 20.9% ]

[============ 21.1% ]

[============ 21.1% ]

[============ 21.1% ]

[============ 21.3% ]

[============ 21.4% ]

[============ 21.5% ]

[============ 21.7% ]

[============ 21.9% ]

[============ 22.1% ]

[============ 22.3% ]

[============= 22.4% ]

[============= 22.5% ]

[============= 22.5% ]

[============= 22.6% ]

[============= 22.7% ]

[============= 22.8% ]

[============= 22.8% ]

[============= 22.9% ]

[============= 22.9% ]

[============= 23.1% ]

[============= 23.2% ]

[============= 23.3% ]

[============= 23.4% ]

[============= 23.6% ]

[============= 23.6% ]

[============= 23.8% ]

[============= 23.8% ]

[============= 23.9% ]

[============= 23.9% ]

[============== 24.2% ]

[============== 24.3% ]

[============== 24.4% ]

[============== 24.4% ]

[============== 24.4% ]

[============== 24.5% ]

[============== 24.5% ]

[============== 24.5% ]

[============== 24.5% ]

[============== 24.6% ]

[============== 24.6% ]

[============== 24.7% ]

[============== 24.8% ]

[============== 24.8% ]

[============== 25.0% ]

[============== 25.2% ]

[============== 25.3% ]

[============== 25.4% ]

[============== 25.5% ]

[============== 25.7% ]

[============== 25.8% ]

[=============== 26.0% ]

[=============== 26.0% ]

[=============== 26.3% ]

[=============== 26.4% ]

[=============== 26.6% ]

[=============== 26.8% ]

[=============== 26.9% ]

[=============== 27.1% ]

[=============== 27.3% ]

[=============== 27.5% ]

[================ 27.8% ]

[================ 27.9% ]

[================ 28.2% ]

[================ 28.3% ]

[================ 28.4% ]

[================ 28.7% ]

[================ 28.8% ]

[================ 29.1% ]

[================ 29.1% ]

[================ 29.3% ]

[================= 29.7% ]

[================= 29.8% ]

[================= 30.0% ]

[================= 30.2% ]

[================= 30.3% ]

[================= 30.4% ]

[================= 30.5% ]

[================= 30.6% ]

[================= 30.7% ]

[================= 30.9% ]

[================= 31.0% ]

[================== 31.1% ]

[================== 31.3% ]

[================== 31.5% ]

[================== 31.5% ]

[================== 31.7% ]

[================== 31.8% ]

[================== 31.9% ]

[================== 32.1% ]

[================== 32.2% ]

[================== 32.3% ]

[================== 32.4% ]

[================== 32.5% ]

[================== 32.5% ]

[================== 32.5% ]

[================== 32.6% ]

[================== 32.6% ]

[=================== 32.9% ]

[=================== 32.9% ]

[=================== 33.1% ]

[=================== 33.2% ]

[=================== 33.4% ]

[=================== 33.4% ]

[=================== 33.5% ]

[=================== 33.6% ]

[=================== 33.7% ]

[=================== 33.9% ]

[=================== 34.0% ]

[=================== 34.2% ]

[=================== 34.3% ]

[=================== 34.3% ]

[=================== 34.4% ]

[=================== 34.4% ]

[==================== 34.5% ]

[==================== 34.6% ]

[==================== 34.6% ]

[==================== 34.7% ]

[==================== 34.9% ]

[==================== 35.2% ]

[==================== 35.5% ]

[==================== 35.6% ]

[==================== 35.7% ]

[==================== 35.8% ]

[==================== 35.8% ]

[==================== 35.8% ]

[==================== 35.8% ]

[==================== 35.9% ]

[==================== 35.9% ]

[==================== 35.9% ]

[==================== 36.0% ]

[==================== 36.0% ]

[==================== 36.2% ]

[==================== 36.2% ]

[==================== 36.2% ]

[===================== 36.2% ]

[===================== 36.3% ]

[===================== 36.3% ]

[===================== 36.4% ]

[===================== 36.4% ]

[===================== 36.5% ]

[===================== 36.5% ]

[===================== 36.5% ]

[===================== 36.6% ]

[===================== 36.6% ]

[===================== 36.7% ]

[===================== 36.7% ]

[===================== 36.8% ]

[===================== 36.8% ]

[===================== 36.8% ]

[===================== 36.8% ]

[===================== 36.8% ]

[===================== 36.9% ]

[===================== 37.0% ]

[===================== 37.0% ]

[===================== 37.1% ]

[===================== 37.1% ]

[===================== 37.1% ]

[===================== 37.1% ]

[===================== 37.2% ]

[===================== 37.2% ]

[===================== 37.3% ]

[===================== 37.4% ]

[===================== 37.4% ]

[===================== 37.4% ]

[===================== 37.5% ]

[===================== 37.5% ]

[===================== 37.5% ]

[===================== 37.6% ]

[===================== 37.7% ]

[===================== 37.7% ]

[===================== 37.7% ]

[===================== 37.7% ]

[===================== 37.8% ]

[===================== 37.8% ]

[===================== 37.9% ]

[====================== 38.0% ]

[====================== 38.0% ]

[====================== 38.0% ]

[====================== 38.1% ]

[====================== 38.2% ]

[====================== 38.2% ]

[====================== 38.3% ]

[====================== 38.3% ]

[====================== 38.5% ]

[====================== 38.5% ]

[====================== 38.6% ]

[====================== 38.7% ]

[====================== 38.8% ]

[====================== 38.9% ]

[====================== 38.9% ]

[====================== 39.0% ]

[====================== 39.2% ]

[====================== 39.4% ]

[====================== 39.5% ]

[======================= 39.7% ]

[======================= 39.8% ]

[======================= 39.9% ]

[======================= 40.0% ]

[======================= 40.0% ]

[======================= 40.1% ]

[======================= 40.2% ]

[======================= 40.3% ]

[======================= 40.5% ]

[======================= 40.7% ]

[======================= 40.8% ]

[======================= 40.8% ]

[======================= 40.9% ]

[======================= 41.0% ]

[======================= 41.2% ]

[======================== 41.4% ]

[======================== 41.6% ]

[======================== 41.7% ]

[======================== 41.7% ]

[======================== 41.8% ]

[======================== 41.8% ]

[======================== 42.0% ]

[======================== 42.0% ]

[======================== 42.1% ]

[======================== 42.1% ]

[======================== 42.2% ]

[======================== 42.3% ]

[======================== 42.3% ]

[======================== 42.3% ]

[======================== 42.3% ]

[======================== 42.5% ]

[======================== 42.5% ]

[======================== 42.6% ]

[======================== 42.6% ]

[======================== 42.7% ]

[======================== 42.7% ]

[======================== 42.9% ]

[======================== 43.0% ]

[======================== 43.1% ]

[========================= 43.2% ]

[========================= 43.2% ]

[========================= 43.2% ]

[========================= 43.3% ]

[========================= 43.4% ]

[========================= 43.4% ]

[========================= 43.5% ]

[========================= 43.5% ]

[========================= 43.5% ]

[========================= 43.6% ]

[========================= 43.6% ]

[========================= 43.7% ]

[========================= 43.8% ]

[========================= 43.9% ]

[========================= 44.0% ]

[========================= 44.1% ]

[========================= 44.2% ]

[========================= 44.2% ]

[========================= 44.2% ]

[========================= 44.3% ]

[========================= 44.4% ]

[========================= 44.4% ]

[========================= 44.5% ]

[========================= 44.5% ]

[========================= 44.5% ]

[========================= 44.6% ]

[========================= 44.7% ]

[========================= 44.8% ]

[========================== 44.8% ]

[========================== 44.9% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.2% ]

[========================== 45.4% ]

[========================== 45.4% ]

[========================== 45.5% ]

[========================== 45.7% ]

[========================== 46.0% ]

[========================== 46.0% ]

[========================== 46.1% ]

[========================== 46.4% ]

[===========================46.6% ]

[===========================46.7% ]

[===========================46.9% ]

[===========================46.9% ]

[===========================47.1% ]

[===========================47.2% ]

[===========================47.5% ]

[===========================47.6% ]

[===========================47.8% ]

[===========================48.1% ]

[===========================48.4% ]

[===========================48.5% ]

[===========================48.6% ]

[===========================48.8% ]

[===========================49.0% ]

[===========================49.3% ]

[===========================49.4% ]

[===========================49.6% ]

[===========================49.8% ]

[===========================49.8% ]

[===========================50.0% ]

[===========================50.3% ]

[===========================50.6% ]

[===========================50.8% ]

[===========================50.9% ]

[===========================51.1% ]

[===========================51.3% ]

[===========================51.5% ]

[===========================51.9% ]

[===========================52.0% ]

[===========================52.2% ]

[===========================52.4% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.3% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.6% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================53.9% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.1% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.0% ]

[===========================56.0% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.7% ]

[===========================56.9%= ]

[===========================56.9%= ]

[===========================57.0%= ]

[===========================57.4%= ]

[===========================57.7%= ]

[===========================58.2%= ]

[===========================58.5%= ]

[===========================58.6%= ]

[===========================59.2%== ]

[===========================59.2%== ]

[===========================59.4%== ]

[===========================59.5%== ]

[===========================60.0%== ]

[===========================60.0%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= sfc /scannow =========


Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,553
FRST fix did not complete, run again please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log...
 

Attachments

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
Running Fix now might take awhile.
If it doesn't complete again should I try in Safe Mode?
 

Boonski910

Thread Starter
Joined
May 23, 2017
Messages
28
It took 52 minutes to complete. Start time after restart to Welcome 1 m 10 sec, to Desktop 2 min 38 sec.
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (19-09-2021 18:33:06) Run:2
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.


========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== "C:\WINDOWS\system32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp" ========


=========== "C:\WINDOWS\syswow64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\syswow64\*.tmp" ========


=========== EmptyTemp: ==========

BITS transfer queue => 14442496 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18356976 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 6505092 B
Chrome => 116507436 B
Firefox => 44221452 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1676 B
LocalService => 1864834 B
NetworkService => 1999812 B
Ellen => 147143547 B

RecycleBin => 12769610 B
EmptyTemp: => 347 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:26:15 ====
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top