Start up time to welcome display sometimes 20 seconds and to desktop with WinDefender 1min 30sec. other times up to 3minutes even after on for 6 hours.
Also Autoruns displayed Agentactivationruntimestarter , using duckduckgo this shows up many times as a virus.
xxxxxxxxxxxxxx FRST.TXT xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Ellen (administrator) on LAPTOP-58PSTIC9 (HP HP 15 Notebook PC) (17-09-2021 17:35:53)
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (Hewlett-Packard -> HP)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-29] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1942400 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Print\Monitors\EPSON NX530 Series 64MonitorBA: C:\WINDOWS\system32\E_YLMHTA.DLL [118784 2010-09-28] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {032390EF-562C-4A5E-A5A4-F3507412AE00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A86DBB5-A798-47F3-A507-4DDE09E5DF04} - \{310FA174-6864-D976-B5C3-66BA81B91CB9} -> No File <==== ATTENTION
Task: {2E51498B-4A1F-4BAF-B090-0963A14046D2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {3EC7C0B9-8DEF-45D1-99CE-7FD09F3F6DF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {4D520021-16C5-4AD9-B1EC-C94E2EC3EDFF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [627128 2021-09-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {549FDA9F-942C-4754-B7A8-A663B49CE994} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {643B598A-AC05-44BB-A00E-1063BB700BD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {64F57F25-B2AC-4407-B44E-6A36149227E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {65FC85CD-76D0-4B29-8D06-5C8C1CA7BA00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {663A7A95-6CFB-40F6-A090-F8BF4122F140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {734FF164-081B-43E9-A400-BE1097151A30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7806B780-A4C3-4E87-896E-6D390CB4610D} - System32\Tasks\RunHomeTechSupportUpdateSVC => C:\Program Files (x86)\Home Tech Support\HomeTechSupportUpdateSVC.exe
Task: {7CA61D66-A59C-488E-9F76-6A5ABE96A41F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {89F27ED7-25FE-4221-A763-DE4475A25482} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {B751C05F-9C29-4A35-A91D-DEC2BF442C5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B8A10C6D-567F-48CE-AB5A-1B71A0433ED8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {BD8794BE-26D1-4E7D-838E-EE1B99CF1CB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C599B510-3A91-4585-A19D-EB10863C6212} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CACD12B9-F9FC-4756-B9E5-92932693DC61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E1C97093-F475-42E5-8C1A-470EE5F6E0A6} - System32\Tasks\CCleanerSkipUAC => C:\Users\Ellen\Desktop\TechTools\Scanners\CCleaner\CCleaner.exe
Task: {E519B2B8-D9A6-42C9-8780-FA0499C15F39} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2862440 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {F73785E0-EBAF-405F-A57D-75BCE23E2E2D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {FEF13405-E1D5-4243-9CD1-430487A9D7D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {FF692097-51D3-460E-ACFF-7D7A4B133CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {FFB6C9A3-C86B-4888-A369-BD3FDA30DA5F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-06-02] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{414092d5-c777-48c2-b7a4-de6098042d0b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7458add5-b96b-4bfb-b1e3-73018cb2bbd7}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{cbc5855e-ff92-457a-94e2-37cd5d584b00}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{ccfae9ef-b1b3-4af7-bf67-0dd0312d9ec1}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Ellen\Downloads
Edge Notifications: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> hxxps://mg.mail.yahoo.com; hxxps://mail.google.com; hxxps://www.facebook.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-17]
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://usdollarreports.com; hxxps://www.facebook.com; hxxps://www.instagram.com
Edge HomePage: Default -> hxxps://duckduckgo.com/
Edge NewTab: Default -> Not-active:"chrome-extension://pmgpmnhnchfkodemhkbodiflgacdfehf/modern_newtab.html"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Smarty) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2021-07-22]
Edge Extension: (Daily Recipe Ideas BETA EXTENSION) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmgpmnhnchfkodemhkbodiflgacdfehf [2020-08-31]
FireFox:
========
FF DefaultProfile: 7ise2ylt.default-1630949907107
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\TomTom\HOME\Profiles\510v9lkp.default [2021-02-19]
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 [2021-09-17]
FF Homepage: Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 -> hxxps://duckduckgo.com/
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default [2021-09-12]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://trendingconsumerdeals.com; hxxps://www.12up.com; hxxps://www.facebook.com; hxxps://www.newsbreak.com
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-17]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S4 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\FileSyncHelper.exe [2198376 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-08-25] (HP Inc. -> HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-12] (Malwarebytes Inc -> Malwarebytes)
S4 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\OneDriveUpdaterService.exe [2573160 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S4 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]
S4 LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359; "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0B9E1001.tmp\LMI_Rescue_srv.exe" -service -sid 34794400-e9ec-fdef-bc50-b00f67184359 -wd "C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet\LMIR0B9A8001.tmp\\"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (AVAST Software a.s. -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-20] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41400 2015-08-31] (CyberLink Corp. -> CyberLink Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-15] (Malwarebytes Inc -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 17:35 - 2021-09-17 17:42 - 000018462 _____ C:\Users\Ellen\Desktop\FRST.txt
2021-09-17 17:34 - 2021-09-17 17:38 - 000000000 ____D C:\FRST
2021-09-17 17:33 - 2021-09-17 17:30 - 002304000 _____ (Farbar) C:\Users\Ellen\Desktop\FRST64.exe
2021-09-17 16:56 - 2021-09-17 16:56 - 000000000 ____D C:\Users\Ellen\Desktop\Autoruns
2021-09-16 16:28 - 2021-09-16 16:28 - 000000000 ____D C:\WINDOWS\Panther
2021-09-16 12:59 - 2021-09-16 12:59 - 000001663 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TFC.exe - Shortcut.lnk
2021-09-15 23:08 - 2021-09-15 23:08 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 23:08 - 2021-09-15 23:08 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-15 23:08 - 2021-09-15 23:08 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-15 23:07 - 2021-09-15 23:07 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-15 21:15 - 2021-09-15 21:15 - 000000000 ___HD C:\$WinREAgent
2021-09-15 17:54 - 2021-09-15 17:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-15 14:30 - 2021-09-15 14:30 - 000000112 ___SH C:\bootTel.dat
2021-09-14 09:03 - 2021-09-14 09:03 - 000001705 _____ C:\Users\Ellen\Desktop\swriter.exe - Shortcut.lnk
2021-09-14 08:53 - 2021-09-14 08:53 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\OpenOffice
2021-09-14 08:47 - 2021-09-14 08:47 - 000001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.10.lnk
2021-09-14 08:47 - 2021-09-14 08:47 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.10
2021-09-14 08:45 - 2021-09-14 08:45 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-09-13 18:47 - 2021-09-13 18:47 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\WINDOWS\ERUNT
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\JRT
2021-09-13 15:15 - 2021-09-13 15:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-13 08:45 - 2021-09-13 08:45 - 000425304 _____ (Secure By Design Inc.) C:\Users\Ellen\Downloads\Ninite OpenOffice Installer.exe
2021-09-12 15:54 - 2021-09-12 15:54 - 000000000 ____D C:\Users\Ellen\AppData\Local\MBAM
2021-09-12 15:51 - 2021-09-12 15:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-12 15:50 - 2021-09-12 15:46 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-12 15:49 - 2021-09-12 15:47 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-12 15:47 - 2021-09-12 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-08 15:08 - 2021-09-08 15:08 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-09-08 15:06 - 2021-09-17 16:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-07 17:58 - 2021-09-07 17:59 - 000000000 ____D C:\WINDOWS\pss
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
2021-09-07 08:29 - 2021-09-07 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-09-07 08:29 - 2021-09-07 08:29 - 000000000 ____D C:\Program Files\VS Revo Group
2021-09-06 17:56 - 2021-09-07 13:18 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-09-06 13:53 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\My Files Shortcuts
2021-09-06 13:52 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\GAMES
2021-09-06 13:36 - 2021-09-17 17:08 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-06 13:28 - 2021-09-06 13:29 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-06 08:56 - 2021-09-06 08:56 - 000001047 _____ C:\Users\Ellen\Desktop\MAINTAIN - Tools.lnk
2021-09-06 08:54 - 2021-09-06 08:54 - 000000884 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN.lnk
2021-09-06 08:36 - 2021-09-06 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:37 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:35 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-09-06 08:22 - 2021-09-06 08:30 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2021-09-06 08:22 - 2021-09-06 08:22 - 000000000 ____D C:\Program Files (x86)\CleanUp!
2021-09-05 17:18 - 2021-09-05 17:18 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-05 17:16 - 2021-09-05 17:16 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-05 17:16 - 2021-09-05 17:16 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-05 17:15 - 2021-09-05 17:15 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-05 17:14 - 2021-09-05 17:14 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-05 17:11 - 2021-09-05 17:11 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-05 17:11 - 2021-09-05 17:11 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-05 17:09 - 2021-09-05 17:09 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-05 17:08 - 2021-09-05 17:08 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-05 17:07 - 2021-09-05 17:07 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-31 18:29 - 2021-09-15 23:37 - 000676464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-31 17:34 - 2021-08-31 17:34 - 000002335 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HTS PC Assistant.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 17:52 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-17 17:33 - 2018-06-18 19:36 - 000000000 ____D C:\Users\Ellen\AppData\LocalLow\Mozilla
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-17 17:15 - 2016-11-17 19:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-17 16:53 - 2016-11-05 19:32 - 000000000 __SHD C:\Users\Ellen\IntelGraphicsProfiles
2021-09-17 16:52 - 2020-10-09 01:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-17 16:51 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-17 16:25 - 2020-10-09 00:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-16 16:30 - 2018-07-26 15:21 - 000000000 ____D C:\Users\Ellen\AppData\Local\D3DSCache
2021-09-16 14:36 - 2020-10-10 08:14 - 000000000 ____D C:\WINDOWS\Minidump
2021-09-16 13:05 - 2020-05-19 20:13 - 000000000 ____D C:\Users\Ellen\MAINTAIN
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-15 23:34 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-15 23:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-15 18:18 - 2021-07-15 19:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-15 18:18 - 2017-01-27 10:08 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-15 10:44 - 2016-11-18 13:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-15 10:29 - 2016-11-18 13:16 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 09:07 - 2021-08-02 11:06 - 000002359 _____ C:\Users\Ellen\Desktop\Microsoft Edge.lnk
2021-09-14 09:02 - 2018-08-15 17:24 - 000000000 ____D C:\Users\Ellen\AppData\Local\CrashDumps
2021-09-14 08:20 - 2017-12-15 00:03 - 000000000 ____D C:\Users\Ellen\AppData\Local\Packages
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-09-13 15:15 - 2018-01-01 16:38 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-13 14:41 - 2020-10-09 00:52 - 000000000 ____D C:\Users\Ellen
2021-09-13 03:10 - 2020-06-15 08:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-12 17:51 - 2016-09-11 03:43 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-09-12 17:51 - 2016-08-11 17:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-09-12 17:51 - 2016-04-15 21:08 - 000000000 ___HD C:\hp
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hewlett-Packard
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\Hewlett-Packard
2021-09-12 17:50 - 2016-09-11 04:07 - 000000000 ____D C:\ProgramData\HP
2021-09-12 17:50 - 2016-08-11 17:19 - 000000000 ____D C:\Program Files\HP
2021-09-12 17:49 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\HP
2021-09-12 15:50 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-08 15:22 - 2018-02-18 04:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-08 15:07 - 2018-08-02 09:37 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2021-09-08 14:59 - 2016-09-11 04:09 - 000000000 ____D C:\ProgramData\AVAST Software
2021-09-08 14:57 - 2016-11-23 07:49 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\AVAST Software
2021-09-08 14:52 - 2020-10-09 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-08 07:46 - 2017-05-22 04:13 - 000000000 ____D C:\Program Files\Intel
2021-09-07 18:10 - 2020-10-09 18:56 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-05 18:38 - 2020-10-09 01:06 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-05 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-04 06:32 - 2018-01-20 18:24 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Card Games 2012
2021-09-04 02:45 - 2020-09-29 23:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-03 10:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-01 10:54 - 2020-05-26 12:17 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Puzzle and Board Games
2021-09-01 09:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-01 09:28 - 2020-05-26 12:12 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2021-08-31 19:16 - 2017-01-10 16:30 - 000000000 ____D C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet
2021-08-18 22:00 - 2020-10-09 01:28 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 22:00 - 2020-10-09 01:28 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
==================== Files in the root of some directories ========
2020-05-26 22:10 - 2020-05-26 22:10 - 000000372 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp.bat
2020-05-26 22:10 - 2020-05-26 22:10 - 000000297 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp_r.bat
2017-08-19 08:21 - 2018-07-17 00:55 - 000000457 _____ () C:\Users\Ellen\AppData\Roaming\WB.CFG
2017-12-23 18:55 - 2017-12-23 19:48 - 000000056 _____ () C:\Users\Ellen\AppData\Local\b5wqke8ztn
2017-12-12 14:45 - 2017-12-19 14:45 - 000000052 _____ () C:\Users\Ellen\AppData\Local\JzvrnjfbXN
2018-07-26 15:57 - 2018-10-22 17:54 - 000007605 _____ () C:\Users\Ellen\AppData\Local\resmon.resmoncfg
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ () C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (17-09-2021 17:54:08)
Running from C:\Users\Ellen\Desktop
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-10-09 05:32:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1090913373-2922820011-1866748315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1090913373-2922820011-1866748315-503 - Limited - Disabled)
Ellen (S-1-5-21-1090913373-2922820011-1866748315-1001 - Administrator - Enabled) => C:\Users\Ellen
Guest (S-1-5-21-1090913373-2922820011-1866748315-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1090913373-2922820011-1866748315-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-cd44445c-5a21-4774-a0a4-189779d2b187) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-3efeb4f5-d32d-450c-ad7a-48896a784198) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-e3be35f2-6e86-43f7-85f0-9455e2f52ef4) (Version: 3.0.2.48 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Coyote The Outlander (HKLM-x32\...\WTA-3c1af691-02cf-4749-9fb3-35e38ccbd9e2) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-91ef5cee-232d-44d8-9912-2a4a76c522ca) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-55adafa3-427d-46bc-8055-9883c90ede6f) (Version: 3.0.2.59 - WildTangent) Hidden
EPSON NX530 Series Printer Uninstall (HKLM\...\EPSON NX530 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-0ef3874c-5391-4d6d-b3d7-31a9d3cb18c5) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Hidden Expedition - Everest (remove only) (HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Hidden Expedition - Everest) (Version: - )
Home Makeover (HKLM-x32\...\WTA-d26d5c19-5118-455f-a5ed-f4f4d67049af) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}) (Version: 1.0.0 - Encore)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-a1105700-2b36-4779-8c3a-6f33cec127a7) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-27b54f59-aa98-4682-be10-b315507a91d4) (Version: 3.0.2.59 - WildTangent) Hidden
IMSI MasterPublisher (HKLM-x32\...\IMSI MasterPublisher) (Version: - )
IMSI Utilities (HKLM-x32\...\IMSI Utilities) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jack the Ripper Extended Edition (HKLM-x32\...\Jack the Ripper Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Jewel Match Snowscapes (HKLM-x32\...\WTA-11dbe5a3-9e67-4305-8958-8e05baba0c10) (Version: 3.0.2.118 - WildTangent) Hidden
Jewel Quest (HKLM-x32\...\Jewel Quest) (Version: 1.1.0.0 - MumboJumbo)
Jungo (HKLM-x32\...\Jungo) (Version: 1.1.0.0 - MumboJumbo)
Little Farm (HKLM-x32\...\Little Farm) (Version: 1.1.0.0 - MumboJumbo)
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-b1872084-7f51-4aeb-98ff-e7ed87a9feee) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-2ec50624-927d-4554-9f88-beb7990c9e35) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-62ee8973-c1a8-4ec6-aeb4-496cf924399f) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-edf52ba9-d27c-41af-8e9e-2069da535f70) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-8402d08b-401f-40cd-b20c-dada5c1d4689) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox 92.0 (x86 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-4d39ff92-c2a8-4e6d-9f9f-21f4303895bb) (Version: 3.0.2.59 - WildTangent) Hidden
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Plagiarii (HKLM-x32\...\WTA-5e5658bd-c67b-476f-ba0c-1c84973c29c8) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6dfb1fa1-8321-46f9-b3cf-49cf8adff495) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.3.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.0 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-ccc66206-bece-4d25-ae60-508e375caa0c) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-7b708e94-5265-406a-a3fb-0d35074a5576) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-f08a939b-c9d5-46a8-8894-0ff17cd0e33b) (Version: 3.0.2.59 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.72.10.0_x86__kgqvnymyfvs32 [2021-09-02] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.202.400.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Wallpapers -> C:\Program Files\WindowsApps\Microsoft.CandyCrushWallpapers_4.0.0.0_neutral__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2021-06-05] (SEIKO EPSON CORPORATION)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-04-03] (Random Salad Games LLC)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.43.4305.0_x86__ytsefhwckbdv6 [2021-09-06] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-25] (HP Inc.)
Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.8.5.0_x64__np8fj6akx2czy [2021-08-16] (ZiMAD)
Mahjong Deluxe Free -> C:\Program Files\WindowsApps\664D3057.MahjongDeluxeFree_7.6.24.0_x86__wwtpmf9bcrwqj [2021-09-08] (EnsenaSoft S.A. de C.V.) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NANO Antivirus Sky Scan -> C:\Program Files\WindowsApps\NANOSecurity.NANOAntivirusSkyScan_1.0.0.136_neutral__ngys1jhtztczt [2020-03-18] (NANO Security)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Pet Rescue Saga -> C:\Program Files\WindowsApps\king.com.PetRescueSaga_1.308.12.0_x86__kgqvnymyfvs32 [2021-09-15] (king.com)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-26] (Microsoft Corporation)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.0.59.0_x64__kx24dqmazqk8j [2021-08-20] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-04] (Random Salad Games LLC)
Simple Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleWordSearch_4.0.10.0_x64__kx24dqmazqk8j [2021-04-21] (Random Salad Games LLC)
Simply.Write -> C:\Program Files\WindowsApps\63182Timothep.Simply.Write_1.1.0.2_neutral__seant9jxjqdtj [2020-05-09] (Timothep)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-09] (Snapfish)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0 [2021-09-17] (Spotify AB) [Startup Task]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2021-06-05] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ellen Cottrell (Ellen Cottrell Smith) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359,"c:\program files (x86)\logmein rescue applet\lmir0b9e1001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_5f60a53f-02f1-5f92-fdc9-a53623887aac,"c:\program files (x86)\logmein rescue applet\lmir0a570001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2020-05-26 14:37 - 000000906 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-10-13 14:17 - 2019-10-13 14:22 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DriverUpdSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeTechSupportDownloadService => 2
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: iWin Games Manager (Watcher) V4 => 3
MSCONFIG\Services: iWin Games Manager V4 => 2
MSCONFIG\Services: LMIRescue_018eade4-1b0c-8247-fc7d-6e083df3eb18 => 2
MSCONFIG\Services: LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ScreenConnect Client (8335db6403be2f46) => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WildTangentHelper => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Home Tech Support.lnk"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "DeliveryAndStatusCheck"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1DC6DF64-E3F9-4086-A4FA-B26D95E28198}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{860FE18B-CFEF-4CEC-8890-67E99242FE20}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F69001DD-31B2-4F52-BFD5-3C17D6ABCA01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B3346371-94F3-4729-B0C2-DC2ADE1B9E2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{C694BDBE-4FAC-4677-B229-51E2BB7FE0B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{513302BB-433D-4F52-9489-4D478CD436A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6A087ED-5059-4910-B6DF-C6296E239A96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{38F64F3E-8527-4E20-AD19-75DA78786DCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D68D6FED-5948-4676-940B-5E0033A1E001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46E683AE-EB49-4F2A-A070-F4A1E7EDB54D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F8FB427-3B6D-4177-BA72-0091AA3BBA1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A45D4EF6-56E0-4853-9C66-434F6AF3720F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{221A2624-9C41-4B0D-820B-AC740B1B0A4C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{5717A864-C22A-45A4-B874-907AF3871E10}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6F602E2-2C49-4E6D-B330-0D23B548AC81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{13E0A4E8-DB07-49E5-A9DE-C74DE1ECDD4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90C009AD-E28A-45DA-90C9-38384828143D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E592674C-5794-4F33-A43F-791DA21EFBB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7C9B078-E0A8-4714-A2D0-716742E867BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{015C453D-A55D-435A-81A1-582D22212871}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D569565A-F6DF-4C58-9F34-65EB8C071A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0B2B3821-38AD-4D13-8E58-FC3D819AA0BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DA03F08-2A6C-4B13-82D3-C75BAD3355C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
15-09-2021 20:59:58 Windows Modules Installer
15-09-2021 21:27:08 Windows Modules Installer
16-09-2021 07:40:54 test5
16-09-2021 08:33:18 Windows Backup
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/16/2021 07:49:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 08:07:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 04:11:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 04:11:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/15/2021 08:10:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (09/15/2021 08:05:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bcacbe78-722c-45a9-a939-9b3f9f536661}
Error: (09/14/2021 09:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934
Exception code: 0xc000027b
Fault offset: 0x000000000010be3e
Faulting process id: 0x1924
Faulting application start time: 0x01d7a96247d99dd2
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 08d325b9-f6e1-49d0-97b4-ac9eea429da9
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
System errors:
=============
Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
Error: (09/16/2021 10:12:03 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume F: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (09/15/2021 05:51:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/15/2021 05:51:36 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/15/2021 05:51:24 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Windows Defender:
================
Date: 2021-09-15 09:23:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 12:36:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 09:00:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 08:04:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-08 18:29:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-15 17:05:44
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 14:31:06
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 14:21:08
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 08:30:28
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.778.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-09-13 13:08:32
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-09-12 16:47:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-09-12 16:03:09
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2021-09-07 14:43:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-09-07 14:43:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.27 04/07/2016
Motherboard: Hewlett-Packard 233F
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 34%
Total physical RAM: 8081.95 MB
Available physical RAM: 5331.95 MB
Total Virtual: 14081.95 MB
Available Virtual: 11490.07 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:446.5 GB) (Free:362.18 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.05 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{8ceba3ad-a0a1-41ed-b3fd-addff0347fae}\ () (Fixed) (Total:0.94 GB) (Free:0.39 GB) NTFS
\\?\Volume{4745f964-7290-4a5d-9e52-aea0281f0801}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 52937533)
Partition: GPT.
==================== End of Addition.txt =======================
Also Autoruns displayed Agentactivationruntimestarter , using duckduckgo this shows up many times as a virus.
xxxxxxxxxxxxxx FRST.TXT xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Ellen (administrator) on LAPTOP-58PSTIC9 (HP HP 15 Notebook PC) (17-09-2021 17:35:53)
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-10] (Hewlett-Packard -> HP)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-29] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1942400 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Run: [E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Print\Monitors\EPSON NX530 Series 64MonitorBA: C:\WINDOWS\system32\E_YLMHTA.DLL [118784 2010-09-28] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-10-29] (CyberLink Corp. -> CyberLink)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {032390EF-562C-4A5E-A5A4-F3507412AE00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A86DBB5-A798-47F3-A507-4DDE09E5DF04} - \{310FA174-6864-D976-B5C3-66BA81B91CB9} -> No File <==== ATTENTION
Task: {2E51498B-4A1F-4BAF-B090-0963A14046D2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {3EC7C0B9-8DEF-45D1-99CE-7FD09F3F6DF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {4D520021-16C5-4AD9-B1EC-C94E2EC3EDFF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [627128 2021-09-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {549FDA9F-942C-4754-B7A8-A663B49CE994} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {643B598A-AC05-44BB-A00E-1063BB700BD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {64F57F25-B2AC-4407-B44E-6A36149227E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {65FC85CD-76D0-4B29-8D06-5C8C1CA7BA00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {663A7A95-6CFB-40F6-A090-F8BF4122F140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {734FF164-081B-43E9-A400-BE1097151A30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7806B780-A4C3-4E87-896E-6D390CB4610D} - System32\Tasks\RunHomeTechSupportUpdateSVC => C:\Program Files (x86)\Home Tech Support\HomeTechSupportUpdateSVC.exe
Task: {7CA61D66-A59C-488E-9F76-6A5ABE96A41F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {89F27ED7-25FE-4221-A763-DE4475A25482} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {B751C05F-9C29-4A35-A91D-DEC2BF442C5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B8A10C6D-567F-48CE-AB5A-1B71A0433ED8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {BD8794BE-26D1-4E7D-838E-EE1B99CF1CB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C599B510-3A91-4585-A19D-EB10863C6212} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CACD12B9-F9FC-4756-B9E5-92932693DC61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E1C97093-F475-42E5-8C1A-470EE5F6E0A6} - System32\Tasks\CCleanerSkipUAC => C:\Users\Ellen\Desktop\TechTools\Scanners\CCleaner\CCleaner.exe
Task: {E519B2B8-D9A6-42C9-8780-FA0499C15F39} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2862440 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {F73785E0-EBAF-405F-A57D-75BCE23E2E2D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {FEF13405-E1D5-4243-9CD1-430487A9D7D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {FF692097-51D3-460E-ACFF-7D7A4B133CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {FFB6C9A3-C86B-4888-A369-BD3FDA30DA5F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-06-02] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{414092d5-c777-48c2-b7a4-de6098042d0b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7458add5-b96b-4bfb-b1e3-73018cb2bbd7}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{cbc5855e-ff92-457a-94e2-37cd5d584b00}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{ccfae9ef-b1b3-4af7-bf67-0dd0312d9ec1}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Ellen\Downloads
Edge Notifications: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> hxxps://mg.mail.yahoo.com; hxxps://mail.google.com; hxxps://www.facebook.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-17]
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://usdollarreports.com; hxxps://www.facebook.com; hxxps://www.instagram.com
Edge HomePage: Default -> hxxps://duckduckgo.com/
Edge NewTab: Default -> Not-active:"chrome-extension://pmgpmnhnchfkodemhkbodiflgacdfehf/modern_newtab.html"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Smarty) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2021-07-22]
Edge Extension: (Daily Recipe Ideas BETA EXTENSION) - C:\Users\Ellen\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmgpmnhnchfkodemhkbodiflgacdfehf [2020-08-31]
FireFox:
========
FF DefaultProfile: 7ise2ylt.default-1630949907107
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\TomTom\HOME\Profiles\510v9lkp.default [2021-02-19]
FF ProfilePath: C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 [2021-09-17]
FF Homepage: Mozilla\Firefox\Profiles\7ise2ylt.default-1630949907107 -> hxxps://duckduckgo.com/
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default [2021-09-12]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://trendingconsumerdeals.com; hxxps://www.12up.com; hxxps://www.facebook.com; hxxps://www.newsbreak.com
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-07]
CHR Extension: (Chrome Media Router) - C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-17]
CHR Profile: C:\Users\Ellen\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S4 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\FileSyncHelper.exe [2198376 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-08-25] (HP Inc. -> HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-12] (Malwarebytes Inc -> Malwarebytes)
S4 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\OneDriveUpdaterService.exe [2573160 2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S4 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]
S4 LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359; "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0B9E1001.tmp\LMI_Rescue_srv.exe" -service -sid 34794400-e9ec-fdef-bc50-b00f67184359 -wd "C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet\LMIR0B9A8001.tmp\\"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-09-05] (AVAST Software a.s. -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-20] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41400 2015-08-31] (CyberLink Corp. -> CyberLink Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-15] (Malwarebytes Inc -> Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 17:35 - 2021-09-17 17:42 - 000018462 _____ C:\Users\Ellen\Desktop\FRST.txt
2021-09-17 17:34 - 2021-09-17 17:38 - 000000000 ____D C:\FRST
2021-09-17 17:33 - 2021-09-17 17:30 - 002304000 _____ (Farbar) C:\Users\Ellen\Desktop\FRST64.exe
2021-09-17 16:56 - 2021-09-17 16:56 - 000000000 ____D C:\Users\Ellen\Desktop\Autoruns
2021-09-16 16:28 - 2021-09-16 16:28 - 000000000 ____D C:\WINDOWS\Panther
2021-09-16 12:59 - 2021-09-16 12:59 - 000001663 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TFC.exe - Shortcut.lnk
2021-09-15 23:08 - 2021-09-15 23:08 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 23:08 - 2021-09-15 23:08 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-15 23:08 - 2021-09-15 23:08 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-15 23:08 - 2021-09-15 23:08 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-15 23:07 - 2021-09-15 23:07 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-15 21:15 - 2021-09-15 21:15 - 000000000 ___HD C:\$WinREAgent
2021-09-15 17:54 - 2021-09-15 17:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-15 17:05 - 2021-09-15 17:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-09-15 14:30 - 2021-09-15 14:30 - 000000112 ___SH C:\bootTel.dat
2021-09-14 09:03 - 2021-09-14 09:03 - 000001705 _____ C:\Users\Ellen\Desktop\swriter.exe - Shortcut.lnk
2021-09-14 08:53 - 2021-09-14 08:53 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\OpenOffice
2021-09-14 08:47 - 2021-09-14 08:47 - 000001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.10.lnk
2021-09-14 08:47 - 2021-09-14 08:47 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.10
2021-09-14 08:45 - 2021-09-14 08:45 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-09-13 18:47 - 2021-09-13 18:47 - 000003656 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\WINDOWS\ERUNT
2021-09-13 18:03 - 2021-09-13 18:03 - 000000000 ____D C:\JRT
2021-09-13 15:15 - 2021-09-13 15:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-13 08:45 - 2021-09-13 08:45 - 000425304 _____ (Secure By Design Inc.) C:\Users\Ellen\Downloads\Ninite OpenOffice Installer.exe
2021-09-12 15:54 - 2021-09-12 15:54 - 000000000 ____D C:\Users\Ellen\AppData\Local\MBAM
2021-09-12 15:51 - 2021-09-12 15:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-12 15:50 - 2021-09-12 15:46 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-12 15:49 - 2021-09-12 15:47 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-12 15:47 - 2021-09-12 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-08 15:08 - 2021-09-08 15:08 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2021-09-08 15:06 - 2021-09-17 16:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-07 17:58 - 2021-09-07 17:59 - 000000000 ____D C:\WINDOWS\pss
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
2021-09-07 08:29 - 2021-09-07 08:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-09-07 08:29 - 2021-09-07 08:29 - 000000000 ____D C:\Program Files\VS Revo Group
2021-09-06 17:56 - 2021-09-07 13:18 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-09-06 13:53 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\My Files Shortcuts
2021-09-06 13:52 - 2021-09-06 13:53 - 000000000 ____D C:\Users\Ellen\Desktop\GAMES
2021-09-06 13:36 - 2021-09-17 17:08 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-06 13:28 - 2021-09-06 13:29 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-06 08:56 - 2021-09-06 08:56 - 000001047 _____ C:\Users\Ellen\Desktop\MAINTAIN - Tools.lnk
2021-09-06 08:54 - 2021-09-06 08:54 - 000000884 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAINTAIN.lnk
2021-09-06 08:36 - 2021-09-06 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:37 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-06 08:35 - 2021-09-06 08:35 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-09-06 08:22 - 2021-09-06 08:30 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2021-09-06 08:22 - 2021-09-06 08:22 - 000000000 ____D C:\Program Files (x86)\CleanUp!
2021-09-05 17:18 - 2021-09-05 17:18 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-05 17:16 - 2021-09-05 17:16 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-05 17:16 - 2021-09-05 17:16 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-05 17:15 - 2021-09-05 17:15 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-05 17:14 - 2021-09-05 17:14 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-05 17:14 - 2021-09-05 17:14 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-05 17:11 - 2021-09-05 17:11 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-05 17:11 - 2021-09-05 17:11 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-05 17:09 - 2021-09-05 17:09 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-05 17:09 - 2021-09-05 17:09 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-05 17:08 - 2021-09-05 17:08 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-05 17:07 - 2021-09-05 17:07 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-31 18:29 - 2021-09-15 23:37 - 000676464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-31 17:34 - 2021-08-31 17:34 - 000002335 _____ C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HTS PC Assistant.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 17:52 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-17 17:33 - 2018-06-18 19:36 - 000000000 ____D C:\Users\Ellen\AppData\LocalLow\Mozilla
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-17 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-17 17:15 - 2016-11-17 19:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-17 16:53 - 2016-11-05 19:32 - 000000000 __SHD C:\Users\Ellen\IntelGraphicsProfiles
2021-09-17 16:52 - 2020-10-09 01:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-17 16:51 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-17 16:25 - 2020-10-09 00:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-16 16:30 - 2018-07-26 15:21 - 000000000 ____D C:\Users\Ellen\AppData\Local\D3DSCache
2021-09-16 14:36 - 2020-10-10 08:14 - 000000000 ____D C:\WINDOWS\Minidump
2021-09-16 13:05 - 2020-05-19 20:13 - 000000000 ____D C:\Users\Ellen\MAINTAIN
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-15 23:34 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-15 23:34 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-15 23:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-15 18:18 - 2021-07-15 19:53 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-15 18:18 - 2017-01-27 10:08 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-15 10:44 - 2016-11-18 13:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-15 10:29 - 2016-11-18 13:16 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 09:07 - 2021-08-02 11:06 - 000002359 _____ C:\Users\Ellen\Desktop\Microsoft Edge.lnk
2021-09-14 09:02 - 2018-08-15 17:24 - 000000000 ____D C:\Users\Ellen\AppData\Local\CrashDumps
2021-09-14 08:20 - 2017-12-15 00:03 - 000000000 ____D C:\Users\Ellen\AppData\Local\Packages
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-13 16:11 - 2018-01-01 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-09-13 15:15 - 2018-01-01 16:38 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-13 14:41 - 2020-10-09 00:52 - 000000000 ____D C:\Users\Ellen
2021-09-13 03:10 - 2020-06-15 08:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-12 17:51 - 2016-09-11 03:43 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-09-12 17:51 - 2016-08-11 17:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-09-12 17:51 - 2016-04-15 21:08 - 000000000 ___HD C:\hp
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hewlett-Packard
2021-09-12 17:50 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\Hewlett-Packard
2021-09-12 17:50 - 2016-09-11 04:07 - 000000000 ____D C:\ProgramData\HP
2021-09-12 17:50 - 2016-08-11 17:19 - 000000000 ____D C:\Program Files\HP
2021-09-12 17:49 - 2016-11-05 19:34 - 000000000 ____D C:\Users\Ellen\AppData\Local\HP
2021-09-12 15:50 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-08 15:22 - 2018-02-18 04:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-08 15:07 - 2018-08-02 09:37 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2021-09-08 14:59 - 2016-09-11 04:09 - 000000000 ____D C:\ProgramData\AVAST Software
2021-09-08 14:57 - 2016-11-23 07:49 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\AVAST Software
2021-09-08 14:52 - 2020-10-09 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-08 07:46 - 2017-05-22 04:13 - 000000000 ____D C:\Program Files\Intel
2021-09-07 18:10 - 2020-10-09 18:56 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-05 18:38 - 2020-10-09 01:06 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-05 18:22 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-05 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-05 18:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-04 06:32 - 2018-01-20 18:24 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Card Games 2012
2021-09-04 02:45 - 2020-09-29 23:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-03 10:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-09-01 10:54 - 2020-05-26 12:17 - 000000000 ____D C:\Users\Ellen\AppData\Roaming\Hoyle Puzzle and Board Games
2021-09-01 09:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-01 09:28 - 2020-05-26 12:12 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2021-08-31 19:16 - 2017-01-10 16:30 - 000000000 ____D C:\Users\Ellen\AppData\Local\LogMeIn Rescue Applet
2021-08-18 22:00 - 2020-10-09 01:28 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 22:00 - 2020-10-09 01:28 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
==================== Files in the root of some directories ========
2020-05-26 22:10 - 2020-05-26 22:10 - 000000372 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp.bat
2020-05-26 22:10 - 2020-05-26 22:10 - 000000297 _____ () C:\Program Files (x86)\LMIR0B9E1001.tmp_r.bat
2017-08-19 08:21 - 2018-07-17 00:55 - 000000457 _____ () C:\Users\Ellen\AppData\Roaming\WB.CFG
2017-12-23 18:55 - 2017-12-23 19:48 - 000000056 _____ () C:\Users\Ellen\AppData\Local\b5wqke8ztn
2017-12-12 14:45 - 2017-12-19 14:45 - 000000052 _____ () C:\Users\Ellen\AppData\Local\JzvrnjfbXN
2018-07-26 15:57 - 2018-10-22 17:54 - 000007605 _____ () C:\Users\Ellen\AppData\Local\resmon.resmoncfg
2021-09-07 14:33 - 2021-09-07 14:33 - 000000000 _____ () C:\Users\Ellen\AppData\Local\{0BAB187B-8DB0-4278-894F-BC6AD3286E52}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Ellen (17-09-2021 17:54:08)
Running from C:\Users\Ellen\Desktop
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-10-09 05:32:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1090913373-2922820011-1866748315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1090913373-2922820011-1866748315-503 - Limited - Disabled)
Ellen (S-1-5-21-1090913373-2922820011-1866748315-1001 - Administrator - Enabled) => C:\Users\Ellen
Guest (S-1-5-21-1090913373-2922820011-1866748315-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1090913373-2922820011-1866748315-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-cd44445c-5a21-4774-a0a4-189779d2b187) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-3efeb4f5-d32d-450c-ad7a-48896a784198) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-e3be35f2-6e86-43f7-85f0-9455e2f52ef4) (Version: 3.0.2.48 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Coyote The Outlander (HKLM-x32\...\WTA-3c1af691-02cf-4749-9fb3-35e38ccbd9e2) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-91ef5cee-232d-44d8-9912-2a4a76c522ca) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-55adafa3-427d-46bc-8055-9883c90ede6f) (Version: 3.0.2.59 - WildTangent) Hidden
EPSON NX530 Series Printer Uninstall (HKLM\...\EPSON NX530 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-0ef3874c-5391-4d6d-b3d7-31a9d3cb18c5) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Hidden Expedition - Everest (remove only) (HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\Hidden Expedition - Everest) (Version: - )
Home Makeover (HKLM-x32\...\WTA-d26d5c19-5118-455f-a5ed-f4f4d67049af) (Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Card Games 2005 (HKLM-x32\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}) (Version: 1.0.0 - Encore)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-a1105700-2b36-4779-8c3a-6f33cec127a7) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-27b54f59-aa98-4682-be10-b315507a91d4) (Version: 3.0.2.59 - WildTangent) Hidden
IMSI MasterPublisher (HKLM-x32\...\IMSI MasterPublisher) (Version: - )
IMSI Utilities (HKLM-x32\...\IMSI Utilities) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jack the Ripper Extended Edition (HKLM-x32\...\Jack the Ripper Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Jewel Match Snowscapes (HKLM-x32\...\WTA-11dbe5a3-9e67-4305-8958-8e05baba0c10) (Version: 3.0.2.118 - WildTangent) Hidden
Jewel Quest (HKLM-x32\...\Jewel Quest) (Version: 1.1.0.0 - MumboJumbo)
Jungo (HKLM-x32\...\Jungo) (Version: 1.1.0.0 - MumboJumbo)
Little Farm (HKLM-x32\...\Little Farm) (Version: 1.1.0.0 - MumboJumbo)
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-b1872084-7f51-4aeb-98ff-e7ed87a9feee) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-2ec50624-927d-4554-9f88-beb7990c9e35) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-62ee8973-c1a8-4ec6-aeb4-496cf924399f) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-edf52ba9-d27c-41af-8e9e-2069da535f70) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-8402d08b-401f-40cd-b20c-dada5c1d4689) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox 92.0 (x86 en-US)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-4d39ff92-c2a8-4e6d-9f9f-21f4303895bb) (Version: 3.0.2.59 - WildTangent) Hidden
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Plagiarii (HKLM-x32\...\WTA-5e5658bd-c67b-476f-ba0c-1c84973c29c8) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6dfb1fa1-8321-46f9-b3cf-49cf8adff495) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.3.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.0 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-ccc66206-bece-4d25-ae60-508e375caa0c) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-7b708e94-5265-406a-a3fb-0d35074a5576) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-f08a939b-c9d5-46a8-8894-0ff17cd0e33b) (Version: 3.0.2.59 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.72.10.0_x86__kgqvnymyfvs32 [2021-09-02] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2110.1.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.202.400.0_x86__kgqvnymyfvs32 [2021-09-16] (king.com)
Candy Crush Wallpapers -> C:\Program Files\WindowsApps\Microsoft.CandyCrushWallpapers_4.0.0.0_neutral__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2021-06-05] (SEIKO EPSON CORPORATION)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-04-03] (Random Salad Games LLC)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.43.4305.0_x86__ytsefhwckbdv6 [2021-09-06] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-25] (HP Inc.)
Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.8.5.0_x64__np8fj6akx2czy [2021-08-16] (ZiMAD)
Mahjong Deluxe Free -> C:\Program Files\WindowsApps\664D3057.MahjongDeluxeFree_7.6.24.0_x86__wwtpmf9bcrwqj [2021-09-08] (EnsenaSoft S.A. de C.V.) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NANO Antivirus Sky Scan -> C:\Program Files\WindowsApps\NANOSecurity.NANOAntivirusSkyScan_1.0.0.136_neutral__ngys1jhtztczt [2020-03-18] (NANO Security)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Pet Rescue Saga -> C:\Program Files\WindowsApps\king.com.PetRescueSaga_1.308.12.0_x86__kgqvnymyfvs32 [2021-09-15] (king.com)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-26] (Microsoft Corporation)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.0.59.0_x64__kx24dqmazqk8j [2021-08-20] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-04] (Random Salad Games LLC)
Simple Word Search -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleWordSearch_4.0.10.0_x64__kx24dqmazqk8j [2021-04-21] (Random Salad Games LLC)
Simply.Write -> C:\Program Files\WindowsApps\63182Timothep.Simply.Write_1.1.0.2_neutral__seant9jxjqdtj [2020-05-09] (Timothep)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-09] (Snapfish)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0 [2021-09-17] (Spotify AB) [Startup Task]
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2021-06-05] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.016.0124.0003\amd64\FileSyncShell64.dll [2021-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-09-12] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Ellen Cottrell (Ellen Cottrell Smith) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Ellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359,"c:\program files (x86)\logmein rescue applet\lmir0b9e1001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_5f60a53f-02f1-5f92-fdc9-a53623887aac,"c:\program files (x86)\logmein rescue applet\lmir0a570001.tmp\lmi_rescue_srv.exe => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1090913373-2922820011-1866748315-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2020-05-26 14:37 - 000000906 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-10-13 14:17 - 2019-10-13 14:22 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DriverUpdSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeTechSupportDownloadService => 2
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPTouchpointAnalyticsService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: iWin Games Manager (Watcher) V4 => 3
MSCONFIG\Services: iWin Games Manager V4 => 2
MSCONFIG\Services: LMIRescue_018eade4-1b0c-8247-fc7d-6e083df3eb18 => 2
MSCONFIG\Services: LMIRescue_34794400-e9ec-fdef-bc50-b00f67184359 => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ScreenConnect Client (8335db6403be2f46) => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: WildTangentHelper => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Home Tech Support.lnk"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "DeliveryAndStatusCheck"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "E503D7536F7E7A21DC8A2352BC2CEE0FF8CAED01._service_run"
HKU\S-1-5-21-1090913373-2922820011-1866748315-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1DC6DF64-E3F9-4086-A4FA-B26D95E28198}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{860FE18B-CFEF-4CEC-8890-67E99242FE20}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F69001DD-31B2-4F52-BFD5-3C17D6ABCA01}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B3346371-94F3-4729-B0C2-DC2ADE1B9E2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{C694BDBE-4FAC-4677-B229-51E2BB7FE0B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{513302BB-433D-4F52-9489-4D478CD436A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6A087ED-5059-4910-B6DF-C6296E239A96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{38F64F3E-8527-4E20-AD19-75DA78786DCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D68D6FED-5948-4676-940B-5E0033A1E001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46E683AE-EB49-4F2A-A070-F4A1E7EDB54D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F8FB427-3B6D-4177-BA72-0091AA3BBA1F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A45D4EF6-56E0-4853-9C66-434F6AF3720F}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{221A2624-9C41-4B0D-820B-AC740B1B0A4C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe => No File
FirewallRules: [{5717A864-C22A-45A4-B874-907AF3871E10}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6F602E2-2C49-4E6D-B330-0D23B548AC81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{13E0A4E8-DB07-49E5-A9DE-C74DE1ECDD4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90C009AD-E28A-45DA-90C9-38384828143D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E592674C-5794-4F33-A43F-791DA21EFBB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7C9B078-E0A8-4714-A2D0-716742E867BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{015C453D-A55D-435A-81A1-582D22212871}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D569565A-F6DF-4C58-9F34-65EB8C071A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0B2B3821-38AD-4D13-8E58-FC3D819AA0BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DA03F08-2A6C-4B13-82D3-C75BAD3355C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.168.628.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
15-09-2021 20:59:58 Windows Modules Installer
15-09-2021 21:27:08 Windows Modules Installer
16-09-2021 07:40:54 test5
16-09-2021 08:33:18 Windows Backup
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/16/2021 07:49:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 08:07:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 04:11:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/16/2021 04:11:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (09/15/2021 08:10:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (09/15/2021 08:05:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bcacbe78-722c-45a9-a939-9b3f9f536661}
Error: (09/14/2021 09:02:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x4fe0bcb3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934
Exception code: 0xc000027b
Fault offset: 0x000000000010be3e
Faulting process id: 0x1924
Faulting application start time: 0x01d7a96247d99dd2
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 08d325b9-f6e1-49d0-97b4-ac9eea429da9
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
System errors:
=============
Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
Error: (09/16/2021 10:28:35 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: Filter Manager failed to attach to volume '\Device\HarddiskVolume16'. This volume will be unavailable for filtering until a reboot. The final status was 0xc03a001c.
Error: (09/16/2021 10:12:03 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume F: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (09/15/2021 05:55:39 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-58PSTIC9)
Description: The server {7966B4D8-4FDC-4126-A10B-39A3209AD251} did not register with DCOM within the required timeout.
Error: (09/15/2021 05:51:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/15/2021 05:51:36 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/15/2021 05:51:24 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-58PSTIC9)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Windows Defender:
================
Date: 2021-09-15 09:23:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 12:36:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 09:00:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-09 08:04:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-08 18:29:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-09-15 17:05:44
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 14:31:06
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 14:21:08
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2021-09-15 08:30:28
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.349.778.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18500.10
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-09-13 13:08:32
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-09-12 16:47:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-09-12 16:03:09
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2021-09-07 14:43:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-09-07 14:43:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.27 04/07/2016
Motherboard: Hewlett-Packard 233F
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 34%
Total physical RAM: 8081.95 MB
Available physical RAM: 5331.95 MB
Total Virtual: 14081.95 MB
Available Virtual: 11490.07 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:446.5 GB) (Free:362.18 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.05 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{8ceba3ad-a0a1-41ed-b3fd-addff0347fae}\ () (Fixed) (Total:0.94 GB) (Free:0.39 GB) NTFS
\\?\Volume{4745f964-7290-4a5d-9e52-aea0281f0801}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 52937533)
Partition: GPT.
==================== End of Addition.txt =======================