Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02 Ran by Stephs HP Elite (administrator) on STEPHSGRAYHP (Hewlett-Packard HP EliteBook 8470p) (28-09-2021 10:16:16) Running from C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop Loaded Profiles: grayHPElite & Stephs HP Elite Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Default browser not detected! Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <5> (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2833504 2017-08-26] (Synaptics Incorporated -> Synaptics Incorporated) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370088 2021-09-10] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\Run: [Windscribe] => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {33586c8d-3a48-11e9-84a2-2c59e5b9da1b} - E:\windows\AutoRun.exe HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {5cb923ce-1e1e-11e9-9842-2c59e5b9da1b} - E:\windows\AutoRun.exe HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {5cb92416-1e1e-11e9-9842-2c59e5b9da1b} - E:\windows\AutoRun.exe HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {7cd1f3c1-59dd-11ea-b0d5-2c59e5b9da1b} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\MountPoints2: {7cd1f3cf-59dd-11ea-b0d5-2c59e5b9da1b} - E:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\...\Policies\system: [ConnectHomeDirToRoot] 0 HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Software\Policies\...\system: [disablecmd] 0 HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Software\Policies\...\system: [DenyRsopToInteractiveUser] 0 HKLM\...\Providers\LanMan Print Services: C:\Windows\SysWOW64\win32spl.dll [497664 2017-08-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: CNMLMBX.DLL HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: CNMXLMBX.DLL HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: EP0SLM01.DLL HKLM\...\Print\Monitors\EPSON WorkForce 630 Series 64MonitorBA: E_ILMGBA.DLL HKLM\...\Print\Monitors\EpsonNet Print Port: enppmon.dll HKLM\...\Print\Monitors\HP C511 Status Monitor: hpinkstsC511LM.dll HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): HPDiscoPMC511.dll HKLM\...\Print\Monitors\Local Port: localspl.dll HKLM\...\Print\Monitors\Standard TCP/IP Port: tcpmon.dll HKLM\...\Print\Monitors\USB Monitor: usbmon.dll HKLM\...\Print\Monitors\WSD Port: WSDMon.dll HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\93.1.29.81\Installer\chrmstp.exe [2021-09-28] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{296985B0-9E7B-49B0-9C65-7847A6489C4D}] -> C:\Program Files (x86)\ASAP Utilities\Add_ASAP_Utilities_to_the_Excel_menu.exe [2021-04-14] (A Must in Every Office B.V. -> ) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D00AE86-E9F9-43A0-82A4-79EBA59183E2}] -> "C:\Program Files (x86)\Avira\Scout\Application\58.0.3029.2783\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{8bf9a910-a8ff-457f-999f-a5ca10b4a885}] -> C:\Windows\SysWOW64\SmartcardCredentialProvider.dll [2013-10-03] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\Windows\SysWOW64\SmartcardCredentialProvider.dll [2013-10-03] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\Windows\SysWOW64\wlgpclnt.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{0E28E245-9368-4853-AD84-6DA3BA35BB75}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{17D89FEC-5C44-4972-B12D-241CAEF74509}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{1A6364EB-776B-4120-ADE1-B63A406A76B5}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\Windows\SysWOW64\fdeploy.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\Windows\SysWOW64\gptext.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] -> C:\Windows\SysWOW64\gpscript.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{5794DAFD-BE60-433f-88A2-1A31939AC01F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{6232C319-91AC-4931-9385-E70C2B099F0E}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{728EE579-943C-4519-9EF7-AB56765798ED}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{74EE6C03-5363-4554-B161-627540339CAB}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\Windows\SysWOW64\scecli.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{91FBB303-0CD5-4055-BF42-E512A681B325}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{A3F3E39B-5D83-4940-B954-28315B82F0A8}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{AADCED64-746C-4633-A97C-D61349046527}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{B087BE9D-ED37-454f-AF9C-04291E351182}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\Windows\SysWOW64\dot3gpclnt.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{c6dc5466-785a-11d2-84d0-00c04fb169f7}] -> C:\Windows\SysWOW64\appmgmts.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\Windows\SysWOW64\gptext.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{E5094040-C46C-4115-B030-04FB2E545B00}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> auditcse.dll HKLM\Software\...\Winlogon\GPExtensions: [{F9C77450-3A41-477E-9310-9ACD617BD9E3}] -> C:\Windows\SysWOW64\gpprefcl.dll [2016-05-12] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\Windows\SysWOW64\gptext.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\Windows\SysWOW64\gptext.dll [2009-07-13] (Microsoft Windows -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\Users\Stephs HP Elite\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\Users\Stephs HP Elite.STEPHSGRAYHP\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A60F60B-34ED-4FA0-9354-9510685D7112} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {0C9DF4BE-5A74-4A57-8A57-06B14BA3BFB7} - System32\Tasks\Microsoft\Windows\Wininet\CacheTask Task: {1286D389-4890-4EDB-8115-DD3A4B18256C} - \{6C07F1FA-041D-4677-9E0E-A34AEB08A60F} -> No File <==== ATTENTION Task: {13153C29-E293-4CBF-8A7C-1E0498C8DBCC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {13E72FE4-DFF2-4CDA-ABB7-959617E9A0AD} - \{DE32699B-5F53-4647-BC20-D23DA1AA995E} -> No File <==== ATTENTION Task: {1B1FCEF2-C9BE-4889-BF72-8CEEA9117FAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe Task: {218A7FCE-B4FF-4F2C-8554-8B89773642CE} - \{3183EA9F-B79F-4348-83A8-C83F79F566F0} -> No File <==== ATTENTION Task: {227ABF5C-A514-4806-891B-1DA506FA0626} - System32\Tasks\Microsoft\Windows\PLA\System\{12E11B3D-6520-49D7-96CD-5804FE9D62AD}_System Performance => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Performance" "$(Arg0)" Task: {227ABF5C-A514-4806-891B-1DA506FA0626} - System32\Tasks\Microsoft\Windows\PLA\System\{12E11B3D-6520-49D7-96CD-5804FE9D62AD}_System Performance => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{12E11B3D-6520-49D7-96CD-5804FE9D62AD}_System Performance" Task: {27C66E95-3C31-4F24-84EB-2F86CA876538} - \{AEC12F12-7F2F-4312-AA51-B771656A0011} -> No File <==== ATTENTION Task: {2C3DB68F-B4A8-4F52-9BE7-3EC912305858} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2FD3EF11-397D-44E4-9E81-D6DABDC8267D} - \{4A46DB2C-1BF0-4E42-A3B6-4DD59A66B8D8} -> No File <==== ATTENTION Task: {37648C8F-CD01-40FB-BC87-38EBC9C0C264} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {3A059635-30A9-4F83-80D7-0DC80C89912F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {416BF527-04F6-4622-9D0C-66317A8C4091} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {496197B3-7355-4A5E-A25F-62284A003E0C} - \{19B904CD-55C2-43AB-A0AF-A143A5EC39D9} -> No File <==== ATTENTION Task: {61A27A68-C9BA-4BCA-B081-3D574F409536} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {74F7A39D-E4FB-4182-86AE-1122FD431435} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {8023BB4E-DEBF-45F4-BB9B-F141F73BDD32} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION Task: {898A47E3-0320-45CA-81E5-BB4A3284F805} - \{D5143D3E-57D0-437D-A153-934233133CB6} -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION Task: {B6C80976-BA3B-4572-950A-263783BC89B8} - \Games\UpdateCheck_S-1-5-21-2051312817-2871648933-3297728195-1001 -> No File <==== ATTENTION Task: {C7F12209-DBE0-431B-B61B-A8A197587D2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {C8E2143C-EFC4-4EDB-8C3C-314B04725042} - \{06830E4B-CEB4-4B53-A258-9E4AB44B9287} -> No File <==== ATTENTION Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION Task: {D11F9389-A3DE-4321-A5C7-DCABE4BDA3E0} - System32\Tasks\Microsoft\Windows\PLA\System\{27A5A84D-C996-4A32-BC4C-05D32C787549}_System Diagnostics => Command(1): C:\Windows\system32\rundll32.exe -> C:\Windows\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {D11F9389-A3DE-4321-A5C7-DCABE4BDA3E0} - System32\Tasks\Microsoft\Windows\PLA\System\{27A5A84D-C996-4A32-BC4C-05D32C787549}_System Diagnostics => Command(2): C:\Windows\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{27A5A84D-C996-4A32-BC4C-05D32C787549}_System Diagnostics" Task: {D7904B9D-AD56-4A18-A371-B4170AC856F7} - \{ECB6370C-17B3-45F3-B9E6-ECDDE736A4B3} -> No File <==== ATTENTION Task: {DC8784C2-B5E8-49A2-AD98-F315C3FF25C8} - \{7DC38035-F04B-4A85-831B-8AEB2C7D92AF} -> No File <==== ATTENTION Task: {DD74C81C-5AC4-49E3-8F7A-04C19F2A34D3} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {DFEB737F-B096-4A06-BE35-2EFA7F694D06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {E10B475D-84EC-42BA-8657-C0229F0B3E2A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {E207A07D-88CA-41DD-A23B-456BAA88103F} - \{53E90FAB-5F85-4EFB-8553-69293AAAA6DB} -> No File <==== ATTENTION Task: {E2CBE2F0-4114-4CDB-822F-CA7199D72C0A} - \{84EF4C11-F574-486D-8055-46EC9B5E58CE} -> No File <==== ATTENTION Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [35328 2009-07-13] (Microsoft Windows -> Microsoft Corporation) Task: {EEBDA907-EE80-488D-BD76-5602FAFF13F0} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION Task: {F1AF1AF3-B7E0-4CF0-84C8-454BC656F16B} - \{903A76E8-FF34-441C-9CBC-8509B1F048EE} -> No File <==== ATTENTION Task: {F84CA99B-DEC8-4582-8FFD-B505D8513748} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {FDAD6F9B-5A0A-4253-ACBF-2659749FE680} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe Task: {FF409BC3-5D1D-499D-9D98-EA7E679E9EA3} - \{5D420FA5-C70D-4BD3-8594-1164BA08204A} -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\ScanToPCActivationApp.exe_{75269769-80D1-4EB6-B403-DCE8A38F3CAE}.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe Task: C:\Windows\Tasks\Toolbox.exe_{B94C979F-EC58-4C98-AC14-B7BD3B7E19A4}.job => C:\Program Files\HP\HP ENVY 4500 series\Bin\Toolbox.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{D009B743-03F5-41F7-82FE-128C651D1D42}: [DhcpNameServer] 75.75.75.75 75.75.76.76 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] (Adobe Systems Incorporated -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default [2021-09-28] CHR Notifications: Default -> hxxps://mail.google.com; hxxps://mail.protonmail.com; hxxps://www.netflix.com CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "chrome://newtab/","hxxps://www.virustotal.com/gui/file/79308a1f2b8ba1e3631ff1e16bcedff9cc989719bacee7c93da3b1f11a5f6ef8/detection","hxxps://www.hybrid-analysis.com/","hxxps://www.google.com/search?q=laptop+stolen+can+i+track+it+through+my+google+account%3F&oq=laptop+stolen+can+i+track+it+through+my+google+account%3F&aqs=chrome..69i57.16719j0j8&sourceid=chrome&ie=UTF-8","hxxps://www.quora.com/How-do-I-find-my-lost-laptop-with-Google#:~:text=How%20do%20I%20find%20my%20lost%20laptop%20with%20Google%3F&text=Go%20to%20myaccount.google.com,%2C%20Laptop%2C%20tablet%20or%20Chromebook.","hxxps://myaccount.google.com/u/0/security","hxxps://www.google.com/search?q=google+how+to+add+back+device+after+its+been+removed+from+list+of+devices&oq=google+how+to+add+back+device+after+its+been+removed+from+list+of+devices&aqs=chrome..69i57j69i64.36028j0j7&sourceid=chrome&ie=UTF-8","hxxps://support.google.com/mail/thread/6508440?hl=en","hxxps://www.quora.com/Can-I-re-add-a-device-that-I-remove-from-my-Google-account","hxxps://www.quora.com/settings","hxxps://mail.google.com/mail/u/0/?ogbl#inbox/FMfcgxwJWrgFdrWbPhzzWCQxwttfFSfp","hxxps://www.google.com/search?q=can+i+safely+stop+and+disable+windows+image+acquisition+windows+7&oq=can+i+safely+stop+and+disable+windows+image+acquisition+windows+7&aqs=chrome..69i57.19167j0j7&sourceid=chrome&ie=UTF-8","hxxps://sourcedaddy.com/windows-7/disabling-unneeded-services.html","hxxp://www.optimizingpc.com/windows7/optimizing_windows_7_services.html","hxxps://www.howtoguides.org/windows-7-services-safe-to-disable","hxxps://www.google.com/search?ei=DSgdX_n0I8S6tQbI-ar4AQ&q=windows+7+services+adaptive+brightness+cannot+find+path+specified&oq=windows+7+services+adaptive+brightness+cannot+find+path+specified&gs_lcp=CgZwc3ktYWIQAzoHCAAQRxCwA1DdogdYuakHYLWwB2gBcAB4AIABSogBiwOSAQE2mAEAoAEBqgEHZ3dzLXdpesABAQ&sclient=psy-ab&ved=0ahUKEwi5r6WjqurqAhVEXc0KHci8Ch8Q4dUDCAw&uact=5" CHR DefaultSearchURL: Default -> hxxp://{searchTerms} CHR Session Restore: Default -> is enabled. CHR Extension: (Google Drive) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-31] CHR Extension: (YouTube) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-08-30] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31] CHR Extension: (Gmail) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-31] CHR Profile: C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-31] CHR Profile: C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-25] CHR Notifications: Profile 1 -> hxxps://mail.google.com; hxxps://repack-games.com; hxxps://www.netflix.com CHR HomePage: Profile 1 -> hxxps://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/" CHR NewTab: Profile 1 -> Not-active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html" CHR Extension: (Slides) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-04] CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2020-09-04] CHR Extension: (Docs) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-04] CHR Extension: (Dictanote) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aomjekmpappghadlogpigifkghlmebjk [2020-09-04] CHR Extension: (Google Drive) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28] CHR Extension: (BeFunky Photo Editor) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2020-09-04] CHR Extension: (Fotor Photo Editor) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2020-09-04] CHR Extension: (DuckDuckGo) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-09-08] CHR Extension: (YouTube) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-04] CHR Extension: (Honey) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-08-31] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-01] CHR Extension: (OneTab) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-21] CHR Extension: (Infinity New Tab) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2021-09-15] CHR Extension: (Adobe Acrobat) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-13] CHR Extension: (Lucidpress | Free Design Tool) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdiljnnpfniifgbaippdemegmlhoohka [2020-09-04] CHR Extension: (Dashlane - Password Manager) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2021-09-23] CHR Extension: (Sheets) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-04] CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2021-06-23] CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2021-08-11] CHR Extension: (Google Docs Offline) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-23] CHR Extension: (SwagButton) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2021-06-25] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-09-25] CHR Extension: (Voice Search) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad [2021-07-06] CHR Extension: (Kindle Cloud Reader) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-09-04] CHR Extension: (Pixlr Editor) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2020-09-04] CHR Extension: (Voice Recognition) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2020-09-04] CHR Extension: (PERSONALITY TEST) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeioepnpmchgpdppmhdgjdcicanmbflk [2020-09-04] CHR Extension: (Grammarly for Chrome) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-09-21] CHR Extension: (Do It (Tomorrow)) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2020-09-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-08-24] CHR Extension: (Gmail) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25] CHR Profile: C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-31] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] Brave: ======= BRA Profile: C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-09-28] BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop BRA DefaultSearchKeyword: Default -> :br BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms} BRA Extension: (Adblock Plus - free ad blocker) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-28] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-09-28] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-09-28] BRA Extension: (Brave NTP sponsored images) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-09-28] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-28] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-09-28] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-28] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-09-28] (Brave Software, Inc. -> BraveSoftware Inc.) S2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2021-09-10] (EXPRSVPN LLC -> ExpressVPN) S4 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S2 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2014-08-15] (Microsoft Corporation) [File not signed] S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed] S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Validity Sensors, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation) S4 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X] S4 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X] S4 AviraOptimizerHost; "C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [18800 2021-09-10] (ExprsVPN LLC -> ) S3 fiddrv64; no ImagePath S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (Sqa.com(Test) -> QUALCOMM Incorporated) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp. -> JMicron Technology Corp.) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated) S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7675392 2010-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) S3 nlwt; C:\Windows\System32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC) R1 nordlwf; C:\Windows\System32\DRIVERS\nordlwf.sys [29384 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.) S3 PORTMON; C:\Users\Stephs HP Elite.STEPHSGRAYHP\Downloads\SysinternalsSuite\PORTMSYS.SYS [28656 2021-04-28] (Systems Internals) [File not signed] S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [23552 2018-03-17] (Silicon Laboratories) [File not signed] S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [79360 2018-03-17] (Silicon Laboratories) [File not signed] S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [700128 2015-06-16] (Sunplus Innovation Technology Inc. -> Sunplus) S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [543744 2012-11-12] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35784 2017-03-20] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [36208 2020-09-22] (ExprsVPN LLC -> The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-08] (Adlice -> ) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18] (Oracle Corporation -> Oracle Corporation) U3 aswbdisk; no ImagePath U1 avgbdisk; no ImagePath S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 esihdrv; \??\C:\Users\STEPHS~1.STE\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION S3 MFE_RR; \??\C:\Users\STEPHS~1.STE\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION S2 NDivert; system32\DRIVERS\NDivert.sys [X] S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X] S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X] U0 vlflt; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-28 10:16 - 2021-09-28 10:16 - 000035127 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FRST.txt 2021-09-28 10:16 - 2021-09-28 10:16 - 000000000 ____D C:\FRST 2021-09-28 10:00 - 2021-09-28 10:00 - 002304512 _____ (Farbar) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FRST64.exe 2021-09-28 07:36 - 2021-09-28 07:36 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-09-28 07:36 - 2021-09-28 07:36 - 000002284 _____ C:\Users\Public\Desktop\Brave.lnk 2021-09-28 07:36 - 2021-09-28 07:36 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\BraveSoftware 2021-09-28 07:35 - 2021-09-28 07:35 - 000000000 ____D C:\Program Files\BraveSoftware 2021-09-28 07:35 - 2021-09-28 07:35 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2021-09-28 07:34 - 2021-09-28 07:34 - 001243560 _____ (BraveSoftware Inc.) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Downloads\BraveBrowserSetup.exe 2021-09-28 06:41 - 2021-09-28 06:41 - 000001379 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2021-09-28 06:27 - 2021-09-28 06:27 - 000009947 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\hijackthis-info.txt 2021-09-28 06:27 - 2021-09-28 06:27 - 000000451 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.txt 2021-09-28 06:19 - 2021-09-28 06:19 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\VIPRE 2021-09-28 06:19 - 2021-09-28 06:19 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\VIPRE 2021-09-28 04:53 - 2021-09-28 05:32 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\backups 2021-09-28 04:46 - 2021-09-28 04:01 - 001342296 _____ (Google LLC) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\ChromeSetup (4).exe 2021-09-19 02:28 - 2021-09-19 02:28 - 003304534 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\telescope-instruction-manual-091921.pdf 2021-09-19 01:29 - 2021-09-19 01:29 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2021-09-15 07:42 - 2021-09-15 07:42 - 000892416 _____ (Farbar) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FarMiniToolBox.exe 2021-09-15 07:40 - 2021-09-15 07:40 - 000628779 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FarGrantPerms64.zip 2021-09-15 07:39 - 2021-09-15 07:39 - 000388608 _____ (Trend Micro Inc.) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HijackThis.exe 2021-09-15 07:37 - 2021-09-15 07:37 - 000957952 _____ (Farbar) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FarListParts64.exe 2021-09-15 07:36 - 2021-09-15 07:36 - 000673089 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How to remove a Trojan, Virus, Worm, or other Malware.pdf 2021-09-15 07:35 - 2021-09-15 07:35 - 000603016 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\Documentation for Farbar Recovery Scan Tool (FRST)_ - Anti-Virus, Anti-Malware, and Privacy Software.pdf 2021-09-15 07:34 - 2021-09-15 07:34 - 000745746 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How to use farbar recovery tool - Virus, Trojan, Spyware, and Malware Removal Help.pdf 2021-09-15 07:33 - 2021-09-15 07:33 - 000213767 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How do I disable Windows Defender in order to use Farbar Recovery_ - Anti-Virus, Anti-Malware, and Privacy Software.pdf 2021-09-15 07:32 - 2021-09-15 07:32 - 001646910 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\Interpreting FArbar Scan Tool Results - Virus, Trojan, Spyware, and Malware Removal Help.pdf 2021-09-15 07:30 - 2021-09-15 07:30 - 002166571 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.pdf 2021-09-15 07:27 - 2021-09-15 07:27 - 000909824 _____ (Farbar) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\FarSvSca.exe 2021-09-15 07:15 - 2021-09-15 07:15 - 000262263 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer.pdf 2021-09-15 07:14 - 2021-09-15 07:14 - 000386858 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\Remove OSDSoft DBUpdater.exe Miner Trojan.pdf 2021-09-15 07:08 - 2021-09-15 07:09 - 002115931 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\Remove the Soundrec.exe Miner Trojan.pdf 2021-09-15 07:05 - 2021-09-15 07:05 - 004314688 _____ (Don HO don.h@free.fr) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\npp.8.1.4.Installer.x64.exe 2021-09-15 07:02 - 2021-09-15 07:02 - 005659583 _____ (Swearware) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\ComboFix.exe 2021-09-15 07:01 - 2021-09-15 07:01 - 006402328 _____ (VIPRE Security) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\vipre-advanced-security-trial.exe 2021-09-15 06:55 - 2021-09-15 06:55 - 041898552 _____ (Adlice Software ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\RogueKiller_setup.exe 2021-09-15 06:54 - 2021-09-15 06:54 - 001058778 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How to use SUPERAntiSpyware to scan and remove malware from your computer.pdf 2021-09-15 06:50 - 2021-09-15 06:54 - 194982656 _____ (SUPERAntiSpyware) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\SUPERAntiSpyware.exe 2021-09-15 06:48 - 2021-09-15 07:08 - 002112633 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\Remove the Winlog.exe Miner Trojan.pdf 2021-09-15 06:41 - 2021-09-15 06:41 - 011331520 _____ (SurfRight B.V.) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HitmanPro_x64.exe 2021-09-15 06:40 - 2021-09-15 06:40 - 008553680 _____ (Malwarebytes) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\AdwCleaner.exe 2021-09-15 06:39 - 2021-09-15 06:38 - 001780224 _____ (Bleeping Computer, LLC) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\rkill-unsigned.exe 2021-09-15 06:38 - 2021-09-15 06:37 - 013922376 _____ (Zemana Ltd. ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\AntiMalware_Setup-z3m.exe 2021-09-15 06:33 - 2021-09-15 06:33 - 000261606 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\GMER - Rootkit Detector and Remover - Rootkits.pdf 2021-09-15 06:33 - 2021-09-15 06:33 - 000174242 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\rootrepeal.pdf 2021-09-15 06:31 - 2021-09-15 06:31 - 000542043 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\GMER - Rootkit Detector and Remover.pdf 2021-09-15 06:30 - 2021-09-15 06:30 - 000380928 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\eyh8hxxk.exe 2021-09-15 06:28 - 2021-09-15 06:29 - 000637288 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\How to use Malwarebytes Anti-Malware to scan and remove malware from your computer.pdf 2021-09-15 06:25 - 2021-09-15 06:25 - 064333800 _____ (Malwarebytes ) C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\mb3-setup-1878.1878-3.8.3.2965.exe 2021-09-15 05:35 - 2021-09-15 05:35 - 055968051 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\dllhost.DMP 2021-09-15 04:14 - 2021-09-15 04:15 - 018308168 _____ C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\conhost.DMP 2021-09-15 01:19 - 2021-09-15 01:19 - 000000000 ____D C:\Program Files (x86)\HP Universal Camera Driver 2021-09-14 05:29 - 2021-09-14 05:44 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Coolmuster 2021-09-14 05:29 - 2021-09-14 05:43 - 000000000 ____D C:\Program Files (x86)\Coolmuster 2021-09-07 18:00 - 2021-09-07 18:00 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-09-01 22:41 - 2021-09-05 22:09 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SS-PEAK-ALL 2021-08-31 04:32 - 2021-08-31 04:33 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-LS-JC-ALL 2021-08-31 04:25 - 2021-08-31 05:13 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SHAWN-ALL 2021-08-31 04:16 - 2021-09-28 07:32 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SS-UNEMP-ALL ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-28 10:14 - 2020-09-02 04:41 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\CrashDumps 2021-09-28 07:10 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf 2021-09-28 06:56 - 2021-04-11 00:29 - 000860364 _____ C:\Windows\ntbtlog.txt 2021-09-28 06:45 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\registration 2021-09-28 06:44 - 2019-03-08 01:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-09-28 06:44 - 2009-07-13 23:08 - 000032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2021-09-28 06:41 - 2016-07-21 14:34 - 000000000 __SHD C:\Users\Stephs HP Elite\IntelGraphicsProfiles 2021-09-28 06:40 - 2019-02-22 00:44 - 000021936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-09-28 06:40 - 2019-02-22 00:44 - 000021936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-09-28 06:28 - 2009-07-13 23:32 - 000000000 ____D C:\Program Files\Windows Sidebar 2021-09-28 06:22 - 2016-07-21 15:04 - 000000000 ____D C:\Program Files (x86)\Google 2021-09-28 04:50 - 2020-08-30 04:49 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\VirtualStore 2021-09-28 04:50 - 2009-07-13 23:13 - 001136670 _____ C:\Windows\system32\PerfStringBackup.INI 2021-09-28 00:19 - 2021-05-04 13:24 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SS-JC-DESKTOP-ALL-050421 2021-09-28 00:07 - 2021-07-15 01:17 - 000000000 ____D C:\Program Files (x86)\HP 2021-09-28 00:07 - 2021-02-23 02:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2021-09-25 13:36 - 2020-09-16 00:32 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Downloads\PC-tools-forensics-etc 2021-09-25 12:50 - 2020-09-08 02:26 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\ElevatedDiagnostics 2021-09-25 12:50 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF 2021-09-19 01:29 - 2021-07-08 00:16 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2021-09-19 01:29 - 2021-07-08 00:16 - 000002089 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2021-09-19 01:29 - 2016-10-09 23:15 - 000000000 ____D C:\ProgramData\Package Cache 2021-09-15 04:18 - 2021-04-13 02:29 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Downloaded Installations 2021-09-15 03:15 - 2021-04-08 03:46 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-PC-2021 2021-09-15 01:29 - 2015-12-04 13:20 - 000000000 ____D C:\Windows\system32\MRT 2021-09-15 01:19 - 2015-12-04 13:20 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-09-14 05:43 - 2021-01-30 22:55 - 000000996 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2021-09-14 05:43 - 2020-07-26 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2021-09-09 03:56 - 2021-06-12 03:40 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SS-JC-FINAL 2021-09-07 18:00 - 2020-09-01 17:31 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom 2021-08-31 04:17 - 2021-06-15 04:09 - 000000000 ____D C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop\HPE-SS-PERSONAL-2021 2021-08-30 14:45 - 2010-11-20 21:27 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======== 2017-04-25 19:23 - 2017-04-25 19:23 - 005478400 _____ () C:\Program Files (x86)\GUT58B7.tmp 2021-04-11 06:26 - 2021-04-11 06:26 - 000000036 _____ () C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\housecall.guid.cache 2021-01-31 02:25 - 2021-05-10 20:36 - 000007620 _____ () C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-02-01 03:06 ==================== End of FRST.txt ========================