Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02 Ran by Stephs HP Elite (28-09-2021 10:16:44) Running from C:\Users\Stephs HP Elite.STEPHSGRAYHP\Desktop Windows 7 Professional Service Pack 1 (X64) (2016-07-21 22:31:37) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2051312817-2871648933-3297728195-500 - Administrator - Disabled) grayHPElite (S-1-5-21-2051312817-2871648933-3297728195-1001 - Administrator - Enabled) => C:\Users\Stephs HP Elite Guest (S-1-5-21-2051312817-2871648933-3297728195-501 - Limited - Disabled) Stephs HP Elite (S-1-5-21-2051312817-2871648933-3297728195-1010 - Administrator - Enabled) => C:\Users\Stephs HP Elite.STEPHSGRAYHP ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.433 - Adobe) ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.9.1 - A Must in Every Office BV - Bastien Mensink) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 93.1.29.81 - Brave Software Inc) ExpressVPN (HKLM-x32\...\{65869a5c-fbab-41d6-8915-e8ed40cd7acf}) (Version: 10.7.0.71 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8763D7878}) (Version: 10.7.0.71 - ExpressVPN) Hidden HP 3D DriveGuard (HKLM\...\{C35A147C-5037-443A-9BF8-A5E7C2154CE4}) (Version: 5.1.7.1 - Hewlett-Packard Company) HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT) IntelĀ® Processor Identification Utility (HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\IntelĀ® Processor Identification Utility 6.1.0731) (Version: 6.1.0731 - Intel Corporation) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft OneDrive (HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) Revo Uninstaller 2.3.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.0 - VS Revo Group, Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0015-0000-0000-0000000FF1CE}_Access_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN) Zoom (HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\ZoomUMX) (Version: 5.2.1 (44052.0816) - Zoom Video Communications, Inc.) Zoom (HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2051312817-2871648933-3297728195-1010_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2018-12-19 12:46 - 2018-12-19 12:46 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll 2018-12-19 12:46 - 2018-12-19 12:46 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll 2018-12-19 12:46 - 2018-12-19 12:46 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll 2018-12-19 12:46 - 2018-12-19 12:46 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll 2018-12-19 12:46 - 2018-12-19 12:46 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:Easy$Duplicate$Finder [140] AlternateDataStreams: C:\Users\All Users:Easy$Duplicate$Finder [140] AlternateDataStreams: C:\ProgramData\Application Data:Easy$Duplicate$Finder [140] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44758306.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44758306.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR523.SYS => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Version 11) (Whitelisted) ========== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/ HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001 -> DefaultScope {C6E9AFC2-A8A0-421F-BEB3-8659716DA414} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms} SearchScopes: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001 -> {C6E9AFC2-A8A0-421F-BEB3-8659716DA414} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\...\sharepoint.com -> hxxps://netorg231697-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2021-05-10 20:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Microsoft FCIV;C:\Program Files (x86)\Sysinternals;C:\windows\system32\wbem;;%systemroot%\System32\WindowsPowerShell\v1.0\;%systemroot%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-2051312817-2871648933-3297728195-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephs HP Elite\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2051312817-2871648933-3297728195-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: hidserv => 2 MSCONFIG\Services: hpHotkeyMonitor => 2 MSCONFIG\Services: IJPLMSVC => 2 MSCONFIG\Services: IKEEXT => 2 MSCONFIG\Services: McAfee WebAdvisor => 2 MSCONFIG\Services: Mcx2Svc => 2 MSCONFIG\Services: upnphost => 2 MSCONFIG\Services: VaultSvc => 2 MSCONFIG\Services: WPDBusEnum => 2 MSCONFIG\startupfolder: C:^Users^Stephs HP Elite^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^XFINITY WiFi.lnk => C:\Windows\pss\XFINITY WiFi.lnk.Startup MSCONFIG\startupreg: Adobe CCXProcess => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: EPSON WorkForce 630 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\STEPHS~1\AppData\Local\Temp\E_SE84B.tmp" /EF "HKCU" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: McAfeeSafeConnect => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{D0A057E6-7D8F-4D07-A119-A39CD9144309}C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{6A11FC87-B361-48D1-A733-6FB1058D7969}C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{64F9B558-C70A-48F3-93EE-8FE949184956}] => (Allow) C:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [{23A6D05F-5C73-4DC3-B3D3-B08A480CB162}] => (Allow) C:\Program Files (x86)\Steam\steam.exe => No File FirewallRules: [{70359B4F-2032-4D7C-8B16-A14C8773A792}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{468348CE-C606-4EC9-995E-FA7A877434B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{DC7E3650-CD04-4AC1-BC63-B8B5583E37FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{B7609DA6-24CD-4616-B2E4-600BF7A7EA3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{D3D808CD-06BC-4112-8948-0CF19CDFDDEE}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe => No File FirewallRules: [UDP Query User{25EB54C5-CC61-4630-9118-2BA8F8174C33}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x64\ostriv.exe => No File FirewallRules: [TCP Query User{6921AE2F-8751-4653-825D-36E63A6C3D08}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe => No File FirewallRules: [UDP Query User{7D8A8B1D-8336-4E1C-AFEB-DB9000ACA532}C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\desktop\game\ostriv.v0.3.0.3\ostriv.v0.3.0.3\ostriv\x32\ostriv.exe => No File FirewallRules: [{BF126AA4-93E0-4BB4-A936-B260BB90E6EC}] => (Block) C:\Program Files\BlueStacks\HD-Player.exe => No File FirewallRules: [TCP Query User{11926BB8-88B2-4270-9D17-300F9C91FC79}C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{C24AB7ED-BEA3-452D-A9E8-0B4CF5C4CB8C}C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{5CFCAB11-A987-4DEB-8CC7-A5545856A312}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{7BFB6A2B-DF2C-4D6D-8EB3-75A8D9B191BA}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C5AC69DF-3F96-48DE-85B9-6A584B6CB94B}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Local\Temp\7zS36A0\HP.EasyStart.exe => No File FirewallRules: [TCP Query User{1AAC7C71-79DD-4726-9530-320684FEE86A}C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File FirewallRules: [UDP Query User{FFAAA1C8-2884-441F-855D-8600A71243B3}C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe] => (Allow) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File FirewallRules: [{FB517CEA-5F96-41EF-952C-705527C7A60A}] => (Block) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File FirewallRules: [{E85068A4-D7D7-4672-BA3C-B395E2C17478}] => (Block) C:\users\stephs hp elite.stephsgrayhp\appdata\local\temp\7zs7117\enterprisedu.exe => No File FirewallRules: [{3FA8652B-6458-4DD6-8006-6907801F0BF7}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{3929D66C-8335-4E52-8622-EAA234082206}] => (Allow) LPort=5357 FirewallRules: [{581F55C2-2A1A-4D45-B220-800C8FC6A346}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{11652D5D-BA1D-4708-B388-70A717334E22}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{13D5F55F-244C-48BE-80D6-6FA500151FA5}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{904DD7B1-73E5-4503-9231-7AA9B1209AF7}] => (Allow) C:\Users\Stephs HP Elite.STEPHSGRAYHP\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{60234E40-A10C-4F1C-BA6C-1801BEDEF247}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) ==================== Restore Points ========================= 07-09-2021 02:56:01 Windows Update 11-09-2021 21:38:45 Windows Update 15-09-2021 01:18:28 Windows Update 19-09-2021 01:27:16 ExpressVPN 28-09-2021 00:06:39 Removed HP Update. 28-09-2021 06:24:19 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Could not start eventlog service, could not read events. 'net' is not recognized as an internal or external command, operable program or batch file. ==================== Memory info =========================== BIOS: Hewlett-Packard 68ICF Ver. F.74 04/11/2019 Motherboard: Hewlett-Packard 179B Processor: Intel(R) Core(TM) i5-3360M CPU @ 2.80GHz Percentage of memory in use: 61% Total physical RAM: 3959.55 MB Available physical RAM: 1539.1 MB Total Virtual: 10957.7 MB Available Virtual: 8542.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:286 GB) (Free:101.94 GB) NTFS \\?\Volume{af536524-08af-11e6-9813-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{af536525-08af-11e6-9813-806e6f6e6963}\ (Recovery) (Fixed) (Total:10 GB) (Free:0.3 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 00015683) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10 GB) - (Type=27) Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================