No worry on being a bit slow at getting back. I know you have lots in your life and appreciate that you are willing to share your skills and knowledge.
My friend doesn't have a choice with me. She keeps calling me and my time is valuable too. Therefore she needs to wait today as I don't want to revisit this issue in a week or two.
Here are the reports.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-15.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-25-2020
# Duration: 00:01:23
# OS: Windows 8.1
# Cleaned: 120
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\apn
Deleted C:\Users\Joanne Endevoets\AppData\LocalLow\iac
Deleted C:\Users\Joanne Endevoets\AppData\Local\Downloaded Installers
Deleted C:\Users\Joanne Endevoets\AppData\Local\iac
Deleted C:\Users\Joanne Endevoets\AppData\Local\slimware utilities inc
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\extensions
***** [ Files ] *****
Deleted C:\END
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
Deleted HKLM\Software\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Deleted HKLM\Software\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
Deleted HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Deleted HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D321341397
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D341731497
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F463
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F497
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E563
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E597
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52463
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52497
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C517C4F4B3147AB4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{372eeec9-39a0-4a17-a53b-3a65e9ee555c}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805d473c-939f-40b1-a43d-5bc2b25c2bae}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb548c84-4ea2-4790-807a-fdf5f7f5aa96}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c48aea59-780e-43e0-a3a8-aad34b635d07}
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Deleted Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted Preinstalled.HPMediaSmart Folder C:\Program Files (x86)\HEWLETT-PACKARD\MEDIA\WEBCAM
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\HP Pavilion\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Joanne Endevoets\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Joanne Endevoets\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [16667 octets] - [22/06/2020 07:51:43]
AdwCleaner[S01].txt - [16729 octets] - [25/06/2020 11:31:34]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
6/25/2020 16:48:23 PM
Files scanned: 489961
Detected files: 20
Cleaned files: 20
Total scan time 04:39:57
Scan status: Finished
C:\Config.msi\2444d.rbf a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\Config.msi\24450.rbf a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\Users\Joanne Endevoets\AppData\LocalLow\BillPayAlert_9sEI\Installr\Cache\017C944A.exe a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application cleaned by deleting
C:\Users\Joanne Endevoets\AppData\LocalLow\Sun\Java\jre1.7.0_51\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted
C:\Users\Joanne Endevoets\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\apnmcp_exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\SearchHook_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\ServiceLocator_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\SO_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\TBNHlpr_x64_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\TBNotifier_exe a variant of Win32/Bundled.Toolbar.Ask.S potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\ToolbarPS_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\toolbar_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\toolbar_dll_x64 a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\Toolbar_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\UpdateManager_exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\2a1cd.msi a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application deleted
C:\WINDOWS\Installer\303e1.msi a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application deleted
C:\WINDOWS\Installer\MSI67C7.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\MSI6BE.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by HP Pavilion (administrator) on HPPAVILION (Hewlett-Packard 20-b010) (25-06-2020 16:54:42)
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\System32\WirelessKB850NotificationService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2013-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\PALTALK.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2019-03-21]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {145EF7F4-ECD0-4CD6-B44D-E92EFEB7BDDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {426C84D3-5DF0-4CC8-9486-251CC5F877B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {69A9BED9-2695-4FA6-ABEF-DB9C7F40DC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7604A2BD-B1C7-4591-A0BB-AFA960B6026A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8447F5E5-2A40-44ED-869F-2FD08F7AF3E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8CA68387-B3CC-41B5-88D5-240C7A3E7715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN49ADX0R9_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9B50E759-DC50-4D5E-9238-094637C3F75D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {BD0AA599-1290-4C17-8F27-F39B7AED26EB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C2D92648-7FFA-4B4E-BE32-ABCB7F598804} - System32\Tasks\{A7827154-50C7-4867-ADFD-1E8E30D0C7A2} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA019DD0-822D-49E1-A2FF-1991CECD8F38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {DCB2E700-2511-45D2-B218-AE8BA4967108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe
Task: {F863ECC9-A249-4ECA-A410-34A8490738F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{29B5CF79-3278-41A1-86F5-B3673D2C956F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBC4812E-DD0B-4C8B-9F7F-46C2962A294B}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKU\S-1-5-21-176138252-3860332429-2761773572-1018 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
FireFox:
========
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default [2020-06-25]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-16]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2013-11-19] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-25] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [196456 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131728 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2505904 2013-12-04] (Mediatek Inc. -> Ralink Technology, Corp.)
R3 usbfilter; C:\WINDOWS\System32\drivers\usbfilter.sys [56448 2012-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-25 16:54 - 2020-06-25 16:58 - 000016386 _____ C:\Users\HP Pavilion\Desktop\FRST.txt
2020-06-25 16:49 - 2020-06-25 16:50 - 000003732 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-06-25 16:49 - 2020-06-25 16:50 - 000003292 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-06-25 16:49 - 2020-06-25 16:49 - 000006872 _____ C:\Users\HP Pavilion\Desktop\eset.txt
2020-06-25 11:53 - 2020-06-25 11:53 - 000000565 _____ C:\Users\HP Pavilion\Desktop\ESET Online Scanner.lnk
2020-06-25 11:53 - 2020-06-25 11:53 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ESET
2020-06-25 11:52 - 2020-06-25 11:52 - 000196456 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-25 11:51 - 2020-06-25 11:52 - 014827616 _____ (ESET spol. s r.o.) C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe
2020-06-25 11:48 - 2020-06-25 11:48 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-25 11:47 - 2020-06-25 11:47 - 000131728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-22 07:49 - 2020-06-25 11:42 - 000000000 ____D C:\AdwCleaner
2020-06-22 07:47 - 2020-06-22 07:48 - 008402608 _____ (Malwarebytes) C:\Users\HP Pavilion\Desktop\AdwCleaner.exe
2020-06-21 22:44 - 2020-06-21 23:01 - 000019112 _____ C:\Users\HP Pavilion\Desktop\Fixlog.txt
2020-06-20 11:33 - 2020-06-25 16:53 - 000000000 ____D C:\Users\HP Pavilion\Desktop\FRST-OlderVersion
2020-06-20 11:03 - 2020-06-20 11:04 - 012770472 _____ (Symantec Corporation) C:\Users\HP Pavilion\Desktop\NRnR.exe
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-06-20 09:13 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2020-06-20 09:11 - 2020-06-20 09:11 - 016926296 _____ (VS Revo Group ) C:\Users\HP Pavilion\Desktop\RevoUninProSetup.exe
2020-06-16 15:03 - 2020-06-25 16:56 - 000000000 ____D C:\FRST
2020-06-16 14:48 - 2020-06-25 16:53 - 002290688 _____ (Farbar) C:\Users\HP Pavilion\Desktop\FRST64.exe
2020-06-16 14:25 - 2020-06-16 14:26 - 000000000 ____D C:\Users\HP Pavilion\Downloads\priortoMalware
2020-06-16 12:55 - 2020-06-01 11:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-16 12:55 - 2020-06-01 11:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-16 09:43 - 2020-06-25 11:47 - 000000000 ____D C:\Users\HP Pavilion\AppData\LocalLow\IGDump
2020-06-16 09:42 - 2020-06-16 09:42 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\mbam
2020-06-16 09:41 - 2020-06-16 09:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Malwarebytes
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logitech
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logishrd
2020-06-16 09:06 - 2020-06-16 09:06 - 000000000 ____D C:\Program Files\KeyboardNotification
2020-06-10 18:09 - 2020-06-10 18:09 - 000001369 _____ C:\Users\HP Pavilion\Desktop\Logitech HD Webcam C270 - Shortcut.lnk
2020-06-10 10:34 - 2020-05-27 16:06 - 022364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 10:34 - 2020-05-20 05:48 - 025755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-10 10:34 - 2020-05-20 04:00 - 020291584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 10:34 - 2020-05-09 20:17 - 014533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 10:33 - 2020-06-01 22:18 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 10:33 - 2020-06-01 21:44 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:43 - 001464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2020-06-10 10:33 - 2020-06-01 21:35 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 10:33 - 2020-06-01 21:27 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:25 - 001204736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2020-06-10 10:33 - 2020-06-01 20:59 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 10:33 - 2020-06-01 20:47 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 10:33 - 2020-05-29 19:54 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 10:33 - 2020-05-29 19:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 10:33 - 2020-05-29 18:41 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 10:33 - 2020-05-27 16:06 - 019796328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 10:33 - 2020-05-20 08:25 - 001384648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 007362312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 10:33 - 2020-05-20 08:21 - 002170784 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001662512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001062344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 001135696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 000806200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 05:27 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-10 10:33 - 2020-05-20 05:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 005499392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 10:33 - 2020-05-20 04:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 10:33 - 2020-05-20 04:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 04:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 04:44 - 001124800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001560272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001214720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 000548440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 04:39 - 000614056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 015478784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-10 10:33 - 2020-05-20 04:35 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-10 10:33 - 2020-05-20 04:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 10:33 - 2020-05-20 04:26 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 04:23 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-10 10:33 - 2020-05-20 04:12 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-10 10:33 - 2020-05-20 04:01 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 10:33 - 2020-05-20 03:53 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 03:44 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 10:33 - 2020-05-20 03:40 - 002304000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-10 10:33 - 2020-05-20 03:34 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 10:33 - 2020-05-20 03:21 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 10:33 - 2020-05-20 03:18 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 03:16 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 03:11 - 004111872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 013861888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 10:33 - 2020-05-20 03:01 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 02:47 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-10 10:33 - 2020-05-20 02:46 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 10:33 - 2020-05-13 10:49 - 001368592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-06-10 10:33 - 2020-05-12 18:23 - 000414624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 10:33 - 2020-05-12 18:23 - 000373888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 10:33 - 2020-05-12 16:37 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-12 02:47 - 000466840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 10:33 - 2020-05-12 02:46 - 000415240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 10:33 - 2020-05-11 23:42 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-10 02:24 - 001311768 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 10:33 - 2020-05-09 21:36 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-06-10 10:33 - 2020-05-09 21:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 21:15 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 10:33 - 2020-05-09 21:03 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 10:33 - 2020-05-09 20:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 20:53 - 003640320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 10:33 - 2020-05-09 20:47 - 000936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 10:33 - 2020-05-09 20:25 - 001085952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-06-10 10:33 - 2020-05-09 20:23 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-10 10:33 - 2020-05-09 20:09 - 012880384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 10:33 - 2020-05-01 07:17 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 10:33 - 2020-05-01 07:15 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 10:32 - 2020-06-01 21:50 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 10:32 - 2020-05-29 18:23 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 10:32 - 2020-05-20 04:46 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 04:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2020-06-10 10:32 - 2020-05-20 03:14 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-06-10 10:32 - 2020-05-20 03:08 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-10 10:32 - 2020-05-20 02:50 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-10 10:32 - 2020-05-09 21:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 10:32 - 2020-05-09 20:53 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-25 16:38 - 2016-01-27 10:12 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-176138252-3860332429-2761773572-1018
2020-06-25 11:52 - 2012-09-11 06:21 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-06-25 11:46 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-25 11:43 - 2012-09-11 06:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-06-25 11:43 - 2012-08-16 20:14 - 000000000 _RSHD C:\hp
2020-06-25 11:42 - 2016-01-25 16:08 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 17:57 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Local\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 15:11 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2012-09-11 06:33 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-06-25 06:35 - 2013-11-24 22:54 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-25 06:24 - 2016-02-19 13:55 - 000003814 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2B2239C5-296B-46AF-9192-8557E01C177E}
2020-06-21 22:46 - 2018-11-13 17:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2020-06-21 22:46 - 2017-04-13 16:40 - 000000000 ____D C:\Program Files\Common Files\AV
2020-06-21 22:39 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-21 22:37 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-21 03:15 - 2017-04-06 19:56 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\CrashDumps
2020-06-20 11:10 - 2013-08-22 06:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2020-06-20 11:09 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-16 13:21 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-16 12:40 - 2013-08-22 07:44 - 000346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-16 12:22 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2020-06-16 12:06 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 11:42 - 2014-09-24 00:15 - 000006636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-16 11:20 - 2016-01-25 16:06 - 000000000 ____D C:\Users\HP Pavilion
2020-06-16 11:18 - 2014-11-01 10:29 - 000000000 ____D C:\Users\Joanne Endevoets
2020-06-16 11:15 - 2016-01-26 11:34 - 000000000 ____D C:\ProgramData\iolo
2020-06-16 11:15 - 2016-01-26 11:31 - 000000000 ____D C:\Program Files (x86)\iolo
2020-06-16 09:41 - 2016-01-25 16:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-16 09:39 - 2020-02-12 18:23 - 000000000 ____D C:\Program Files\Logitech
2020-06-16 09:39 - 2014-11-01 10:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-06-16 09:39 - 2014-02-20 18:51 - 000000000 ____D C:\ProgramData\LogiShrd
2020-06-16 09:39 - 2014-02-20 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-06-10 18:31 - 2018-11-13 19:14 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ElevatedDiagnostics
2020-06-10 14:48 - 2018-06-09 22:26 - 000000175 _____ C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2020-06-01 23:10 - 2014-09-24 00:06 - 002476032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-05-29 17:28 - 2019-04-25 19:44 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-05-29 13:37 - 2018-07-16 19:16 - 000000000 ____D C:\Program Files (x86)\Paltalk
==================== Files in the root of some directories ========
2018-06-09 22:26 - 2020-06-10 14:48 - 000000175 _____ () C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2016-01-27 10:21 - 2016-01-27 10:21 - 000007601 _____ () C:\Users\HP Pavilion\AppData\Local\Resmon.ResmonCfg
2018-01-30 13:25 - 2019-04-16 12:51 - 000001376 _____ () C:\Users\HP Pavilion\AppData\Local\Temptoast_image.png
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2016-05-28 12:50
==================== End of FRST.txt ========================.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by HP Pavilion (25-06-2020 16:59:53)
Running from C:\Users\HP Pavilion\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 18:42:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-176138252-3860332429-2761773572-500 - Administrator - Disabled)
Guest (S-1-5-21-176138252-3860332429-2761773572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176138252-3860332429-2761773572-1003 - Limited - Enabled)
HP Pavilion (S-1-5-21-176138252-3860332429-2761773572-1018 - Administrator - Enabled) => C:\Users\HP Pavilion
SophosSAUHPPAVILION0 (S-1-5-21-176138252-3860332429-2761773572-1004 - Limited - Enabled)
SophosSAUHPPAVILION1 (S-1-5-21-176138252-3860332429-2761773572-1019 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.673.18112 - AVM Software Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-07] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-09-24] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-27] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2014-11-02] (Hewlett-Packard Company)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.5.1.0_x64__a76a11dkgb644 [2016-04-15] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-27] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-11-02] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-27] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-03] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
==================== Loaded Modules (Whitelisted) =============
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2020-06-21 22:46 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Control Panel\Desktop\\Wallpaper -> C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{E442E7B3-7B13-4BDA-B26D-0F28D846A538}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{EE175E9E-556D-4C29-8E52-992A95F9A6CE}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{1DA563F9-8F28-4085-9D23-2E0A03D8EC26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{D48F9F75-6B2E-4094-9051-3EEF62A29FE1}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{C668418F-047A-4B32-84B0-E819D88A70E0}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{14852894-E754-4D88-B410-E365CBD58788}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{63569EEC-DC52-4EED-8DB2-E83112C70753}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{0326EAFC-8940-43FE-9164-E4A21A402C98}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{5A430BC0-D3BD-4121-8016-8EA23C276F90}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{29A929DE-9870-4957-A906-14B5642012FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7DE345DD-8CFC-418A-B491-BB60FC69B658}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{032D7F2E-8BD8-4FB5-B9B8-29DC359F9CC8}] => (Allow) LPort=1900
FirewallRules: [{3BB36859-ADA2-4D89-98CD-2860E71A307C}] => (Allow) LPort=2869
FirewallRules: [{332A5005-E439-4970-B6C6-60D45D5DF71D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87010DB7-297E-435E-AB81-7C0757767CAC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B6D693E7-D84F-46D9-A816-DE973D437AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{261379EE-DACD-4B61-9F8A-BF6F93F7DF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27F4866A-85A9-4CBE-B396-6FD538FC22F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F0B061F-74AB-46A7-AA55-5DA60E86BD74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C19F3984-3DF2-4505-B50E-E2623874F167}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [TCP Query User{AC84FE58-503E-4351-8C1D-1B3550F0000F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{A8FCFB61-3A9B-49D7-B998-60FB27AE20BB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{B0241114-BEDC-46F5-BBAF-324BF2D6F0B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{40E28967-F448-403E-B197-C27ECC80F3A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FBA5429D-8BA2-4085-BDD5-F7E2BDB1C1B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ED652A72-4D1E-49DE-B320-41B8C525C688}] => (Allow) LPort=53000
FirewallRules: [{AA1FB840-8EB3-447A-AB9E-08CB50261463}] => (Allow) LPort=52000
==================== Restore Points =========================
14-03-2020 14:22:36 Windows Update
17-04-2020 11:03:33 Windows Update
15-05-2020 11:36:32 Windows Update
16-06-2020 11:49:07 Windows Update
20-06-2020 08:46:08 Removed Java 7 Update 45
20-06-2020 09:21:59 Revo Uninstaller Pro's restore point - Sophos Anti-Virus
20-06-2020 09:24:02 Removed Sophos Anti-Virus
20-06-2020 10:02:29 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:16:28 Revo Uninstaller Pro's restore point - Sophos Network Threat Protection
20-06-2020 10:33:44 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:42:48 Revo Uninstaller Pro's restore point - Sophos Remote Management System
20-06-2020 10:46:21 Removed Sophos Remote Management System
20-06-2020 10:51:41 Revo Uninstaller Pro's restore point - Sophos System Protection
20-06-2020 10:52:19 Removed Sophos System Protection
21-06-2020 22:44:51 Restore Point Created by FRST
25-06-2020 11:41:37 AdwCleaner_BeforeCleaning_25/06/2020_11:41:29
==================== Faulty Device Manager Devices ============
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Surface
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: ========================
Application errors:
==================
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1766
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1766
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/21/2020 10:44:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {22d69efa-d8cb-457c-901a-5a8482f882ec}
Error: (06/21/2020 10:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.890, time stamp: 0x5e4bfca6
Faulting module name: MBAMShim.dll_unloaded, version: 3.0.0.1032, time stamp: 0x5ed1802b
Exception code: 0xc0000005
Fault offset: 0x0000000000007690
Faulting process id: 0xa0c
Faulting application start time: 0x01d647306bbc641b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: MBAMShim.dll
Report Id: 383dda57-b449-11ea-bf94-4c72b9b3dc92
Faulting package full name:
Faulting package-relative application ID:
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/25/2020 11:55:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/25/2020 11:55:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
Error: (06/25/2020 11:55:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/25/2020 11:55:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
Error: (06/25/2020 11:55:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (06/25/2020 11:55:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
Error: (06/25/2020 11:51:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/25/2020 11:51:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
Windows Defender:
===================================
Date: 2014-02-04 17:15:55.337
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9460D5A7-484E-4AD5-A8F8-E2957D93B006}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-05-01 12:46:46.126
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-05-01 12:46:46.126
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-05-01 12:46:46.125
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2018-02-12 15:30:23.776
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2018-02-12 15:30:22.001
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version: 2.1.14202.0
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
CodeIntegrity:
===================================
Date: 2018-08-24 20:29:22.725
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-24 20:15:47.586
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-24 20:15:13.418
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-24 20:14:23.690
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI 8.06 09/07/2012
Motherboard: PEGATRON CORPORATION 2AF0
Processor: AMD E1-1200 APU with Radeon HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3665.86 MB
Available physical RAM: 1780.36 MB
Total Virtual: 4065.86 MB
Available Virtual: 2148.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:443.06 GB) (Free:370.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{d1de863d-cf84-4d64-8ee1-9cebae5d4872}\ () (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{02f74654-436d-45c5-a86d-fd54f1779603}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{6ec74e69-4ea4-4586-9114-4ec0583318ed}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1F8D9C)
Partition: GPT.
==================== End of Addition.txt =======================