Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 8.0 - slow performance and browser not connecting [Solved]

Started by whittakerjr , Jun 16 2020 11:52 PM
slow system browsers not connecting usb camera not seen by system

  • This topic is locked This topic is locked

#1
whittakerjr
Posted 16 June 2020 - 11:52 PM

whittakerjr

    Member

  • Member
  • PipPip
  • 79 posts

My name is Joseph; I am assisting a retired co-worker with her HP Pavilion.  She enjoys being on the computer and surfing the net and visiting sites from everywhere and visits adult sites as well.

I have been over to her home over the years to assist her with connection. Software issues, and yes equipment problems.  This time she called as asked I stop by and see why her USB camera stopped working and she could only use the built in camera.  I knew from the past dealing with her, the equipment was going to be running slow and lots of unnecessary files: ads, virus, malware, etc.

The camera is an inexpensive Logitech C720.  After a hour of working with the computer, remember it runs slow, I was able to get the camera to present a image.  That didn’t last long, I tried to down load the driver again, and then thing really went into delay.  After the download, and restarting computer, I had no icons on the desktop.  I thought nothing was going to happen, so I restarted it again.  Again, just the desktop, no icons.  I brought the computer home to work on it, I had been at her place for nearly two hours.  I did realize that the icons do appear if I leave the equipment on for a long time.  I am not able to get a browser to connect to the internet. They just go into connecting mode.

Therefore, I download the free version of Malwarebytes on my laptop and transferred to a flash drive to transfer it to her HP and ran it.  312 items detected and removed.  I thought I was on the road to recovery.  Not so.  So I am now reaching out to GeekstoGo.  Again, I used the flash drive and download to my laptop then transferred it to the HP Desktop and ran it.  The two files generate are from the HP, back to the flash then uploaded through my laptop.  I am not very familiar with Win 8.0  I have Win 10 on my laptop, and not many issues.  So finding some of the setting screens in Win 8.0 is confusing to me.

Getting the two files (Addition and FRST) to the flash drive took 10 minutes.  Neither was very big.

I am not sure how good the Sophos software is, I see it is outdated.  I am not sure how to remove it and install the Norton or MacAfee the company offers the employees to use, her being a retired employee, see qualifies to use it.

The goal my co-worker wants is the computer working so that she can Skype, run Paltak, online video chatting, e-mail, shopping and probably much more adult web sites. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by HP Pavilion (administrator) on HPPAVILION (Hewlett-Packard 20-b010) (16-06-2020 15:04:25)
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <2>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> iexplore.exe
Failed to access process -> iexplore.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2013-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2016-04-15] (Sophos Limited -> Sophos Limited)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650] => "C:\Users\HP Pavilion\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\PALTALK.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2018-05-01] (Sophos Limited -> Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2018-05-01] (Sophos Limited -> Sophos Limited)
Startup: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2019-03-21]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {145EF7F4-ECD0-4CD6-B44D-E92EFEB7BDDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1FB52299-0ADF-4B93-96B0-FFF2AF31037F} - System32\Tasks\Weekly scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [78512 2018-05-01] (Sophos Limited -> Sophos Limited)
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {426C84D3-5DF0-4CC8-9486-251CC5F877B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {5AA86FD9-432F-4868-B68D-AFCEC66FECEB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2259832 2018-10-05] (Symantec Corporation -> Symantec Corporation)
Task: {69A9BED9-2695-4FA6-ABEF-DB9C7F40DC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7604A2BD-B1C7-4591-A0BB-AFA960B6026A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1011440 2016-01-06] (Hewlett-Packard Company -> HP Inc.)
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8447F5E5-2A40-44ED-869F-2FD08F7AF3E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8CA68387-B3CC-41B5-88D5-240C7A3E7715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN49ADX0R9_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1011440 2016-01-06] (Hewlett-Packard Company -> HP Inc.)
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C02C6FF2-D7E1-456F-B94B-C4007E1F4903} - \{3572C762-1A49-A2DF-ED84-168A6500F9A0}\sync -> No File <==== ATTENTION
Task: {C2D92648-7FFA-4B4E-BE32-ABCB7F598804} - System32\Tasks\{A7827154-50C7-4867-ADFD-1E8E30D0C7A2} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA019DD0-822D-49E1-A2FF-1991CECD8F38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DCB2E700-2511-45D2-B218-AE8BA4967108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [41272 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {F863ECC9-A249-4ECA-A410-34A8490738F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Weekly scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{29B5CF79-3278-41A1-86F5-B3673D2C956F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBC4812E-DD0B-4C8B-9F7F-46C2962A294B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-176138252-3860332429-2761773572-1018 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: No Name -> {504C542D-534F-4300-76A7-7A786E7484D7} -> No File
BHO: No Name -> {504C5432-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default [2020-06-16]
CHR Notifications: Default -> hxxps://eonline.com-show.news; hxxps://internationalliving.com; hxxps://ktla.com; hxxps://mail.yahoo.com; hxxps://myemailcenter.co; hxxps://nationalweatheragency.org; hxxps://pushance.com; hxxps://search.hyourtransitinfonow.com; hxxps://searchsmart.co; hxxps://topgadgetslist.com; hxxps://wgntv.com; hxxps://www.anthropologie.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.hauntedrooms.com; hxxps://www.jdjournal.com; hxxps://www.pinterest.com; hxxps://www.wayfair.com; hxxps://www.yahoo.com; hxxps://www.youtube.com; hxxps://zooxhamster.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-16]
CHR Extension: (Norton Identity Safe) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2013-11-19] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-25] (A.V.M. SOFTWARE, INC. -> AVM Software)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [236384 2018-05-01] (Sophos Limited -> Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2018-05-01] (Sophos Limited -> Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-15] (Sophos Limited -> Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [414064 2017-08-12] (Sophos Limited -> Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2016-04-15] (Sophos Limited -> Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2018-01-26] (Sophos Limited -> Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-05] (Sophos Limited -> Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2018-05-01] (Sophos Limited -> Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3620968 2018-05-01] (Sophos Limited -> Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 Sophos Message Router; "C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [196456 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131728 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2505904 2013-12-04] (Mediatek Inc. -> Ralink Technology, Corp.)
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [204328 2018-01-26] (Sophos Limited -> Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2017-10-19] (Sophos Limited -> Sophos Limited)
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [116144 2016-04-15] (Sophos Limited -> Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2017-10-19] (Sophos Limited -> Sophos Limited)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2016-01-25] (SlimWare Utilities Inc. -> )
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2017-10-19] (Sophos Limited -> Sophos Limited)
R3 usbfilter; C:\WINDOWS\System32\drivers\usbfilter.sys [56448 2012-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S4 SymEvnt; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\SymPlatform\SymEvnt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-16 15:04 - 2020-06-16 15:06 - 000026011 _____ C:\Users\HP Pavilion\Desktop\FRST.txt
2020-06-16 15:03 - 2020-06-16 15:05 - 000000000 ____D C:\FRST
2020-06-16 14:48 - 2020-06-16 14:43 - 002289152 _____ (Farbar) C:\Users\HP Pavilion\Desktop\FRST64.exe
2020-06-16 14:25 - 2020-06-16 14:26 - 000000000 ____D C:\Users\HP Pavilion\Downloads\priortoMalware
2020-06-16 12:55 - 2020-06-01 11:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-16 12:55 - 2020-06-01 11:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-16 12:54 - 2020-06-16 12:54 - 000196456 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-16 12:54 - 2020-06-16 12:54 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-16 12:53 - 2020-06-16 12:53 - 000131728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-16 09:43 - 2020-06-16 14:03 - 000000000 ____D C:\Users\HP Pavilion\AppData\LocalLow\IGDump
2020-06-16 09:42 - 2020-06-16 09:42 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\mbam
2020-06-16 09:41 - 2020-06-16 09:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Malwarebytes
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logitech
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logishrd
2020-06-16 09:06 - 2020-06-16 09:06 - 000000000 ____D C:\Program Files\KeyboardNotification
2020-06-10 18:09 - 2020-06-10 18:09 - 000001369 _____ C:\Users\HP Pavilion\Desktop\Logitech HD Webcam C270 - Shortcut.lnk
2020-06-10 10:34 - 2020-05-27 16:06 - 022364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 10:34 - 2020-05-20 05:48 - 025755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-10 10:34 - 2020-05-20 04:00 - 020291584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 10:34 - 2020-05-09 20:17 - 014533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 10:33 - 2020-06-01 22:18 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 10:33 - 2020-06-01 21:44 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:43 - 001464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2020-06-10 10:33 - 2020-06-01 21:35 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 10:33 - 2020-06-01 21:27 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:25 - 001204736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2020-06-10 10:33 - 2020-06-01 20:59 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 10:33 - 2020-06-01 20:47 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 10:33 - 2020-05-29 19:54 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 10:33 - 2020-05-29 19:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 10:33 - 2020-05-29 18:41 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 10:33 - 2020-05-27 16:06 - 019796328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 10:33 - 2020-05-20 08:25 - 001384648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 007362312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 10:33 - 2020-05-20 08:21 - 002170784 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001662512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001062344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 001135696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 000806200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 05:27 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-10 10:33 - 2020-05-20 05:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 005499392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 10:33 - 2020-05-20 04:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 10:33 - 2020-05-20 04:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 04:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 04:44 - 001124800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001560272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001214720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 000548440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 04:39 - 000614056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 015478784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-10 10:33 - 2020-05-20 04:35 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-10 10:33 - 2020-05-20 04:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 10:33 - 2020-05-20 04:26 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 04:23 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-10 10:33 - 2020-05-20 04:12 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-10 10:33 - 2020-05-20 04:01 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 10:33 - 2020-05-20 03:53 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 03:44 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 10:33 - 2020-05-20 03:40 - 002304000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-10 10:33 - 2020-05-20 03:34 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 10:33 - 2020-05-20 03:21 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 10:33 - 2020-05-20 03:18 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 03:16 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 03:11 - 004111872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 013861888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 10:33 - 2020-05-20 03:01 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 02:47 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-10 10:33 - 2020-05-20 02:46 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 10:33 - 2020-05-13 10:49 - 001368592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-06-10 10:33 - 2020-05-12 18:23 - 000414624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 10:33 - 2020-05-12 18:23 - 000373888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 10:33 - 2020-05-12 16:37 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-12 02:47 - 000466840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 10:33 - 2020-05-12 02:46 - 000415240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 10:33 - 2020-05-11 23:42 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-10 02:24 - 001311768 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 10:33 - 2020-05-09 21:36 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-06-10 10:33 - 2020-05-09 21:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 21:15 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 10:33 - 2020-05-09 21:03 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 10:33 - 2020-05-09 20:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 20:53 - 003640320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 10:33 - 2020-05-09 20:47 - 000936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 10:33 - 2020-05-09 20:25 - 001085952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-06-10 10:33 - 2020-05-09 20:23 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-10 10:33 - 2020-05-09 20:09 - 012880384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 10:33 - 2020-05-01 07:17 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 10:33 - 2020-05-01 07:15 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 10:32 - 2020-06-01 21:50 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 10:32 - 2020-05-29 18:23 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 10:32 - 2020-05-20 04:46 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 04:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2020-06-10 10:32 - 2020-05-20 03:14 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-06-10 10:32 - 2020-05-20 03:08 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-10 10:32 - 2020-05-20 02:50 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-10 10:32 - 2020-05-09 21:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 10:32 - 2020-05-09 20:53 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-16 15:02 - 2016-01-27 10:12 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-176138252-3860332429-2761773572-1018
2020-06-16 13:21 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-16 12:57 - 2012-09-11 06:21 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-06-16 12:51 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-16 12:40 - 2013-08-22 07:44 - 000346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-16 12:40 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-16 12:22 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2020-06-16 12:06 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 12:03 - 2016-02-19 13:55 - 000003814 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2B2239C5-296B-46AF-9192-8557E01C177E}
2020-06-16 11:42 - 2014-09-24 00:15 - 000006636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-16 11:23 - 2017-03-31 23:20 - 000000000 ____D C:\Program Files\ByteFence
2020-06-16 11:20 - 2016-01-25 16:06 - 000000000 ____D C:\Users\HP Pavilion
2020-06-16 11:18 - 2014-11-01 10:29 - 000000000 ____D C:\Users\Joanne Endevoets
2020-06-16 11:15 - 2016-01-26 11:34 - 000000000 ____D C:\ProgramData\iolo
2020-06-16 11:15 - 2016-01-26 11:31 - 000000000 ____D C:\Program Files (x86)\iolo
2020-06-16 09:41 - 2016-01-25 16:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-16 09:39 - 2020-02-12 18:23 - 000000000 ____D C:\Program Files\Logitech
2020-06-16 09:39 - 2014-11-01 10:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-06-16 09:39 - 2014-02-20 18:51 - 000000000 ____D C:\ProgramData\LogiShrd
2020-06-16 09:39 - 2014-02-20 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-06-10 18:31 - 2018-11-13 19:14 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ElevatedDiagnostics
2020-06-10 18:16 - 2017-04-06 19:56 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\CrashDumps
2020-06-10 14:48 - 2018-06-09 22:26 - 000000175 _____ C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2020-06-04 08:51 - 2013-11-24 22:54 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-04 08:51 - 2013-11-24 22:54 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-04 08:51 - 2013-11-24 22:54 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-01 23:10 - 2014-09-24 00:06 - 002476032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-05-29 17:28 - 2019-04-25 19:44 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-05-29 13:37 - 2018-07-16 19:16 - 000000000 ____D C:\Program Files (x86)\Paltalk
2020-05-20 12:58 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-17 21:00 - 2016-02-04 18:36 - 000000572 _____ C:\WINDOWS\Tasks\Weekly scan.job
 
==================== Files in the root of some directories ========
 
2018-06-09 22:26 - 2020-06-10 14:48 - 000000175 _____ () C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2016-01-27 10:21 - 2016-01-27 10:21 - 000007601 _____ () C:\Users\HP Pavilion\AppData\Local\Resmon.ResmonCfg
2018-01-30 13:25 - 2019-04-16 12:51 - 000001376 _____ () C:\Users\HP Pavilion\AppData\Local\Temptoast_image.png
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2016-05-28 12:50
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by HP Pavilion (16-06-2020 15:09:20)
Running from C:\Users\HP Pavilion\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 18:42:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176138252-3860332429-2761773572-500 - Administrator - Disabled)
Guest (S-1-5-21-176138252-3860332429-2761773572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176138252-3860332429-2761773572-1003 - Limited - Enabled)
HP Pavilion (S-1-5-21-176138252-3860332429-2761773572-1018 - Administrator - Enabled) => C:\Users\HP Pavilion
SophosSAUHPPAVILION0 (S-1-5-21-176138252-3860332429-2761773572-1004 - Limited - Enabled)
SophosSAUHPPAVILION1 (S-1-5-21-176138252-3860332429-2761773572-1019 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Sophos Anti-Virus (Enabled - Out of date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Sophos Anti-Virus (Enabled - Out of date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Chromium (HKLM-x32\...\{D0E43824-8064-E9A4-31E4-9924E1644AA4}) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Paltalk Messenger  11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.673.18112 - AVM Software Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{6654537D-935E-41C0-A18A-C55C2BF77B7E}) (Version: 10.8.1.316 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.1.1 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-07] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-09-24] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-27] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2014-11-02] (Hewlett-Packard Company)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.5.1.0_x64__a76a11dkgb644 [2016-04-15] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-27] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-11-02] (Netflix, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp [2014-11-02] (Symantec Corporation)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-27] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-03] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-05-01] (Sophos Limited -> Sophos Limited)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-05-01] (Sophos Limited -> Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-05-01] (Sophos Limited -> Sophos Limited)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2018-05-01] (Sophos Limited -> Sophos Limited)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
 
==================== Loaded Modules (Whitelisted) =============
 
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:919E1F63 [123]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2020-06-16 09:34 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Control Panel\Desktop\\Wallpaper -> C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{A7F90C58-A160-4240-83CE-56A16457C12F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4AF29C28-467D-4AF5-964C-88B9D518BB55}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7F9C1ABE-99AE-44C5-9B0C-FB6A51433614}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A441C1BD-CC6A-440D-B727-6FA92314BD60}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E442E7B3-7B13-4BDA-B26D-0F28D846A538}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{EE175E9E-556D-4C29-8E52-992A95F9A6CE}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{1DA563F9-8F28-4085-9D23-2E0A03D8EC26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{D48F9F75-6B2E-4094-9051-3EEF62A29FE1}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{C668418F-047A-4B32-84B0-E819D88A70E0}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{14852894-E754-4D88-B410-E365CBD58788}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{63569EEC-DC52-4EED-8DB2-E83112C70753}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{0326EAFC-8940-43FE-9164-E4A21A402C98}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{5A430BC0-D3BD-4121-8016-8EA23C276F90}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{29A929DE-9870-4957-A906-14B5642012FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7DE345DD-8CFC-418A-B491-BB60FC69B658}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{032D7F2E-8BD8-4FB5-B9B8-29DC359F9CC8}] => (Allow) LPort=1900
FirewallRules: [{3BB36859-ADA2-4D89-98CD-2860E71A307C}] => (Allow) LPort=2869
FirewallRules: [{332A5005-E439-4970-B6C6-60D45D5DF71D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87010DB7-297E-435E-AB81-7C0757767CAC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B6D693E7-D84F-46D9-A816-DE973D437AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{261379EE-DACD-4B61-9F8A-BF6F93F7DF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27F4866A-85A9-4CBE-B396-6FD538FC22F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F0B061F-74AB-46A7-AA55-5DA60E86BD74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BC351F2-28E4-4034-87E7-0824C37ADB19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{EC3AC644-D99B-4E71-BC28-F5267E616134}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{7D4F5F8A-CC33-4EDC-B5D6-D403C3B99638}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{F4B67AD4-A7B8-4D66-B16C-EC48932EEAB7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{7ADCF208-7815-415A-9D92-206B73DA0735}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{4A062696-B8C9-4390-A128-635E39D9C62B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{80712F9E-266A-4624-A718-5375E5E67619}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{3B79185B-4625-4D45-BA5C-9F5C50301348}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{C19F3984-3DF2-4505-B50E-E2623874F167}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [TCP Query User{AC84FE58-503E-4351-8C1D-1B3550F0000F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{A8FCFB61-3A9B-49D7-B998-60FB27AE20BB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{B0241114-BEDC-46F5-BBAF-324BF2D6F0B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{40E28967-F448-403E-B197-C27ECC80F3A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E037E79-721B-450E-8F76-C30E0F5A30BC}] => (Allow) C:\Users\HP Pavilion\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{4271F037-64EC-4B93-A8FF-F51C23BB4EFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{046FC7C5-D28B-4214-90D8-A9C02E15EF71}] => (Allow) LPort=53000
FirewallRules: [{ADCC8DD5-B7D9-4077-9369-5FCE03368216}] => (Allow) LPort=52000
 
==================== Restore Points =========================
 
14-03-2020 14:22:36 Windows Update
17-04-2020 11:03:33 Windows Update
15-05-2020 11:36:32 Windows Update
16-06-2020 11:49:07 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/16/2020 02:53:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11a4
 
Start Time: 01d64427cdf2890b
 
Termination Time: 78
 
Application Path: C:\WINDOWS\explorer.exe
 
Report Id: c24d1182-b01b-11ea-bf8b-4c72b9b3dc92
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/16/2020 11:42:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/16/2020 11:42:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/16/2020 09:54:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e00
 
Start Time: 01d643fe17279f91
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe
 
Report Id: 0bdade4f-aff2-11ea-bf89-4c72b9b3dc92
 
Faulting package full name: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp
 
Faulting package-relative application ID: App
 
Error: (06/16/2020 09:42:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/16/2020 09:42:17 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/16/2020 09:04:16 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
 
Error: (06/16/2020 07:53:59 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (06/16/2020 02:43:00 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\SYSTEM32\SHELL32.DLL.
 
Error: (06/16/2020 02:25:06 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\SYSTEM32\SHELL32.DLL.
 
Error: (06/16/2020 01:56:00 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\System32\WSCLIENT.DLL.
 
Error: (06/16/2020 01:39:46 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\System32\ACPROXY.DLL.
 
Error: (06/16/2020 01:39:46 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\System32\ACPROXY.DLL.
 
Error: (06/16/2020 01:08:51 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\SYSTEM32\WERCONCPL.DLL.
 
Error: (06/16/2020 01:07:29 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\SYSTEM32\WERCONCPL.DLL.
 
Error: (06/16/2020 12:56:42 PM) (Source: SAVOnAccess) (EventID: 15) (User: )
Description: The on-access driver was unable to create an impersonation token for file \Device\HarddiskVolume4\WINDOWS\System32\CMD.EXE.
 
 
Windows Defender:
===================================
Date: 2014-02-04 17:15:55.337
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9460D5A7-484E-4AD5-A8F8-E2957D93B006}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.125
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-02-12 15:30:23.776
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-12 15:30:22.001
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 
Previous Engine Version: 2.1.14202.0
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
CodeIntegrity:
===================================
 
Date: 2018-08-24 20:29:22.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:47.586
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:13.418
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:14:23.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: AMI 8.06 09/07/2012
Motherboard: PEGATRON CORPORATION 2AF0
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3665.86 MB
Available physical RAM: 1757.48 MB
Total Virtual: 4176.47 MB
Available Virtual: 1900.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:443.06 GB) (Free:366.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.23 GB) FAT
 
\\?\Volume{d1de863d-cf84-4d64-8ee1-9cebae5d4872}\ () (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{02f74654-436d-45c5-a86d-fd54f1779603}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{6ec74e69-4ea4-4586-9114-4ec0583318ed}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1F8D9C)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 991.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=991 MB) - (Type=04)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 17 June 2020 - 03:39 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, whitakerjr.

 

I'm DR M and I will be assisting you to fix your computer's issues. :)

 

Before we move on, please take in mind the following:

1. Do not run any tool unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

2. Always ask before act. Do not continue if you are not sure, or if something unexpected happens.

3. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

 

======================================================

 

I'm currently reviewing your logs and I will be with you as soon as possible.

 

Meanwhile, you can ask your friend if she intentionally enabled notifications from the following sites:

hxxps://eonline.com-show.news; 
hxxps://internationalliving.com; 
hxxps://ktla.com; 
hxxps://mail.yahoo.com; 
hxxps://myemailcenter.co; 
hxxps://nationalweatheragency.org; 
hxxps://pushance.com; 
hxxps://search.hyourtransitinfonow.com; 
hxxps://searchsmart.co; 
hxxps://topgadgetslist.com; 
hxxps://wgntv.com; 
hxxps://www.anthropologie.com; 
hxxps://www.cnet.com; 
hxxps://www.facebook.com; 
hxxps://www.hauntedrooms.com; 
hxxps://www.jdjournal.com; 
hxxps://www.pinterest.com; 
hxxps://www.wayfair.com; 
hxxps://www.yahoo.com; 
hxxps://www.youtube.com; 
hxxps://zooxhamster.com

  • 0

#3
whittakerjr
Posted 17 June 2020 - 08:26 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Good Morning Dr. M.

 

She only clicked until the dialog box went away.  As far as the wanting the notifications pushed, she states she does not.  Sounds as she wasn't reading the dialog questions.

Also, I may have failed to tell you that the computer ran a Windows update (2 patches) yesterday.  When I got up this morning, Malwarebytes ran a scan and found PUP.Optional.ByteFence  Action: Quarantined Location: C:\PROGRAM FILES\BYTEFENCE

 

Also, I see the Internet Explorer still was trying to connect to MSN.com

 

Thanks for helping out.  


  • 0

#4
DR M
Posted 17 June 2020 - 09:01 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Thank you, Joseph.

 

I will be back to you soon.


  • 0

#5
DR M
Posted 17 June 2020 - 02:30 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi, Joseph.
 
Let's start work.
 
 
1. Uninstall programs
 
1.1. Old Java and Chromium
 
You can ask your friend if she needs Java, and if yes, you can download at the end of the cleaning procedure the latest version from here.
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Java 7 Update 45
Chromium
  • Select the programs, one by one, and click Uninstall. Note: Wait the first program to be uninstalled and then move on to uninstall the other one.
  • Restart the computer.
 
1.2. Sophos programs
 
The antivirus software is out of date and you said that you would like to uninstall it. Please, note that Windows 8.1 has an integrated antivirus program, Windows Defender, which is good enough to protect your friend during her daily computer activities. You can try, of course, other antivirus programs, like McAfee, but I would recommend you to stay with Windows Defender.
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Sophos Anti-Virus
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Sophos Anti-Virus items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.
Repeat the above procedure for the following programs:
Sophos AutoUpdate
Sophos Network Threat Protection 
Sophos Remote Management System 
Sophos System Protection
 

1.3. Norton Studio
 
No need for an other antivirus. Having more than one of those programs may conflict with each other and cause false alarms, conflicts, low performance and less protection.
  • Press the Windows key and find Norton Studio. Right click and select Uninstall.
  • Download Norton Remove and Reinstall tool. Save it on the Desktop.
  • Double-click the NRnR icon.
  • Read the license agreement, and click Agree.
  • Click Advanced Options.
  • Click Remove Only.
  • Click Remove.
  • Click Restart Now.
 
2. Remove a Chrome extension
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Norton Identity Safe, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

3. Run FRST
  • Double-click the FRST icon to run the tool as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach/upload).

  • 0

#6
DR M
Posted 20 June 2020 - 01:53 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Joseph.

 

Do you need assistance for any of the above steps? If yes, don't hesitate to ask. :)


  • 0

#7
whittakerjr
Posted 20 June 2020 - 11:04 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

My apologies, I had been looking at the web site here and did not see the response and your e-mail to my account went into Spam.   I am working on the corrections now.  I am at step 1.2  Things are going good. 


  • 0

#8
whittakerjr
Posted 20 June 2020 - 01:10 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I have completed the steps you presented.  I have noticed that the computer is much better is the restarts, as the desktop appears with the icons appearing within a reasonable time.  The big notice is that I can log in to GeektoGo from the machine.  Was using my laptop to start the outreach for assistance as I could not connect a browser to anything.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2020
Ran by HP Pavilion (administrator) on HPPAVILION (Hewlett-Packard 20-b010) (20-06-2020 11:34:20)
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2013-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\PALTALK.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe [2020-06-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2019-03-21]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {145EF7F4-ECD0-4CD6-B44D-E92EFEB7BDDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {426C84D3-5DF0-4CC8-9486-251CC5F877B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {5AA86FD9-432F-4868-B68D-AFCEC66FECEB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2259832 2018-10-05] (Symantec Corporation -> Symantec Corporation)
Task: {69A9BED9-2695-4FA6-ABEF-DB9C7F40DC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [542008 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7604A2BD-B1C7-4591-A0BB-AFA960B6026A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1011440 2016-01-06] (Hewlett-Packard Company -> HP Inc.)
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8447F5E5-2A40-44ED-869F-2FD08F7AF3E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8CA68387-B3CC-41B5-88D5-240C7A3E7715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN49ADX0R9_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1011440 2016-01-06] (Hewlett-Packard Company -> HP Inc.)
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C02C6FF2-D7E1-456F-B94B-C4007E1F4903} - \{3572C762-1A49-A2DF-ED84-168A6500F9A0}\sync -> No File <==== ATTENTION
Task: {C2D92648-7FFA-4B4E-BE32-ABCB7F598804} - System32\Tasks\{A7827154-50C7-4867-ADFD-1E8E30D0C7A2} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA019DD0-822D-49E1-A2FF-1991CECD8F38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {DCB2E700-2511-45D2-B218-AE8BA4967108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [41272 2013-11-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {F863ECC9-A249-4ECA-A410-34A8490738F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{29B5CF79-3278-41A1-86F5-B3673D2C956F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBC4812E-DD0B-4C8B-9F7F-46C2962A294B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-176138252-3860332429-2761773572-1018 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: No Name -> {504C542D-534F-4300-76A7-7A786E7484D7} -> No File
BHO: No Name -> {504C5432-2D56-3700-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default [2020-06-20]
CHR Notifications: Default -> hxxps://eonline.com-show.news; hxxps://internationalliving.com; hxxps://ktla.com; hxxps://mail.yahoo.com; hxxps://myemailcenter.co; hxxps://nationalweatheragency.org; hxxps://pushance.com; hxxps://search.hyourtransitinfonow.com; hxxps://searchsmart.co; hxxps://topgadgetslist.com; hxxps://wgntv.com; hxxps://www.anthropologie.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.hauntedrooms.com; hxxps://www.jdjournal.com; hxxps://www.pinterest.com; hxxps://www.wayfair.com; hxxps://www.yahoo.com; hxxps://www.youtube.com; hxxps://zooxhamster.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2013-11-19] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-25] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [196456 2020-06-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-20] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131728 2020-06-20] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2505904 2013-12-04] (Mediatek Inc. -> Ralink Technology, Corp.)
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [116144 2016-04-15] (Sophos Limited -> Sophos Limited)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2016-01-25] (SlimWare Utilities Inc. -> )
R3 usbfilter; C:\WINDOWS\System32\drivers\usbfilter.sys [56448 2012-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S4 SymEvnt; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\SymPlatform\SymEvnt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-20 11:34 - 2020-06-20 11:36 - 000020766 _____ C:\Users\HP Pavilion\Desktop\FRST.txt
2020-06-20 11:33 - 2020-06-20 11:33 - 000000000 ____D C:\Users\HP Pavilion\Desktop\FRST-OlderVersion
2020-06-20 11:28 - 2020-06-20 11:28 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-20 11:27 - 2020-06-20 11:27 - 000196456 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-20 11:27 - 2020-06-20 11:27 - 000131728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-20 11:03 - 2020-06-20 11:04 - 012770472 _____ (Symantec Corporation) C:\Users\HP Pavilion\Desktop\NRnR.exe
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-06-20 09:13 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2020-06-20 09:11 - 2020-06-20 09:11 - 016926296 _____ (VS Revo Group ) C:\Users\HP Pavilion\Desktop\RevoUninProSetup.exe
2020-06-16 15:03 - 2020-06-20 11:35 - 000000000 ____D C:\FRST
2020-06-16 14:48 - 2020-06-20 11:33 - 002289664 _____ (Farbar) C:\Users\HP Pavilion\Desktop\FRST64.exe
2020-06-16 14:25 - 2020-06-16 14:26 - 000000000 ____D C:\Users\HP Pavilion\Downloads\priortoMalware
2020-06-16 12:55 - 2020-06-01 11:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-16 12:55 - 2020-06-01 11:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-16 09:43 - 2020-06-20 11:28 - 000000000 ____D C:\Users\HP Pavilion\AppData\LocalLow\IGDump
2020-06-16 09:42 - 2020-06-16 09:42 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\mbam
2020-06-16 09:41 - 2020-06-16 09:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Malwarebytes
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logitech
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logishrd
2020-06-16 09:06 - 2020-06-16 09:06 - 000000000 ____D C:\Program Files\KeyboardNotification
2020-06-10 18:09 - 2020-06-10 18:09 - 000001369 _____ C:\Users\HP Pavilion\Desktop\Logitech HD Webcam C270 - Shortcut.lnk
2020-06-10 10:34 - 2020-05-27 16:06 - 022364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 10:34 - 2020-05-20 05:48 - 025755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-10 10:34 - 2020-05-20 04:00 - 020291584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 10:34 - 2020-05-09 20:17 - 014533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 10:33 - 2020-06-01 22:18 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 10:33 - 2020-06-01 21:44 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:43 - 001464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2020-06-10 10:33 - 2020-06-01 21:35 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 10:33 - 2020-06-01 21:27 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:25 - 001204736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2020-06-10 10:33 - 2020-06-01 20:59 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 10:33 - 2020-06-01 20:47 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 10:33 - 2020-05-29 19:54 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 10:33 - 2020-05-29 19:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 10:33 - 2020-05-29 18:41 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 10:33 - 2020-05-27 16:06 - 019796328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 10:33 - 2020-05-20 08:25 - 001384648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 007362312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 10:33 - 2020-05-20 08:21 - 002170784 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001662512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001062344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 001135696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 000806200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 05:27 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-10 10:33 - 2020-05-20 05:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 005499392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 10:33 - 2020-05-20 04:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 10:33 - 2020-05-20 04:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 04:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 04:44 - 001124800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001560272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001214720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 000548440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 04:39 - 000614056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 015478784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-10 10:33 - 2020-05-20 04:35 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-10 10:33 - 2020-05-20 04:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 10:33 - 2020-05-20 04:26 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 04:23 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-10 10:33 - 2020-05-20 04:12 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-10 10:33 - 2020-05-20 04:01 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 10:33 - 2020-05-20 03:53 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 03:44 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 10:33 - 2020-05-20 03:40 - 002304000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-10 10:33 - 2020-05-20 03:34 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 10:33 - 2020-05-20 03:21 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 10:33 - 2020-05-20 03:18 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 03:16 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 03:11 - 004111872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 013861888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 10:33 - 2020-05-20 03:01 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 02:47 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-10 10:33 - 2020-05-20 02:46 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 10:33 - 2020-05-13 10:49 - 001368592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-06-10 10:33 - 2020-05-12 18:23 - 000414624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 10:33 - 2020-05-12 18:23 - 000373888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 10:33 - 2020-05-12 16:37 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-12 02:47 - 000466840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 10:33 - 2020-05-12 02:46 - 000415240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 10:33 - 2020-05-11 23:42 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-10 02:24 - 001311768 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 10:33 - 2020-05-09 21:36 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-06-10 10:33 - 2020-05-09 21:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 21:15 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 10:33 - 2020-05-09 21:03 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 10:33 - 2020-05-09 20:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 20:53 - 003640320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 10:33 - 2020-05-09 20:47 - 000936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 10:33 - 2020-05-09 20:25 - 001085952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-06-10 10:33 - 2020-05-09 20:23 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-10 10:33 - 2020-05-09 20:09 - 012880384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 10:33 - 2020-05-01 07:17 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 10:33 - 2020-05-01 07:15 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 10:32 - 2020-06-01 21:50 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 10:32 - 2020-05-29 18:23 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 10:32 - 2020-05-20 04:46 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 04:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2020-06-10 10:32 - 2020-05-20 03:14 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-06-10 10:32 - 2020-05-20 03:08 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-10 10:32 - 2020-05-20 02:50 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-10 10:32 - 2020-05-09 21:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 10:32 - 2020-05-09 20:53 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-20 11:32 - 2016-01-27 10:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-176138252-3860332429-2761773572-1018
2020-06-20 11:32 - 2012-09-11 06:21 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-06-20 11:26 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-20 11:16 - 2017-04-06 19:56 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\CrashDumps
2020-06-20 11:10 - 2013-08-22 06:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2020-06-20 11:09 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-20 11:07 - 2012-09-11 07:22 - 000000000 ____D C:\ProgramData\Norton
2020-06-20 10:53 - 2013-11-05 18:38 - 000000000 ____D C:\ProgramData\Sophos
2020-06-20 10:53 - 2013-11-05 18:38 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-06-20 10:22 - 2016-04-15 14:01 - 000000000 ____D C:\Program Files\Sophos
2020-06-20 05:27 - 2016-02-19 13:55 - 000003814 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2B2239C5-296B-46AF-9192-8557E01C177E}
2020-06-17 13:15 - 2013-11-24 22:54 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-17 13:15 - 2013-11-24 22:54 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-17 13:15 - 2013-11-24 22:54 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-17 07:14 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-16 13:21 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-16 12:40 - 2013-08-22 07:44 - 000346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-16 12:22 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2020-06-16 12:06 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 11:42 - 2014-09-24 00:15 - 000006636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-16 11:20 - 2016-01-25 16:06 - 000000000 ____D C:\Users\HP Pavilion
2020-06-16 11:18 - 2014-11-01 10:29 - 000000000 ____D C:\Users\Joanne Endevoets
2020-06-16 11:15 - 2016-01-26 11:34 - 000000000 ____D C:\ProgramData\iolo
2020-06-16 11:15 - 2016-01-26 11:31 - 000000000 ____D C:\Program Files (x86)\iolo
2020-06-16 09:41 - 2016-01-25 16:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-16 09:39 - 2020-02-12 18:23 - 000000000 ____D C:\Program Files\Logitech
2020-06-16 09:39 - 2014-11-01 10:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-06-16 09:39 - 2014-02-20 18:51 - 000000000 ____D C:\ProgramData\LogiShrd
2020-06-16 09:39 - 2014-02-20 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-06-10 18:31 - 2018-11-13 19:14 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ElevatedDiagnostics
2020-06-10 14:48 - 2018-06-09 22:26 - 000000175 _____ C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2020-06-01 23:10 - 2014-09-24 00:06 - 002476032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-05-29 17:28 - 2019-04-25 19:44 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-05-29 13:37 - 2018-07-16 19:16 - 000000000 ____D C:\Program Files (x86)\Paltalk
 
==================== Files in the root of some directories ========
 
2018-06-09 22:26 - 2020-06-10 14:48 - 000000175 _____ () C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2016-01-27 10:21 - 2016-01-27 10:21 - 000007601 _____ () C:\Users\HP Pavilion\AppData\Local\Resmon.ResmonCfg
2018-01-30 13:25 - 2019-04-16 12:51 - 000001376 _____ () C:\Users\HP Pavilion\AppData\Local\Temptoast_image.png
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2016-05-28 12:50
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2020
Ran by HP Pavilion (20-06-2020 11:37:45)
Running from C:\Users\HP Pavilion\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 18:42:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176138252-3860332429-2761773572-500 - Administrator - Disabled)
Guest (S-1-5-21-176138252-3860332429-2761773572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176138252-3860332429-2761773572-1003 - Limited - Enabled)
HP Pavilion (S-1-5-21-176138252-3860332429-2761773572-1018 - Administrator - Enabled) => C:\Users\HP Pavilion
SophosSAUHPPAVILION0 (S-1-5-21-176138252-3860332429-2761773572-1004 - Limited - Enabled)
SophosSAUHPPAVILION1 (S-1-5-21-176138252-3860332429-2761773572-1019 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.106 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Paltalk Messenger  11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.673.18112 - AVM Software Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-07] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-09-24] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-27] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2014-11-02] (Hewlett-Packard Company)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.5.1.0_x64__a76a11dkgb644 [2016-04-15] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-27] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-11-02] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-27] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-03] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
 
==================== Loaded Modules (Whitelisted) =============
 
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:919E1F63 [123]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2020-06-16 09:34 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Control Panel\Desktop\\Wallpaper -> C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{A7F90C58-A160-4240-83CE-56A16457C12F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4AF29C28-467D-4AF5-964C-88B9D518BB55}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7F9C1ABE-99AE-44C5-9B0C-FB6A51433614}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{A441C1BD-CC6A-440D-B727-6FA92314BD60}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E442E7B3-7B13-4BDA-B26D-0F28D846A538}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{EE175E9E-556D-4C29-8E52-992A95F9A6CE}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{1DA563F9-8F28-4085-9D23-2E0A03D8EC26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{D48F9F75-6B2E-4094-9051-3EEF62A29FE1}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{C668418F-047A-4B32-84B0-E819D88A70E0}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{14852894-E754-4D88-B410-E365CBD58788}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{63569EEC-DC52-4EED-8DB2-E83112C70753}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{0326EAFC-8940-43FE-9164-E4A21A402C98}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{5A430BC0-D3BD-4121-8016-8EA23C276F90}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{29A929DE-9870-4957-A906-14B5642012FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7DE345DD-8CFC-418A-B491-BB60FC69B658}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{032D7F2E-8BD8-4FB5-B9B8-29DC359F9CC8}] => (Allow) LPort=1900
FirewallRules: [{3BB36859-ADA2-4D89-98CD-2860E71A307C}] => (Allow) LPort=2869
FirewallRules: [{332A5005-E439-4970-B6C6-60D45D5DF71D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87010DB7-297E-435E-AB81-7C0757767CAC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B6D693E7-D84F-46D9-A816-DE973D437AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{261379EE-DACD-4B61-9F8A-BF6F93F7DF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27F4866A-85A9-4CBE-B396-6FD538FC22F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F0B061F-74AB-46A7-AA55-5DA60E86BD74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BC351F2-28E4-4034-87E7-0824C37ADB19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{EC3AC644-D99B-4E71-BC28-F5267E616134}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{7D4F5F8A-CC33-4EDC-B5D6-D403C3B99638}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{F4B67AD4-A7B8-4D66-B16C-EC48932EEAB7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{7ADCF208-7815-415A-9D92-206B73DA0735}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{4A062696-B8C9-4390-A128-635E39D9C62B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{80712F9E-266A-4624-A718-5375E5E67619}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{3B79185B-4625-4D45-BA5C-9F5C50301348}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{C19F3984-3DF2-4505-B50E-E2623874F167}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [TCP Query User{AC84FE58-503E-4351-8C1D-1B3550F0000F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{A8FCFB61-3A9B-49D7-B998-60FB27AE20BB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{B0241114-BEDC-46F5-BBAF-324BF2D6F0B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{40E28967-F448-403E-B197-C27ECC80F3A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C91A5827-D74E-4BC1-8543-5C5B1DA9A50B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{84C1159B-F3E8-49A8-B4C6-7E85FEE300A3}] => (Allow) LPort=53000
FirewallRules: [{3FC94080-1E8D-4FE8-8EFA-7E372AED5604}] => (Allow) LPort=52000
 
==================== Restore Points =========================
 
14-03-2020 14:22:36 Windows Update
17-04-2020 11:03:33 Windows Update
15-05-2020 11:36:32 Windows Update
16-06-2020 11:49:07 Windows Update
20-06-2020 08:46:08 Removed Java 7 Update 45
20-06-2020 09:21:59 Revo Uninstaller Pro's restore point - Sophos Anti-Virus
20-06-2020 09:24:02 Removed Sophos Anti-Virus
20-06-2020 10:02:29 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:16:28 Revo Uninstaller Pro's restore point - Sophos Network Threat Protection
20-06-2020 10:33:44 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:42:48 Revo Uninstaller Pro's restore point - Sophos Remote Management System
20-06-2020 10:46:21 Removed Sophos Remote Management System
20-06-2020 10:51:41 Revo Uninstaller Pro's restore point - Sophos System Protection
20-06-2020 10:52:19 Removed Sophos System Protection
 
==================== Faulty Device Manager Devices ============
 
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Surface
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/20/2020 11:11:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig-2.exe, version: 1.0.0.27, time stamp: 0x5d9e0573
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19678, time stamp: 0x5e82c0f7
Exception code: 0xc0000142
Fault offset: 0x0009d452
Faulting process id: 0xe4c
Faulting application start time: 0x01d6472e46e80327
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe
Faulting module path: KERNELBASE.dll
Report Id: 87e09379-b321-11ea-bf92-4c72b9b3dc92
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/20/2020 10:42:43 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {50726b78-88a7-4acf-8549-81eba0afcc2e}
 
Error: (06/20/2020 10:33:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fdb95a36-ea1d-4612-9c14-516864d4b374}
 
Error: (06/20/2020 10:14:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {54001616-1607-4da6-ac9f-88ff7c75767e}
 
Error: (06/20/2020 09:59:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b17dfecb-0cca-42c8-b0d9-4d01b3ae9c3a}
 
Error: (06/20/2020 09:21:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b8509b95-bda0-4655-ad9e-c9242372c42f}
 
Error: (06/20/2020 07:24:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1859
 
Error: (06/20/2020 07:24:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1859
 
 
System errors:
=============
Error: (06/20/2020 11:31:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (06/20/2020 11:26:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/20/2020 11:22:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (06/20/2020 11:17:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/20/2020 11:16:36 AM) (Source: DCOM) (EventID: 10010) (User: HPPavilion)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (06/20/2020 11:16:35 AM) (Source: DCOM) (EventID: 10010) (User: HPPavilion)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (06/20/2020 11:15:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (06/20/2020 11:10:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
This driver has been blocked from loading
 
 
Windows Defender:
===================================
Date: 2014-02-04 17:15:55.337
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9460D5A7-484E-4AD5-A8F8-E2957D93B006}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.125
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-02-12 15:30:23.776
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-12 15:30:22.001
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 
Previous Engine Version: 2.1.14202.0
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
CodeIntegrity:
===================================
 
Date: 2018-08-24 20:29:22.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:47.586
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:13.418
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:14:23.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: AMI 8.06 09/07/2012
Motherboard: PEGATRON CORPORATION 2AF0
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3665.86 MB
Available physical RAM: 1987.93 MB
Total Virtual: 4065.86 MB
Available Virtual: 2438.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:443.06 GB) (Free:364.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{d1de863d-cf84-4d64-8ee1-9cebae5d4872}\ () (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{02f74654-436d-45c5-a86d-fd54f1779603}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{6ec74e69-4ea4-4586-9114-4ec0583318ed}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1F8D9C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#9
DR M
Posted 21 June 2020 - 09:58 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Joseph.

It's good to know that the computer started to work better. But we have a lot to do yet. Please, follow the instructions below:


1. Delete Sophos accounts

  • In the Search area type Control Panel.
  • Choose the Control Panel from the items appeared.
  • In View by Category mode, choose Users Accounts.
  • Choose Users Accounts.
  • Manage another account.
  • Choose the following accounts one by one and delete them.
SophosSAUHPPAVILION0
SophosSAUHPPAVILION1
  • Follow the instructions, and restart the computer every time you delete an account.

 

2. Uninstall these out of date programs

These Adobe products are out of date. You have to uninstall them and install later the most recent versions from here: Shockwave Player and Flash Player

To uninstall the old versions, please do the following:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Adobe Flash Player 20 NPAPI
Adobe Shockwave Player 12.0
  • Select the programs, one by one, and click Uninstall. Note: Wait the first program to be uninstalled and then move on to uninstall the other one.
  • Restart the computer.

 

3. Run an FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy". No need to paste anything to anywhere.
Start::
CloseProcesses:
CreateRestorePoint:
HKU\S-0-0-00-000000000-3860332429-0000000000-0000\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5AA86FD9-432F-4868-B68D-AFCEC66FECEB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [0000000 0000-00-00] (Symantec Corporation -> Symantec Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C02C6FF2-D7E1-456F-B94B-C4007E1F4903} - \{3572C762-1A49-A2DF-ED84-168A6500F9A0}\sync -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/000-000000-00000-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/000-000000-00000-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-0-0-00-000000000-3860332429-0000000000-0000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {504C542D-534F-4300-76A7-7A786E7484D7} -> No File
BHO: No Name -> {504C5432-2D56-3700-76A7-7A786E7484D7} -> No File
CHR Notifications: Default -> hxxps://eonline.com-show.news; hxxps://internationalliving.com; hxxps://ktla.com; hxxps://mail.yahoo.com; hxxps://myemailcenter.co; hxxps://nationalweatheragency.org; hxxps://pushance.com; hxxps://search.hyourtransitinfonow.com; hxxps://searchsmart.co; hxxps://topgadgetslist.com; hxxps://wgntv.com; hxxps://www.anthropologie.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.hauntedrooms.com; hxxps://www.jdjournal.com; hxxps://www.pinterest.com; hxxps://www.wayfair.com; hxxps://www.yahoo.com; hxxps://www.youtube.com; hxxps://zooxhamster.com
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [000000 0000-00-00] (Sophos Limited -> Sophos Limited)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [00000 0000-00-00] (SlimWare Utilities Inc. -> )
S4 SymEvnt; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\SymPlatform\SymEvnt.sys [X]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:919E1F63 [123]
HKU\S-0-0-00-000000000-3860332429-0000000000-0000\...\StartupApproved\Run: => "Chromium"
FirewallRules: [UDP Query User{A7F90C58-A160-4240-83CE-56A16457C12F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4AF29C28-467D-4AF5-964C-88B9D518BB55}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7F9C1ABE-99AE-44C5-9B0C-FB6A51433614}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{A441C1BD-CC6A-440D-B727-6FA92314BD60}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [{8BC351F2-28E4-4034-87E7-0824C37ADB19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{EC3AC644-D99B-4E71-BC28-F5267E616134}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{7D4F5F8A-CC33-4EDC-B5D6-D403C3B99638}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{F4B67AD4-A7B8-4D66-B16C-EC48932EEAB7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{7ADCF208-7815-415A-9D92-206B73DA0735}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{4A062696-B8C9-4390-A128-635E39D9C62B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{80712F9E-266A-4624-A718-5375E5E67619}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{3B79185B-4625-4D45-BA5C-9F5C50301348}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
c:\users\hp pavilion\appdata\local\chromium
C:\Program Files\Common Files\AV\Norton Security
C:\WINDOWS\system32\DRIVERS\sntp.sys
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
C:\Program Files (x86)\Norton Security
C:\ProgramData\Norton
C:\ProgramData\Sophos
C:\Program Files (x86)\Sophos
C:\Program Files\Sophos
C:\program files (x86)\java
C:\Program Files (x86)\McAfee
Hosts:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

4. Run MBAM (Scan mode)

  • Double click on Malwarebytes icon to open the program you already downloaded.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) is unchecked.
Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

5. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

In your next reply, please make sure to post:

  • The Fixlog.txt content
  • The MBAM report
  • AdwCleaner[S0*].txt

  • 0

#10
whittakerjr
Posted 21 June 2020 - 11:01 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Yikes, I am having troubles.  When I get to manage Accounts, I only have HP Pavilion Local Account Administrator and Guest Guest Account is off.  I feel that I am in the wrong spot to delete SophosSAUHPPAVILION0 and 

SophosSAUHPPAVILION1.  The options to delete or manage I do not find.  Should I be in the Manage Accounts or delete applications?


  • 0

Advertisements

#11
whittakerjr
Posted 22 June 2020 - 09:10 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
 
The three requested file, you are awesome, other than me not finding the two profiles, everything is been smooth with you.  I do hope you enjoyed the Sunday, it was a Father's Day celebration here in the United States.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2020
Ran by HP Pavilion (21-06-2020 22:44:37) Run:1
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKU\S-0-0-00-000000000-3860332429-0000000000-0000\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5AA86FD9-432F-4868-B68D-AFCEC66FECEB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [0000000 0000-00-00] (Symantec Corporation -> Symantec Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C02C6FF2-D7E1-456F-B94B-C4007E1F4903} - \{3572C762-1A49-A2DF-ED84-168A6500F9A0}\sync -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/000-000000-00000-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> {84B29D74-CDD6-47A8-9ECE-278809800D63} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/000-000000-00000-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-0-0-00-000000000-3860332429-0000000000-0000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {504C542D-534F-4300-76A7-7A786E7484D7} -> No File
BHO: No Name -> {504C5432-2D56-3700-76A7-7A786E7484D7} -> No File
CHR Notifications: Default -> hxxps://eonline.com-show.news; hxxps://internationalliving.com; hxxps://ktla.com; hxxps://mail.yahoo.com; hxxps://myemailcenter.co; hxxps://nationalweatheragency.org; hxxps://pushance.com; hxxps://search.hyourtransitinfonow.com; hxxps://searchsmart.co; hxxps://topgadgetslist.com; hxxps://wgntv.com; hxxps://www.anthropologie.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.hauntedrooms.com; hxxps://www.jdjournal.com; hxxps://www.pinterest.com; hxxps://www.wayfair.com; hxxps://www.yahoo.com; hxxps://www.youtube.com; hxxps://zooxhamster.com
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [000000 0000-00-00] (Sophos Limited -> Sophos Limited)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [00000 0000-00-00] (SlimWare Utilities Inc. -> )
S4 SymEvnt; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\SymPlatform\SymEvnt.sys [X]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:919E1F63 [123]
HKU\S-0-0-00-000000000-3860332429-0000000000-0000\...\StartupApproved\Run: => "Chromium"
FirewallRules: [UDP Query User{A7F90C58-A160-4240-83CE-56A16457C12F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4AF29C28-467D-4AF5-964C-88B9D518BB55}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7F9C1ABE-99AE-44C5-9B0C-FB6A51433614}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [TCP Query User{A441C1BD-CC6A-440D-B727-6FA92314BD60}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe => No File
FirewallRules: [{8BC351F2-28E4-4034-87E7-0824C37ADB19}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{EC3AC644-D99B-4E71-BC28-F5267E616134}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{7D4F5F8A-CC33-4EDC-B5D6-D403C3B99638}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{F4B67AD4-A7B8-4D66-B16C-EC48932EEAB7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{7ADCF208-7815-415A-9D92-206B73DA0735}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{4A062696-B8C9-4390-A128-635E39D9C62B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{80712F9E-266A-4624-A718-5375E5E67619}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
FirewallRules: [{3B79185B-4625-4D45-BA5C-9F5C50301348}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe => No File
c:\users\hp pavilion\appdata\local\chromium
C:\Program Files\Common Files\AV\Norton Security
C:\WINDOWS\system32\DRIVERS\sntp.sys
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
C:\Program Files (x86)\Norton Security
C:\ProgramData\Norton
C:\ProgramData\Sophos
C:\Program Files (x86)\Sophos
C:\Program Files\Sophos
C:\program files (x86)\java
C:\Program Files (x86)\McAfee
Hosts:
EmptyTemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKU\S-0-0-00-000000000-3860332429-0000000000-0000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AA86FD9-432F-4868-B68D-AFCEC66FECEB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AA86FD9-432F-4868-B68D-AFCEC66FECEB}" => removed successfully
C:\WINDOWS\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02C6FF2-D7E1-456F-B94B-C4007E1F4903}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02C6FF2-D7E1-456F-B94B-C4007E1F4903}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3572C762-1A49-A2DF-ED84-168A6500F9A0}\sync" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84B29D74-CDD6-47A8-9ECE-278809800D63} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84B29D74-CDD6-47A8-9ECE-278809800D63} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => removed successfully
"HKU\S-0-0-00-000000000-3860332429-0000000000-0000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{504C542D-534F-4300-76A7-7A786E7484D7} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{504C5432-2D56-3700-76A7-7A786E7484D7} => removed successfully
"Chrome Notifications" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
sntp => Unable to stop service.
HKLM\System\CurrentControlSet\Services\sntp => removed successfully
sntp => service removed successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
HKLM\System\CurrentControlSet\Services\SymEvnt => removed successfully
SymEvnt => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => removed successfully
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\ProgramData\Temp => ":919E1F63" ADS removed successfully
"HKU\S-0-0-00-000000000-3860332429-0000000000-0000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => not found
"HKU\S-0-0-00-000000000-3860332429-0000000000-0000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A7F90C58-A160-4240-83CE-56A16457C12F}C:\program files (x86)\java\jre7\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4AF29C28-467D-4AF5-964C-88B9D518BB55}C:\program files (x86)\java\jre7\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7F9C1ABE-99AE-44C5-9B0C-FB6A51433614}C:\program files (x86)\java\jre7\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A441C1BD-CC6A-440D-B727-6FA92314BD60}C:\program files (x86)\java\jre7\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BC351F2-28E4-4034-87E7-0824C37ADB19}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC3AC644-D99B-4E71-BC28-F5267E616134}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D4F5F8A-CC33-4EDC-B5D6-D403C3B99638}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4B67AD4-A7B8-4D66-B16C-EC48932EEAB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7ADCF208-7815-415A-9D92-206B73DA0735}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A062696-B8C9-4390-A128-635E39D9C62B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80712F9E-266A-4624-A718-5375E5E67619}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B79185B-4625-4D45-BA5C-9F5C50301348}" => removed successfully
"c:\users\hp pavilion\appdata\local\chromium" => not found
C:\Program Files\Common Files\AV\Norton Security => moved successfully
C:\WINDOWS\system32\DRIVERS\sntp.sys => moved successfully
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys => moved successfully
"C:\Program Files (x86)\Norton Security" => not found
C:\ProgramData\Norton => moved successfully
C:\ProgramData\Sophos => moved successfully
C:\Program Files (x86)\Sophos => moved successfully
C:\Program Files\Sophos => moved successfully
"C:\program files (x86)\java" => not found
C:\Program Files (x86)\McAfee => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 97223407 B
Java, Flash, Steam htmlcache => 7624 B
Windows/system/drivers => 5702131435 B
Edge => 0 B
Chrome => 189562470 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 309419 B
systemprofile32 => 1293736 B
LocalService => 6276325 B
NetworkService => 7268329 B
Joanne Endevoets => 2296528158 B
HP Pavilion => 3948719821 B
 
RecycleBin => 373878971 B
EmptyTemp: => 11.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:01:33 ====
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/22/20
Scan Time: 7:12 AM
Log File: 6cf78d94-b492-11ea-9b51-4c72b9b3dc92.json
 
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.25867
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: HPPavilion\HP Pavilion
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288133
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 21 min, 26 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build:    05-25-2020
# Database: 2020-06-15.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-22-2020
# Duration: 00:01:09
# OS:       Windows 8.1
# Scanned:  31836
# Detected: 120
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\Users\Joanne Endevoets\AppData\Local\Downloaded Installers
PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.Legacy             C:\extensions
PUP.Optional.SlimCleanerPlus    C:\Users\Joanne Endevoets\AppData\Local\slimware utilities inc
Rogue.ForcedExtension           C:\ProgramData\apn
Trojan.Agent                    C:\Users\Joanne Endevoets\AppData\LocalLow\iac
Trojan.Agent                    C:\Users\Joanne Endevoets\AppData\Local\iac
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\END
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\APN PIP
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy             HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D321341397
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D341731497
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F463
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F497
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E563
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E597
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52463
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52497
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C517C4F4B3147AB4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Yahoo\Companion
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.MyWebSearch        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
PUP.Optional.MyWebSearch        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{372eeec9-39a0-4a17-a53b-3a65e9ee555c}
PUP.Optional.MyWebSearch        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805d473c-939f-40b1-a43d-5bc2b25c2bae}
PUP.Optional.MyWebSearch        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb548c84-4ea2-4790-807a-fdf5f7f5aa96}
PUP.Optional.MyWebSearch        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c48aea59-780e-43e0-a3a8-aad34b635d07}
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.TheBrightTag       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT 
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} 
Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243} 
Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} 
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 
Preinstalled.HPHealthCheck   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK 
Preinstalled.HPHealthCheck   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F} 
Preinstalled.HPMediaSmart   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\MEDIA\WEBCAM 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA} 
Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\HP Pavilion\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Joanne Endevoets\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Joanne Endevoets\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} 
Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

  • 0

#12
DR M
Posted 22 June 2020 - 09:18 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Thanks for the logs, Joseph! I will check them and be back to you.
 
As for the accounts issue, we will deal with it.
 

I do hope you enjoyed the Sunday, it was a Father's Day celebration here in the United States.

 

Thank you. I hope you enjoyed the day too. 21st of June is also the World Music Day. :)


  • 0

#13
DR M
Posted 25 June 2020 - 05:09 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Joseph.

 

I apologize for this delay. I hope your friend has enough patience. :)

The fixlog went well. Although Malwarebytes found nothing, AdwCleaner detected, among many potentially unwanted programs (PUPs), a rogue and two trojan agents.

 

Please proceed to the following:

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in the Registry and in the Files and Folders sessions are PUPs, which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under "Preinstalled Software" is software that was apparently installed when the device was new, which your friend may or may not use. Examples of these programs: CyberLinkLabelPrint, HPHealthCheck, HPSupportAssistant,LenovoPower2Go, WildTangentGamesBundle. You may ask her if she uses any of them and feel free to keep or remove them.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please select all the items found and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Eset online scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

In your next reply, please post:

  • AdwCleaner[C0*].txt
  • ESET report
  • FRST and Addition logs

 


  • 0

#14
whittakerjr
Posted 25 June 2020 - 06:39 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

No worry on being a bit slow at getting back.  I know you have lots in your life and appreciate that you are willing to share your skills and knowledge.

 

My friend doesn't have a choice with me.  She keeps calling me and my time is valuable too.  Therefore she needs to wait today as I don't want to revisit this issue in a week or two.

 

Here are the reports.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build:    05-25-2020
# Database: 2020-06-15.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-25-2020
# Duration: 00:01:23
# OS:       Windows 8.1
# Cleaned:  120
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\apn
Deleted       C:\Users\Joanne Endevoets\AppData\LocalLow\iac
Deleted       C:\Users\Joanne Endevoets\AppData\Local\Downloaded Installers
Deleted       C:\Users\Joanne Endevoets\AppData\Local\iac
Deleted       C:\Users\Joanne Endevoets\AppData\Local\slimware utilities inc
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\extensions
 
***** [ Files ] *****
 
Deleted       C:\END
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\APN PIP
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dogpile.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted       HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted       HKLM\Software\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
Deleted       HKLM\Software\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Deleted       HKLM\Software\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
Deleted       HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted       HKLM\Software\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Deleted       HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted       HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted       HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D321341397
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51797D341731497
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F463
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B55F497
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E563
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61B74E597
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52463
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C51799E61BB52497
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D473A7943363D7C517C4F4B3147AB4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c6319b9-312c-4bdf-b75e-e9dd16ae0f1c}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{372eeec9-39a0-4a17-a53b-3a65e9ee555c}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805d473c-939f-40b1-a43d-5bc2b25c2bae}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bb548c84-4ea2-4790-807a-fdf5f7f5aa96}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c48aea59-780e-43e0-a3a8-aad34b635d07}
Deleted       HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted       HKLM\Software\Wow6432Node\Yahoo\Companion
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{62271480-66D1-42D0-A818-BE5E65C56FA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{891DFD94-5982-46EC-9B4D-1E86B07F33F2}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted       HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.CyberLinkLabelPrint   Folder   C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkLabelPrint   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted       Preinstalled.HPHealthCheck   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Deleted       Preinstalled.HPHealthCheck   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted       Preinstalled.HPMediaSmart   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\MEDIA\WEBCAM
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\HP Pavilion\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Joanne Endevoets\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Joanne Endevoets\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [16667 octets] - [22/06/2020 07:51:43]
AdwCleaner[S01].txt - [16729 octets] - [25/06/2020 11:31:34]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
6/25/2020 16:48:23 PM
Files scanned: 489961
Detected files: 20
Cleaned files: 20
Total scan time 04:39:57
Scan status: Finished
 
 
C:\Config.msi\2444d.rbf a variant of Win32/Bundled.Toolbar.Ask.V potentially unsafe application cleaned by deleting
C:\Config.msi\24450.rbf a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\Users\Joanne Endevoets\AppData\LocalLow\BillPayAlert_9sEI\Installr\Cache\017C944A.exe a variant of Win32/Toolbar.MyWebSearch.R potentially unwanted application cleaned by deleting
C:\Users\Joanne Endevoets\AppData\LocalLow\Sun\Java\jre1.7.0_51\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted
C:\Users\Joanne Endevoets\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\apnmcp_exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\SearchHook_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\ServiceLocator_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\SO_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\TBNHlpr_x64_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\TBNotifier_exe a variant of Win32/Bundled.Toolbar.Ask.S potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\ToolbarPS_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\toolbar_dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\toolbar_dll_x64 a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\Toolbar_exe a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\$PatchCache$\Managed\3545C405D205143545007A857BC05200\12.37.0\UpdateManager_exe a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\2a1cd.msi a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application deleted
C:\WINDOWS\Installer\303e1.msi a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application deleted
C:\WINDOWS\Installer\MSI67C7.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\WINDOWS\Installer\MSI6BE.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by HP Pavilion (administrator) on HPPAVILION (Hewlett-Packard 20-b010) (25-06-2020 16:54:42)
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\System32\WirelessKB850NotificationService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2013-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\PALTALK.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2019-03-21]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {145EF7F4-ECD0-4CD6-B44D-E92EFEB7BDDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {426C84D3-5DF0-4CC8-9486-251CC5F877B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {69A9BED9-2695-4FA6-ABEF-DB9C7F40DC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7604A2BD-B1C7-4591-A0BB-AFA960B6026A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8447F5E5-2A40-44ED-869F-2FD08F7AF3E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8CA68387-B3CC-41B5-88D5-240C7A3E7715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN49ADX0R9_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9B50E759-DC50-4D5E-9238-094637C3F75D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {BD0AA599-1290-4C17-8F27-F39B7AED26EB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C2D92648-7FFA-4B4E-BE32-ABCB7F598804} - System32\Tasks\{A7827154-50C7-4867-ADFD-1E8E30D0C7A2} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA019DD0-822D-49E1-A2FF-1991CECD8F38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {DCB2E700-2511-45D2-B218-AE8BA4967108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe
Task: {F863ECC9-A249-4ECA-A410-34A8490738F8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{29B5CF79-3278-41A1-86F5-B3673D2C956F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBC4812E-DD0B-4C8B-9F7F-46C2962A294B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKU\S-1-5-21-176138252-3860332429-2761773572-1018 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default [2020-06-25]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-16]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2013-11-19] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-25] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [196456 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131728 2020-06-25] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2505904 2013-12-04] (Mediatek Inc. -> Ralink Technology, Corp.)
R3 usbfilter; C:\WINDOWS\System32\drivers\usbfilter.sys [56448 2012-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-25 16:54 - 2020-06-25 16:58 - 000016386 _____ C:\Users\HP Pavilion\Desktop\FRST.txt
2020-06-25 16:49 - 2020-06-25 16:50 - 000003732 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-06-25 16:49 - 2020-06-25 16:50 - 000003292 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-06-25 16:49 - 2020-06-25 16:49 - 000006872 _____ C:\Users\HP Pavilion\Desktop\eset.txt
2020-06-25 11:53 - 2020-06-25 11:53 - 000000565 _____ C:\Users\HP Pavilion\Desktop\ESET Online Scanner.lnk
2020-06-25 11:53 - 2020-06-25 11:53 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ESET
2020-06-25 11:52 - 2020-06-25 11:52 - 000196456 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-25 11:51 - 2020-06-25 11:52 - 014827616 _____ (ESET spol. s r.o.) C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe
2020-06-25 11:48 - 2020-06-25 11:48 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-25 11:47 - 2020-06-25 11:47 - 000131728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-22 07:49 - 2020-06-25 11:42 - 000000000 ____D C:\AdwCleaner
2020-06-22 07:47 - 2020-06-22 07:48 - 008402608 _____ (Malwarebytes) C:\Users\HP Pavilion\Desktop\AdwCleaner.exe
2020-06-21 22:44 - 2020-06-21 23:01 - 000019112 _____ C:\Users\HP Pavilion\Desktop\Fixlog.txt
2020-06-20 11:33 - 2020-06-25 16:53 - 000000000 ____D C:\Users\HP Pavilion\Desktop\FRST-OlderVersion
2020-06-20 11:03 - 2020-06-20 11:04 - 012770472 _____ (Symantec Corporation) C:\Users\HP Pavilion\Desktop\NRnR.exe
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-06-20 09:13 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2020-06-20 09:11 - 2020-06-20 09:11 - 016926296 _____ (VS Revo Group ) C:\Users\HP Pavilion\Desktop\RevoUninProSetup.exe
2020-06-16 15:03 - 2020-06-25 16:56 - 000000000 ____D C:\FRST
2020-06-16 14:48 - 2020-06-25 16:53 - 002290688 _____ (Farbar) C:\Users\HP Pavilion\Desktop\FRST64.exe
2020-06-16 14:25 - 2020-06-16 14:26 - 000000000 ____D C:\Users\HP Pavilion\Downloads\priortoMalware
2020-06-16 12:55 - 2020-06-01 11:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-16 12:55 - 2020-06-01 11:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-16 09:43 - 2020-06-25 11:47 - 000000000 ____D C:\Users\HP Pavilion\AppData\LocalLow\IGDump
2020-06-16 09:42 - 2020-06-16 09:42 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\mbam
2020-06-16 09:41 - 2020-06-16 09:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Malwarebytes
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logitech
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logishrd
2020-06-16 09:06 - 2020-06-16 09:06 - 000000000 ____D C:\Program Files\KeyboardNotification
2020-06-10 18:09 - 2020-06-10 18:09 - 000001369 _____ C:\Users\HP Pavilion\Desktop\Logitech HD Webcam C270 - Shortcut.lnk
2020-06-10 10:34 - 2020-05-27 16:06 - 022364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 10:34 - 2020-05-20 05:48 - 025755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-10 10:34 - 2020-05-20 04:00 - 020291584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 10:34 - 2020-05-09 20:17 - 014533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 10:33 - 2020-06-01 22:18 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 10:33 - 2020-06-01 21:44 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:43 - 001464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2020-06-10 10:33 - 2020-06-01 21:35 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 10:33 - 2020-06-01 21:27 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:25 - 001204736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2020-06-10 10:33 - 2020-06-01 20:59 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 10:33 - 2020-06-01 20:47 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 10:33 - 2020-05-29 19:54 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 10:33 - 2020-05-29 19:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 10:33 - 2020-05-29 18:41 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 10:33 - 2020-05-27 16:06 - 019796328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 10:33 - 2020-05-20 08:25 - 001384648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 007362312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 10:33 - 2020-05-20 08:21 - 002170784 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001662512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001062344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 001135696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 000806200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 05:27 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-10 10:33 - 2020-05-20 05:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 005499392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 10:33 - 2020-05-20 04:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 10:33 - 2020-05-20 04:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 04:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 04:44 - 001124800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001560272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001214720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 000548440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 04:39 - 000614056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 015478784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-10 10:33 - 2020-05-20 04:35 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-10 10:33 - 2020-05-20 04:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 10:33 - 2020-05-20 04:26 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 04:23 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-10 10:33 - 2020-05-20 04:12 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-10 10:33 - 2020-05-20 04:01 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 10:33 - 2020-05-20 03:53 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 03:44 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 10:33 - 2020-05-20 03:40 - 002304000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-10 10:33 - 2020-05-20 03:34 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 10:33 - 2020-05-20 03:21 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 10:33 - 2020-05-20 03:18 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 03:16 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 03:11 - 004111872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 013861888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 10:33 - 2020-05-20 03:01 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 02:47 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-10 10:33 - 2020-05-20 02:46 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 10:33 - 2020-05-13 10:49 - 001368592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-06-10 10:33 - 2020-05-12 18:23 - 000414624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 10:33 - 2020-05-12 18:23 - 000373888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 10:33 - 2020-05-12 16:37 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-12 02:47 - 000466840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 10:33 - 2020-05-12 02:46 - 000415240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 10:33 - 2020-05-11 23:42 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-10 02:24 - 001311768 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 10:33 - 2020-05-09 21:36 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-06-10 10:33 - 2020-05-09 21:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 21:15 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 10:33 - 2020-05-09 21:03 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 10:33 - 2020-05-09 20:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 20:53 - 003640320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 10:33 - 2020-05-09 20:47 - 000936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 10:33 - 2020-05-09 20:25 - 001085952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-06-10 10:33 - 2020-05-09 20:23 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-10 10:33 - 2020-05-09 20:09 - 012880384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 10:33 - 2020-05-01 07:17 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 10:33 - 2020-05-01 07:15 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 10:32 - 2020-06-01 21:50 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 10:32 - 2020-05-29 18:23 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 10:32 - 2020-05-20 04:46 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 04:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2020-06-10 10:32 - 2020-05-20 03:14 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-06-10 10:32 - 2020-05-20 03:08 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-10 10:32 - 2020-05-20 02:50 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-10 10:32 - 2020-05-09 21:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 10:32 - 2020-05-09 20:53 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-25 16:38 - 2016-01-27 10:12 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-176138252-3860332429-2761773572-1018
2020-06-25 11:52 - 2012-09-11 06:21 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-06-25 11:46 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-25 11:43 - 2012-09-11 06:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-06-25 11:43 - 2012-08-16 20:14 - 000000000 _RSHD C:\hp
2020-06-25 11:42 - 2016-01-25 16:08 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 17:57 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Local\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 15:11 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2012-09-11 06:33 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-06-25 06:35 - 2013-11-24 22:54 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-25 06:24 - 2016-02-19 13:55 - 000003814 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2B2239C5-296B-46AF-9192-8557E01C177E}
2020-06-21 22:46 - 2018-11-13 17:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2020-06-21 22:46 - 2017-04-13 16:40 - 000000000 ____D C:\Program Files\Common Files\AV
2020-06-21 22:39 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-21 22:37 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-21 03:15 - 2017-04-06 19:56 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\CrashDumps
2020-06-20 11:10 - 2013-08-22 06:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2020-06-20 11:09 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-16 13:21 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-16 12:40 - 2013-08-22 07:44 - 000346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-16 12:22 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2020-06-16 12:06 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 11:42 - 2014-09-24 00:15 - 000006636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-16 11:20 - 2016-01-25 16:06 - 000000000 ____D C:\Users\HP Pavilion
2020-06-16 11:18 - 2014-11-01 10:29 - 000000000 ____D C:\Users\Joanne Endevoets
2020-06-16 11:15 - 2016-01-26 11:34 - 000000000 ____D C:\ProgramData\iolo
2020-06-16 11:15 - 2016-01-26 11:31 - 000000000 ____D C:\Program Files (x86)\iolo
2020-06-16 09:41 - 2016-01-25 16:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-16 09:39 - 2020-02-12 18:23 - 000000000 ____D C:\Program Files\Logitech
2020-06-16 09:39 - 2014-11-01 10:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-06-16 09:39 - 2014-02-20 18:51 - 000000000 ____D C:\ProgramData\LogiShrd
2020-06-16 09:39 - 2014-02-20 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-06-10 18:31 - 2018-11-13 19:14 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ElevatedDiagnostics
2020-06-10 14:48 - 2018-06-09 22:26 - 000000175 _____ C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2020-06-01 23:10 - 2014-09-24 00:06 - 002476032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-05-29 17:28 - 2019-04-25 19:44 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-05-29 13:37 - 2018-07-16 19:16 - 000000000 ____D C:\Program Files (x86)\Paltalk
 
==================== Files in the root of some directories ========
 
2018-06-09 22:26 - 2020-06-10 14:48 - 000000175 _____ () C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2016-01-27 10:21 - 2016-01-27 10:21 - 000007601 _____ () C:\Users\HP Pavilion\AppData\Local\Resmon.ResmonCfg
2018-01-30 13:25 - 2019-04-16 12:51 - 000001376 _____ () C:\Users\HP Pavilion\AppData\Local\Temptoast_image.png
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2016-05-28 12:50

==================== End of FRST.txt ========================.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by HP Pavilion (25-06-2020 16:59:53)
Running from C:\Users\HP Pavilion\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 18:42:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176138252-3860332429-2761773572-500 - Administrator - Disabled)
Guest (S-1-5-21-176138252-3860332429-2761773572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176138252-3860332429-2761773572-1003 - Limited - Enabled)
HP Pavilion (S-1-5-21-176138252-3860332429-2761773572-1018 - Administrator - Enabled) => C:\Users\HP Pavilion
SophosSAUHPPAVILION0 (S-1-5-21-176138252-3860332429-2761773572-1004 - Limited - Enabled)
SophosSAUHPPAVILION1 (S-1-5-21-176138252-3860332429-2761773572-1019 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Paltalk Messenger  11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.673.18112 - AVM Software Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-07] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-09-24] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-27] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2014-11-02] (Hewlett-Packard Company)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.5.1.0_x64__a76a11dkgb644 [2016-04-15] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-27] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-11-02] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-27] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-03] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
 
==================== Loaded Modules (Whitelisted) =============
 
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2020-06-21 22:46 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Control Panel\Desktop\\Wallpaper -> C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E442E7B3-7B13-4BDA-B26D-0F28D846A538}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{EE175E9E-556D-4C29-8E52-992A95F9A6CE}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{1DA563F9-8F28-4085-9D23-2E0A03D8EC26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{D48F9F75-6B2E-4094-9051-3EEF62A29FE1}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{C668418F-047A-4B32-84B0-E819D88A70E0}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{14852894-E754-4D88-B410-E365CBD58788}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{63569EEC-DC52-4EED-8DB2-E83112C70753}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{0326EAFC-8940-43FE-9164-E4A21A402C98}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{5A430BC0-D3BD-4121-8016-8EA23C276F90}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{29A929DE-9870-4957-A906-14B5642012FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7DE345DD-8CFC-418A-B491-BB60FC69B658}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{032D7F2E-8BD8-4FB5-B9B8-29DC359F9CC8}] => (Allow) LPort=1900
FirewallRules: [{3BB36859-ADA2-4D89-98CD-2860E71A307C}] => (Allow) LPort=2869
FirewallRules: [{332A5005-E439-4970-B6C6-60D45D5DF71D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87010DB7-297E-435E-AB81-7C0757767CAC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B6D693E7-D84F-46D9-A816-DE973D437AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{261379EE-DACD-4B61-9F8A-BF6F93F7DF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27F4866A-85A9-4CBE-B396-6FD538FC22F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F0B061F-74AB-46A7-AA55-5DA60E86BD74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C19F3984-3DF2-4505-B50E-E2623874F167}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [TCP Query User{AC84FE58-503E-4351-8C1D-1B3550F0000F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{A8FCFB61-3A9B-49D7-B998-60FB27AE20BB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{B0241114-BEDC-46F5-BBAF-324BF2D6F0B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{40E28967-F448-403E-B197-C27ECC80F3A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FBA5429D-8BA2-4085-BDD5-F7E2BDB1C1B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ED652A72-4D1E-49DE-B320-41B8C525C688}] => (Allow) LPort=53000
FirewallRules: [{AA1FB840-8EB3-447A-AB9E-08CB50261463}] => (Allow) LPort=52000
 
==================== Restore Points =========================
 
14-03-2020 14:22:36 Windows Update
17-04-2020 11:03:33 Windows Update
15-05-2020 11:36:32 Windows Update
16-06-2020 11:49:07 Windows Update
20-06-2020 08:46:08 Removed Java 7 Update 45
20-06-2020 09:21:59 Revo Uninstaller Pro's restore point - Sophos Anti-Virus
20-06-2020 09:24:02 Removed Sophos Anti-Virus
20-06-2020 10:02:29 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:16:28 Revo Uninstaller Pro's restore point - Sophos Network Threat Protection
20-06-2020 10:33:44 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:42:48 Revo Uninstaller Pro's restore point - Sophos Remote Management System
20-06-2020 10:46:21 Removed Sophos Remote Management System
20-06-2020 10:51:41 Revo Uninstaller Pro's restore point - Sophos System Protection
20-06-2020 10:52:19 Removed Sophos System Protection
21-06-2020 22:44:51 Restore Point Created by FRST
25-06-2020 11:41:37 AdwCleaner_BeforeCleaning_25/06/2020_11:41:29
 
==================== Faulty Device Manager Devices ============
 
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Surface
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1766
 
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1766
 
Error: (06/22/2020 11:22:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/21/2020 10:44:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22d69efa-d8cb-457c-901a-5a8482f882ec}
 
Error: (06/21/2020 10:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.890, time stamp: 0x5e4bfca6
Faulting module name: MBAMShim.dll_unloaded, version: 3.0.0.1032, time stamp: 0x5ed1802b
Exception code: 0xc0000005
Fault offset: 0x0000000000007690
Faulting process id: 0xa0c
Faulting application start time: 0x01d647306bbc641b
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: MBAMShim.dll
Report Id: 383dda57-b449-11ea-bf94-4c72b9b3dc92
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234
 
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234
 
Error: (06/21/2020 05:14:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/25/2020 11:55:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/25/2020 11:55:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
 
Error: (06/25/2020 11:55:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/25/2020 11:55:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
 
Error: (06/25/2020 11:55:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (06/25/2020 11:55:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HPPAVI~1\AppData\Local\Temp\ehdrv.sys
 
Error: (06/25/2020 11:51:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/25/2020 11:51:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
 
Windows Defender:
===================================
Date: 2014-02-04 17:15:55.337
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9460D5A7-484E-4AD5-A8F8-E2957D93B006}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.125
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-02-12 15:30:23.776
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-12 15:30:22.001
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 
Previous Engine Version: 2.1.14202.0
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
CodeIntegrity:
===================================
 
Date: 2018-08-24 20:29:22.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:47.586
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:13.418
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:14:23.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: AMI 8.06 09/07/2012
Motherboard: PEGATRON CORPORATION 2AF0
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3665.86 MB
Available physical RAM: 1780.36 MB
Total Virtual: 4065.86 MB
Available Virtual: 2148.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:443.06 GB) (Free:370.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{d1de863d-cf84-4d64-8ee1-9cebae5d4872}\ () (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{02f74654-436d-45c5-a86d-fd54f1779603}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{6ec74e69-4ea4-4586-9114-4ec0583318ed}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1F8D9C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#15
DR M
Posted 27 June 2020 - 12:30 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Joseph.

Some questions, comments and new instructions:

1. Malwarebytes question

In the instructions about using Malwarebytes before, I asked you to uncheck the option under the title Windows Security Center. Have you done this? If not, please do so.


2. About Windows Live Essentials

As for Windows Live Essentials installed in the computer, have in mind that it is no longer supported by Microsoft. The package includes several applications, e.g. Windows Live Mail which is discontinued since November 2014. Windows 10 have other similar applications. Mail, for example, is an email client built in Windows 10. Of course, there are many other free email clients, if your friend wants to have one, and there is also the option of send and receive email via browser. You can ask her about what she needs.

If she decides to uninstall Live Essentials:

  • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
  • Type appwiz.cpl in the window open and click OK.
  • In the list of programs look for the program listed below, right-click the entry and click Uninstall. 
    Windows Live Essentials
  • Select all the programs included in the package.
  • Restart the computer.

After that, she can set up her email in the Mail applications (Start > Mail) or do whatever she decides about mail.


3. PalTalk

Ask your friend if the program worked fine. There are some indications in the logs that the program may be damaged or have missing files. If the program isn't working, let me know and we can reinstall it later.


4. Sophos accounts

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command lines, one by one, and press Enter after each to execute them:
net user SophosSAUHPPAVILION0 /DELETE
net user SophosSAUHPPAVILION1 /DELETE
  • Restart the computer.

 

5. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

How is the computer now? Any obvious issue?

 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: slow system, browsers not connecting, usb camera not seen by system

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP