Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dogpile Being Redirected When "Forum" Is Typed.

Started by smittyd , Jan 04 2021 12:09 AM

  • Please log in to reply

#31
RKinner
Posted 07 January 2021 - 09:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Still would like to see the fixlog.

 

Speccy says:

 

B8
                                            Attribute name    End-to-End error / IOEDC
                                            Real value    6
                                            Current    94
                                            Worst    94
                                            Raw Value    0000000006
                                            Status    Good

 

https://kb.acronis.com/content/9119

says this is a critical attribute so you need to monitor it to see if it gets worse.

 

Might be worth running a disk check:

 

1. Double-click (My) Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 


  • 0

Advertisements

#32
smittyd
Posted 08 January 2021 - 02:24 PM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

I ran disk check through the night last night.  Then I just ran "sfc /scannow".  It said: "Windows resource protection did not find any integrity violations."

 

VEW System:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/01/2021 2:17:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/01/2021 8:02:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

 

VEW Application:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/01/2021 2:19:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/01/2021 8:15:28 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Log: 'Application' Date/Time: 08/01/2021 8:02:12 PM
Type: Error Category: 0
Event: 20227 Source: RasClient
CoId={91B11D3F-8433-4EDE-A4C1-61435280558D}: The user SYSTEM dialed a connection named IKEv2-Surfshark Connection which has failed. The error code returned on failure is 1931.

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=26, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=26, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=26, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Log: 'Application' Date/Time: 08/01/2021 8:01:06 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




 


  • 0

#33
RKinner
Posted 08 January 2021 - 02:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Uninstall:

ESET Online Scanner v3

 

You are getting a lot of EAP errors.  Is there a reason you have Cisco EAP-Fast installed?


  • 0

#34
smittyd
Posted 08 January 2021 - 03:12 PM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

ESET is uninstalled.

 

Everything concerning Cisco is also uninstalled.  These were, for some reason, installed in January of 2014.


  • 0

#35
RKinner
Posted 08 January 2021 - 03:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

OK clear the alarms as before:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Run VEW for application and System as before.


  • 0

#36
smittyd
Posted 08 January 2021 - 09:27 PM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/01/2021 9:24:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2021 3:20:27 AM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 09/01/2021 3:17:45 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2021 3:20:30 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 09/01/2021 3:18:44 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 09/01/2021 3:18:33 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 09/01/2021 3:17:59 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 09/01/2021 3:17:58 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/01/2021 9:25:37 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


  • 0

#37
RKinner
Posted 08 January 2021 - 10:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Looking much better.

 

Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

 

 

Search for

services.msc

hit Enter

scroll down to

Windows Media Player Network Sharing Service

right click and select Properties then change the Startup Type: to Disabled.  OK.

 

That should fix that error.  Stupid service never works correctly but you don't need it so that's why we disable it.

 

Log: 'System' Date/Time: 09/01/2021 3:18:44 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

 

This was left from some program that did load DLLs for every application.  When it was removed it should have changed the registry entry to disallow loading but they never do.

 

Download and save the attached wininit.reg file.

Attached File  wininit.reg   340bytes   176 downloads

 Right click on it and Merge.  Ignore the warning.

 

Can I see a new Process Explorer log?  Also a new FRST log since you say SuperAntiSpyware did not have an uninstall option.  I'll make a fixlist to remove it.

 

 

 

 

 

 


  • 0

#38
smittyd
Posted 09 January 2021 - 08:19 AM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

Here's the FRST.  But, refresh my memory on how to get the Process Explorer Log.  Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by Owner (administrator) on OWNER-PC (Dell Inc. Inspiron 660) (09-01-2021 07:52:34)
Running from C:\Users\Owner\Desktop\Computer
Loaded Profiles: Owner
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MSGSDK\msgrunner.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <5>
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\Wondershare UniConverter\WSVCUUpdateHelper.exe [34744 2020-12-23] (Wondershare Technology Co.,Ltd -> )
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4362704 2020-11-27] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-02-05]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-05-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1D77A071-171F-4554-94D3-D851C2AD0927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
Task: {1FD67AC7-010B-4D16-9F09-E6EB9574DDFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {23C624EA-F7F3-489E-96B9-E9F4A5CAA68D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {4EBBE1C6-1081-404A-A982-103F922B3188} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {52D1E257-6F32-400C-998C-1079B31AF08F} - System32\Tasks\{D2BC83A8-B3D8-4D1C-90D9-A43B7D71A1A7} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [407248 2021-01-05] (Mozilla Corporation -> Mozilla Corporation)
Task: {57B7B3A5-3EE4-4A36-9D44-55A178863607} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {6572046D-7C15-49B9-9023-7FE67C2EC48A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {9F319575-6A40-46DC-99C3-715BA7F37CCB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {A00DD7D3-D4D4-4835-9071-FC40B439ED0D} - System32\Tasks\{25A0616E-6AFD-4655-8902-D17F2E0763DC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Desktop\Backup\Users\Owner\Documents\Games\My Documents\frostwire-4.18.1.windows.exe"
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {CEA07CB0-1BBE-49B6-A753-775C8280DEAB} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {D5326979-D4EE-422B-80DF-8989AF84DC08} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {DA331BD8-52A3-4245-A098-0E5DE31D8834} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {E2ECD4C7-820A-40F7-9DF1-84660267BAD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {E7FCE166-5458-4C4F-855D-434660F78491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ED04F281-DC15-4EF7-9598-51D46163DEC0} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {F7EB52B0-1D8F-4ACB-94AF-95919173892F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9177BD24-158B-4F5A-850A-E78230A70809}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F6C593FC-DE1F-428A-8525-EA6E831D2CED}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: 06wnhiu5.default-1504139140416
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 [2021-01-09]
FF Homepage: Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 -> hxxps://www.dogpile.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\[email protected] [2020-12-07]
FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-01-08]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-15]
FF Extension: (Greasemonkey) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-03] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-10-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2021-01-08] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2021-01-08] (TD Ameritrade -> TD Ameritrade)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2021-01-07]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-12-19] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Wondershare UniConverter\Transfer\DriverInstall.exe [112560 2020-12-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2796544 2011-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-25] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2021-01-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [127088 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Primax Ltd)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2020-06-15] (Surfshark Ltd. -> The OpenVPN Project)
R3 wintunshark; C:\Windows\System32\DRIVERS\wintunshark.sys [28936 2020-09-17] (Surfshark Ltd. -> Surfshark Ltd)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare Software Co., Ltd.  -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-09 07:49 - 2021-01-09 07:49 - 000000340 _____ C:\Users\Owner\Desktop\wininit.reg
2021-01-08 21:26 - 2021-01-08 21:26 - 000000467 _____ C:\Users\Owner\Desktop\VEW 2.txt
2021-01-08 21:25 - 2021-01-08 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-01-08 21:24 - 2021-01-08 21:24 - 000002203 _____ C:\Users\Owner\Desktop\VEW 1.txt
2021-01-08 21:21 - 2021-01-08 21:21 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-08 21:20 - 2021-01-08 21:20 - 000127088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-08 15:13 - 2021-01-08 15:13 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\uTorrent
2021-01-08 02:33 - 2021-01-08 02:33 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-07 22:20 - 2021-01-07 22:20 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-07 17:03 - 2021-01-07 17:05 - 000066903 _____ C:\Users\Owner\Desktop\OWNER-PC.txt
2021-01-07 16:49 - 2021-01-07 16:49 - 000019598 _____ C:\Users\Owner\Documents\cc_20210107_164913.reg
2021-01-07 16:09 - 2021-01-07 16:09 - 000006185 _____ C:\Users\Owner\Desktop\View.txt
2021-01-07 16:05 - 2021-01-08 21:20 - 000000000 ____D C:\Users\Owner\Desktop\Computer
2021-01-06 23:04 - 2021-01-07 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2021-01-06 23:04 - 2021-01-06 23:04 - 000000000 ____D C:\Program Files (x86)\Seagate
2021-01-06 22:36 - 2021-01-06 22:37 - 000000000 ____D C:\Users\Owner\Documents\Blue Screen View
2021-01-06 22:05 - 2021-01-06 22:05 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-01-06 20:21 - 2021-01-06 20:21 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
2021-01-06 20:21 - 2021-01-06 20:21 - 000000000 ____D C:\RegBackup
2021-01-06 20:20 - 2021-01-06 20:20 - 000002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
2021-01-06 20:19 - 2021-01-06 20:19 - 000003654 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2021-01-06 20:19 - 2021-01-06 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-01-06 20:19 - 2021-01-06 20:19 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-01-06 20:03 - 2021-01-06 20:04 - 040931680 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2021-01-06 16:36 - 2021-01-06 23:05 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-06 16:30 - 2021-01-06 16:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\iolo
2021-01-06 12:02 - 2021-01-08 21:25 - 000000467 _____ C:\VEW.txt
2021-01-06 12:00 - 2021-01-06 12:00 - 000061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
2021-01-06 11:59 - 2021-01-06 11:59 - 001246680 _____ (BraveSoftware Inc.) C:\Users\Owner\Desktop\BraveBrowserSetup.exe
2021-01-05 16:14 - 2021-01-05 16:14 - 000002982 _____ C:\Windows\system32\Tasks\{D2BC83A8-B3D8-4D1C-90D9-A43B7D71A1A7}
2021-01-05 16:12 - 2021-01-05 16:13 - 000055930 _____ C:\Users\Owner\Documents\cc_20210105_161253.reg
2021-01-05 13:36 - 2021-01-05 13:36 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7722D388.sys
2021-01-05 00:04 - 2021-01-05 14:58 - 000000000 ____D C:\Users\Owner\Desktop\mbar
2021-01-05 00:04 - 2021-01-05 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-05 00:04 - 2021-01-05 00:04 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\42663616.sys
2021-01-05 00:03 - 2021-01-05 00:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.10.3.1001.exe
2021-01-04 09:10 - 2021-01-09 07:53 - 000000000 ____D C:\FRST
2020-12-30 05:36 - 2020-12-30 05:36 - 000000977 _____ C:\Users\Owner\Desktop\Eusing Cleaner.lnk
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Eusing
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Program Files (x86)\Eusing Cleaner
2020-12-29 13:36 - 2021-01-06 22:02 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2020-12-29 13:36 - 2020-12-29 13:35 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\Users\Public\Desktop\Wondershare UniConverter.lnk
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\ProgramData\Desktop\Wondershare UniConverter.lnk
2020-12-24 13:11 - 2021-01-05 09:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-12-22 13:17 - 2021-01-07 11:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-12-20 05:43 - 2020-12-20 05:43 - 000401024 _____ C:\Users\Owner\Desktop\WeeklyPaycheckStrategyGuide2019.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-09 07:40 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-09 07:40 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-09 07:35 - 2020-10-17 11:43 - 000000000 ____D C:\Program Files\CCleaner
2021-01-09 07:33 - 2014-01-01 17:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-09 07:32 - 2016-11-17 17:55 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2021-01-09 07:26 - 2009-07-13 23:13 - 000778180 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-09 07:26 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2021-01-08 21:28 - 2014-02-22 07:31 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2021-01-08 21:20 - 2015-08-22 09:35 - 000000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2021-01-08 21:18 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-08 21:16 - 2014-01-03 15:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2021-01-08 21:13 - 2019-03-27 12:18 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2021-01-08 16:32 - 2020-09-05 15:49 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Surfshark
2021-01-08 14:52 - 2020-06-28 15:53 - 000000000 ____D C:\Users\Owner\.thinkorswim
2021-01-08 14:52 - 2020-06-28 15:53 - 000000000 ____D C:\Program Files\thinkorswim
2021-01-08 14:02 - 2018-02-04 14:49 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-01-07 11:57 - 2018-12-18 15:08 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Genie9
2021-01-07 11:56 - 2014-02-12 14:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-01-07 11:56 - 2014-01-01 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-07 11:42 - 2014-02-12 15:10 - 000009196 _____ C:\Windows\wininit.ini
2021-01-07 11:42 - 2014-02-12 14:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-01-06 21:59 - 2020-08-22 07:36 - 000121888 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2021-01-06 21:59 - 2010-11-21 01:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-01-06 21:58 - 2020-08-30 18:13 - 000435440 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-06 21:06 - 2009-07-13 20:34 - 000000514 _____ C:\Windows\win.ini
2021-01-06 20:59 - 2014-01-07 10:05 - 000781790 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-01-05 21:15 - 2014-01-02 08:53 - 000001586 _____ C:\Users\Owner\Desktop\Thunderbird.lnk
2021-01-05 16:07 - 2013-12-30 18:48 - 000000000 ____D C:\Windows\Minidump
2021-01-05 16:05 - 2019-06-28 08:59 - 000000000 ____D C:\Temp
2021-01-05 12:57 - 2015-01-03 12:41 - 000000000 ____D C:\Users\Owner\AppData\Local\Avg
2021-01-05 12:57 - 2015-01-03 12:41 - 000000000 ____D C:\ProgramData\AVG
2021-01-05 11:03 - 2013-12-30 20:16 - 000000000 ____D C:\Users\Owner
2021-01-05 10:58 - 2015-03-22 05:11 - 000000000 ____D C:\Program Files (x86)\Registry Mechanic
2021-01-05 10:50 - 2014-01-01 18:53 - 000000000 ____D C:\ProgramData\TEMP
2021-01-05 10:50 - 2014-01-01 18:48 - 000000000 ____D C:\Users\Owner\Documents\Anti Spyware
2021-01-05 00:19 - 2015-11-03 13:31 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Juniper Networks
2021-01-05 00:18 - 2015-11-03 13:28 - 000000000 ____D C:\ProgramData\Citrix
2021-01-05 00:18 - 2015-11-03 13:27 - 000000000 ____D C:\Program Files (x86)\Citrix
2021-01-05 00:17 - 2015-11-03 13:27 - 000000000 ____D C:\Users\Owner\AppData\Local\Citrix
2021-01-04 12:44 - 2020-09-05 16:00 - 000000000 ____D C:\ProgramData\Surfshark
2020-12-29 13:36 - 2014-02-09 06:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-29 13:34 - 2017-10-23 17:37 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-28 22:56 - 2020-10-17 11:43 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-28 22:51 - 2014-02-15 18:33 - 000000000 ____D C:\AdwCleaner
2020-12-28 08:08 - 2014-02-03 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-12-23 15:43 - 2016-08-04 11:21 - 000000000 ____D C:\Users\Owner\Documents\Chessmaster 9000
2020-12-11 20:43 - 2015-11-15 19:59 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2014-01-08 17:00 - 2014-02-05 22:46 - 000003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-05 15:01 - 2014-12-18 21:29 - 000000203 _____ () C:\Users\Owner\AppData\Roaming\default.rss
2015-11-15 17:20 - 2015-11-15 19:04 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-03 18:52
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by Owner (09-01-2021 07:53:54)
Running from C:\Users\Owner\Desktop\Computer
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-31 02:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2192775400-2880640462-1298197252-500 - Administrator - Disabled)
Guest (S-1-5-21-2192775400-2880640462-1298197252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2192775400-2880640462-1298197252-1002 - Limited - Enabled)
Owner (S-1-5-21-2192775400-2880640462-1298197252-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {2624E002-54CC-27F9-FD39-B2DD14D41191}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund) Hidden
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Advertising Center (HKLM-x32\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG Driver Updater (HKLM-x32\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Chessmaster 9000 (HKLM-x32\...\Chessmaster 9000) (Version:  - )
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell System Detect (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DolbyFiles (HKLM-x32\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
Eusing Cleaner (HKLM-x32\...\Eusing Cleaner) (Version:  - Eusing Freeware)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.5.0.0 - Telerik)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FLAC to MP3 Converter 6.1.9.0 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{0C69661F-BAE9-466A-8878-CA78026412DF}) (Version: 3.0 - Honest Technology) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
iMyFone Fixppo 7.7.0.4 (HKLM-x32\...\{FD27E638-0609-44D4-B4E0-8F238FACC75C}_is1) (Version: 7.7.0.4 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Juniper_Setup_Client) (Version: 7.4.13.52059 - Juniper Networks, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Menu Templates - Starter Kit (HKLM-x32\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 85.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 85.0 (x86 en-US)) (Version: 85.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{2af62f37-8157-4b8e-b84b-a4eab6c1d27b}) (Version:  - Nero AG)
OGG to MP3 Converter (HKLM-x32\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version:  - www.oggtomp3converter.com)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Registry Mechanic 8.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 8.0 - PC Tools)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Surfshark (HKLM-x32\...\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}) (Version: 2.7.7999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 2.7.7999) (Version: 2.7.7999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FDCDF826-A508-41B3-93B0-C3EC5F3251E7}) (Version: 1.0 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{0446BBB9-5BF7-4EE8-813C-2A630808D5A1}) (Version: 1.0 - Surfshark)
System Ninja version 2.4.4 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 2.4.4 - SingularLabs)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.3 - Tweaking.com)
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Video Poker for Winners (HKLM-x32\...\{5B73AF17-C52E-452D-B37F-C7B69E567DB8}) (Version: 1.11.0000 - Action Gaming, Inc)
Video Poker for Winners (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Video Poker for Winners) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows Driver Package - Surfshark Ltd (wintunshark) Net  (08/10/2020 0.8.0.0) (HKLM\...\C3138B3DBCE6F9FCB8C067FECE833A62860FFB4C) (Version: 08/10/2020 0.8.0.0 - Surfshark Ltd)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Disk Cleaner 10.31 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.31 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 12.5.1.8) (HKLM\...\UniConverter_is1) (Version: 12.5.1.8 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-06-05] (Nero AG -> Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32: [FileOpreation] -> {64686A76-F095-4872-A41C-1B682E751D88} => C:\Windows\SysWow64\WS_ContextMenu.dll [2010-10-28] () [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\Backup\Users\Owner\Desktop\Geek Squad Backup\Users\Derrell\Flash Drive Back Up 2-12-2013\Removable Disk\Junk\Remote Workstation.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://ctxmf.valero.com

==================== Loaded Modules (Whitelisted) =============

2014-01-01 16:31 - 2011-11-29 20:00 - 000059392 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-08-07 12:48 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-07 12:48 - 2017-03-23 08:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-10-12 11:54 - 2020-10-12 11:54 - 000324096 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2020-11-20 01:06 - 2020-11-20 01:06 - 004035072 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkWg.dll
2018-12-18 15:09 - 2016-12-13 04:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2018-12-18 15:09 - 2016-12-13 04:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2018-02-07 19:54 - 2018-02-07 19:54 - 000172032 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2017-06-02 11:13 - 2015-02-27 13:38 - 000721263 _____ () [File not signed] C:\Windows\SysWOW64\WSCM64.dll
2018-12-18 15:09 - 2015-05-26 03:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2014-01-01 16:23 - 2011-11-29 09:51 - 000439808 _____ (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2014-01-01 16:14 - 2012-01-09 17:40 - 000364544 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2018-01-18 12:12 - 2018-01-18 12:12 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\439f4df27ed07e50e3dac6eacce3a0f8\IAStorCommon.ni.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 000175616 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2014-01-01 16:31 - 2011-11-29 19:41 - 000278016 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2014-01-01 16:20 - 2012-02-17 01:31 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-02-07 19:54 - 2018-02-07 19:54 - 000225280 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\a90db6c138e5a8e0c550be7c61e5d6b6\IAStorDataMgr.ni.dll
2018-03-14 20:42 - 2018-03-14 20:42 - 000487424 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4acddac9fd2b5660cc05ad1e6f67e796\IAStorUtil.ni.dll
2014-05-21 22:16 - 2014-05-21 22:16 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2018-01-18 17:07 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\Newtonsoft.Json.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCollect.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCommon.dll
2014-02-03 19:42 - 2017-03-23 08:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [163]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2021-01-06 21:06 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x64;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0B42C8B-18E4-4453-B7F4-AF07039DDA72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6D287328-FB9C-489C-BE20-DCB66556B486}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CC0C7C3A-E243-4D6A-9FB8-60A9361AC21C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{380C03FA-DA4F-49B9-BCBB-4CA3F25E2311}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6AD5B1E4-7525-4294-9428-6FEAF9223E98}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4B43463E-6840-45A1-A76A-B877DB41F515}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CD115A5D-3C73-473D-ADFD-68B7A1CA8CA4}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D628E81A-408A-4A04-B129-BC5CD964B452}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B72B88C9-C96C-404E-B39C-86B53DB1AA44}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7AACFB67-81C2-42ED-A05A-1F7CC96BFDEB}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3060B2D1-9B37-40A4-966F-442F0D7BD6F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1A5A4E-558D-428D-89DA-05C6FE5B7E12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E962DE6-1EB5-4D53-B5BD-E44A50F795D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63CDA6EB-C3DF-461A-94E4-5E5933482F67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F9EED568-720A-4DF8-8A15-8C6710DF39D7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCE88674-3735-4121-A1B1-8F47C9D8317C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AAEC3056-0F88-4A1F-AA0F-0E744E16E0B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E419970E-0773-42BC-BB42-6CC2DFEA84B3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{284094B8-4491-44B4-85F0-15C20CB9D78A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{16223476-6DCE-4512-B5E7-99C11567A815}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{66078EE9-0D2B-4F6C-BC98-8CE5103A86DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-01-2021 16:41:44 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
06-01-2021 23:05:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2021 15:09:51 Removed Cisco EAP-FAST Module
08-01-2021 15:10:34 Removed Cisco LEAP Module
08-01-2021 15:10:57 Removed Cisco PEAP Module

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/08/2021 09:28:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e
Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e
Exception code: 0xc0000005
Fault offset: 0x00002ccb
Faulting process id: 0x221c
Faulting application start time: 0x01d6e637805aa728
Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Report Id: bf80e97b-522a-11eb-9bc5-d4bed9e6e920


System errors:
=============
Error: (01/09/2021 07:35:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/09/2021 07:35:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/09/2021 07:35:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/09/2021 07:35:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/09/2021 07:35:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/08/2021 09:20:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/08/2021 09:17:45 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.


==================== Memory info ===========================

BIOS: Dell Inc. A05 07/26/2012
Motherboard: Dell Inc. 0XR1GT
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 57%
Total physical RAM: 8066.04 MB
Available physical RAM: 3462.75 MB
Total Virtual: 16130.23 MB
Available Virtual: 10802.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:880.25 GB) NTFS
Drive f: () (Removable) (Total:28.64 GB) (Free:16.39 GB) FAT32

\\?\Volume{24670f43-71b5-11e3-bcac-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 236FA298)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Protective MBR) (Size: 28.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

#39
RKinner
Posted 09 January 2021 - 08:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

You need to do a check disk on the F: drive. 

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. F:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.

 

Reboot

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   7KB   169 downloads

Run FRST and press Fix
A fix log will be generated please post that

 

For Process Explorer:

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 




 


  • 0

#40
smittyd
Posted 09 January 2021 - 09:01 AM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

Sorry, F drive was a Flash Drive I had inserted to back up some things from my C drive.

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    97.19    0 K    24 K    0            
firefox.exe    0.65    120,460 K    135,148 K    5832    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
procexp64.exe    0.64    37,192 K    59,528 K    13300    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    0.38    204,372 K    335,056 K    1112    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Interrupts    0.31    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    0.23    291,324 K    314,876 K    11212    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
MBAMService.exe    0.14    298,460 K    123,984 K    4048    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Inc
System    0.12    304 K    612 K    4            
csrss.exe    0.10    19,840 K    11,664 K    712    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.07    36,084 K    28,500 K    740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    5,240 K    4,660 K    932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.02    61,832 K    90,996 K    6232    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
IAStorDataMgrSvc.exe    0.02    22,280 K    3,812 K    808    IAStorDataSvc    Intel Corporation    (Verified) Intel Corporation
mcapexe.exe    0.02    4,220 K    2,040 K    5268    McAfee Access Protection    McAfee, LLC    (Verified) McAfee, LLC
explorer.exe    0.01    59,012 K    42,868 K    1788    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
MfeAVSvc.exe    0.01    73,128 K    13,152 K    5208    McAfee Cloud AV    McAfee, LLC    (Verified) McAfee, LLC
svchost.exe    0.01    32,264 K    17,928 K    1160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
iusb3mon.exe    0.01    1,588 K    1,312 K    2556    Intel® USB 3.0 Monitor    Intel Corporation    (Verified) Intel Corporation
SmartAudio3.exe    < 0.01    90,820 K    27,040 K    2476    SmartAudio3 [64-Bit]    Conexant Systems, Inc.    (Verified) Conexant Systems, Inc.
WSHelper.exe    < 0.01    9,180 K    3,616 K    2592    Wondershare Studio    Wondershare    (Verified) Wondershare Technology Co.,Ltd
svchost.exe    < 0.01    14,840 K    15,592 K    400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SASCORE64.EXE    < 0.01    1,760 K    720 K    1756    Core Service    SUPERAntiSpyware.com    (Verified) SUPERAntiSpyware.com
taskhost.exe    < 0.01    13,128 K    2,736 K    1800    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
Surfshark.ShadowsocksService.exe    < 0.01    26,740 K    5,808 K    3996    Surfshark    Surfshark    (Verified) Surfshark Ltd.
wmpnetwk.exe    < 0.01    12,744 K    12,532 K    11444    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    1,172 K    312 K    3728    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe    < 0.01    1,172 K    312 K    1668    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    < 0.01    2,788 K    2,192 K    620    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
Surfshark.Service.exe    < 0.01    63,268 K    10,592 K    3944    Surfshark    Surfshark    (Verified) Surfshark Ltd.
ModuleCoreService.exe    < 0.01    40,280 K    37,068 K    1976    McAfee Module Core Service    McAfee, LLC    (Verified) McAfee, LLC
svchost.exe    < 0.01    9,520 K    12,124 K    3040    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
servicehost.exe    < 0.01    15,108 K    11,796 K    2160    McAfee WebAdvisor    McAfee, LLC    (Verified) McAfee, LLC
mcshield.exe    < 0.01    59,184 K    21,812 K    4696    McAfee Scanner service    McAfee LLC.    (Verified) McAfee, Inc.
IAStorIcon.exe    < 0.01    25,688 K    6,732 K    2564    IAStorIcon    Intel Corporation    (Verified) Intel Corporation
svchost.exe    < 0.01    233,444 K    215,388 K    628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WsAppService.exe    < 0.01    32,396 K    7,988 K    3676    Wondershare Passport    Wondershare    (Verified) Wondershare Technology Co.,Ltd
firefox.exe    < 0.01    278,908 K    291,424 K    10400    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
MMSSHOST.exe    < 0.01    40,692 K    45,128 K    5556    McAfee Management Service Host    McAfee, LLC    (Verified) McAfee, LLC
mfevtps.exe    < 0.01    10,616 K    6,500 K    2624    McAfee Process Validation Service    McAfee, LLC    (Verified) McAfee, Inc.
WUDFHost.exe        2,180 K    1,352 K    7276    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
wuauclt.exe        2,064 K    1,492 K    9756    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,912 K    7,308 K    2312    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,388 K    2,312 K    1356    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,360 K    1,512 K    792    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,720 K    272 K    692    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
UNS.exe        4,208 K    3,464 K    3932    User Notification Service    Intel Corporation    (Verified) Intel Corporation
uihost.exe        8,372 K    6,496 K    3748    McAfee WebAdvisor    McAfee, LLC    (Verified) McAfee, LLC
taskhost.exe        5,728 K    1,048 K    12868    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,108 K    6,088 K    8716    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,916 K    6,316 K    1012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        7,016 K    5,840 K    2404    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        22,004 K    12,904 K    524    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        16,560 K    9,948 K    1312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,924 K    3,544 K    6956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,552 K    3,412 K    6848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,136 K    2,416 K    3444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,856 K    768 K    2336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        8,464 K    4,340 K    1628    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        556 K    384 K    388    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        12,408 K    8,444 K    752    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        53,048 K    14,336 K    3852    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
rundll32.exe        2,672 K    2,160 K    1064    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
ProtectedModuleHost.exe        6,760 K    4,972 K    5580    McAfee Protected Module Host    McAfee, LLC    (Verified) McAfee, LLC
procexp.exe        3,664 K    8,048 K    9920    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        29,032 K    796 K    7080    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PEFService.exe        30,260 K    3,248 K    3212    McAfee PEF Service    McAfee, LLC    (Verified) McAfee, LLC
ONENOTEM.EXE        992 K    644 K    2144    Microsoft Office OneNote Quick Launcher    Microsoft Corporation    (Verified) Microsoft Corporation
obexsrv.exe        2,700 K    1,600 K    3896    Bluetooth OBEX Service    Intel Corporation    (Verified) Intel Corporation - Mobile Wireless Group
nssm.exe        2,544 K    1,468 K    3468    The non-sucking service manager    Surfshark    (Verified) Surfshark Ltd.
nssm.exe        2,424 K    1,452 K    3508    The non-sucking service manager    Surfshark    (Verified) Surfshark Ltd.
NBService.exe        3,072 K    1,592 K    2696    Nero BackItUp    Nero AG    (Verified) Nero AG
ModuleCoreService.exe        14,568 K    18,704 K    2244    McAfee Module Core Service    McAfee, LLC    (Verified) McAfee, LLC
mfemms.exe        7,288 K    5,676 K    2384    McAfee Management Service    McAfee, LLC    (Verified) McAfee, Inc.
mediasrv.exe        3,040 K    1,832 K    7156    Bluetooth Media Service    Intel Corporation    (Verified) Intel Corporation - Mobile Wireless Group
McUICnt.exe        12,392 K    5,132 K    11148    McAfee    McAfee, LLC    (Verified) McAfee, LLC
McCSPServiceHost.exe        10,972 K    11,872 K    6276    McAfee CSP Service Host    McAfee, LLC    (Verified) McAfee, LLC
lsm.exe        3,116 K    2,084 K    828    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        6,552 K    6,556 K    820    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe        2,872 K    2,548 K    12300    Local Manageability Service    Intel Corporation    (Verified) Intel Corporation
Jhi_service.exe        1,664 K    420 K    536    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation
igfxTray.exe        8,208 K    3,864 K    7564    igfxTray Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxHK.exe        3,984 K    1,856 K    7424    igfxHK Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxEM.exe        5,676 K    3,824 K    7288    igfxEM Module    Intel Corporation    (Verified) Intel Corporation - pGFX
igfxCUIService.exe        2,288 K    1,556 K    1100    igfxCUIService Module    Intel Corporation    (Verified) Intel Corporation - pGFX
HeciServer.exe        1,928 K    1,400 K    1304    Intel® Capability Licensing Service Interface    Intel® Corporation    (Verified) Intel® Upgrade Service
firefox.exe        37,736 K    21,948 K    7196    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe        1,712 K    756 K    1568    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
devmonsrv.exe        2,888 K    1,860 K    2276    Bluetooth Device Monitor    Intel Corporation    (Verified) Intel Corporation - Mobile Wireless Group
CxUtilSvc.exe        1,232 K    1,176 K    2368    Utility Service    Conexant Systems, Inc.    (Verified) Conexant Systems, Inc.
conhost.exe        1,096 K    516 K    1364    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        1,208 K    532 K    7584    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
caudiofilteragent64.exe        2,268 K    2,748 K    2016    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems, Inc.
audiodg.exe        16,308 K    16,876 K    8384    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
Ath_WlanAgent.exe        1,500 K    1,964 K    3876    Atheros Coex Service Application    Atheros    (No signature was present in the subject) Atheros
armsvc.exe        1,108 K    392 K    1876    Adobe Acrobat Update Service    Adobe Inc.    (Verified) Adobe Inc.


 


  • 0

Advertisements

#41
RKinner
Posted 09 January 2021 - 09:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Fixlog?


  • 0

#42
smittyd
Posted 09 January 2021 - 12:11 PM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>
R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
CMD: Type C:\Windows\wininit.ini
CMD: Type C:\Windows\win.ini
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CMD: SC query UPnPHost
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


 


  • 0

#43
RKinner
Posted 09 January 2021 - 12:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Did you run the fixlist?  I don't need you to post the fixlist just the fixlog which should be generated when you run FRST and hit Fix.


  • 0

#44
smittyd
Posted 09 January 2021 - 01:24 PM

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts

HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>
R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
CMD: Type C:\Windows\wininit.ini
CMD: Type C:\Windows\win.ini
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} =>  -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CMD: SC query UPnPHost
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


 


  • 0

#45
RKinner
Posted 09 January 2021 - 02:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Let's try again

 

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   7KB   166 downloads

Run FRST and press Fix
A fix log will be generated please post that


 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP