Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by pedwa (administrator) on DESKTOP-6N1U1A5 (Dell Inc. OptiPlex 7010) (12-01-2021 08:27:35)
Running from C:\Users\pedwa\OneDrive\Desktop
Loaded Profiles: pedwa
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Link64 GmbH -> Link64 GmbH) C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe <2>
(Loom, Inc. -> ) C:\Users\pedwa\AppData\Local\Programs\Loom\resources\app.asar.unpacked\dist\binaries\loom-recorder-production.exe
(Loom, Inc. -> Loom, Inc.) C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\pedwa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2908888 2014-09-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [Unattend0000000001{4494B480-9AEE-4241-A268-0619C3B4DBFD}] => C:\WINDOWS\system32\devmgmt.msc [145622 2019-12-07] (Microsoft Windows -> )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [6189784 2020-11-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\Run: [electron.app.Loom] => C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe [126146088 2021-01-11] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [153600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-10-20]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07AA2FEE-02F8-45E0-A10D-D813C7E99344} - System32\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004 => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3314F4F7-7BCF-40B6-B7FE-5C06BA1384D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {688CA085-C8C2-4090-A748-FBED15B84A0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {76CA1601-3D38-4C9A-B11E-44227D170C57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8AC7DCE9-1476-470A-A462-99BEC871BF78} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DA26406-0E17-4F2E-9C62-B273031ED29D} - System32\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004 => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {90AFC852-A6AC-4D8C-9728-221E90508AB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {9B60D997-A778-4232-ACED-FDE28110FB8E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {B6ABA98A-78F7-4594-998F-EF2EA6CAF353} - System32\Tasks\Agent Activation Runtime\S-1-5-21-366862209-4135554110-2996454335-1004 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-09] (Microsoft Windows -> )
Task: {D2B36F06-D5EB-4763-A19E-DC543EECA18B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004.job => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004.job => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-366862209-4135554110-2996454335-1004] => Proxy is enabled.
ProxyServer: [S-1-5-21-366862209-4135554110-2996454335-1004] => http=127.0.0.1:8082;https=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{b4704bda-6fc5-4481-beea-0266af4c9b90}: [DhcpNameServer] 10.0.1.1
ManualProxies: 1http=127.0.0.1:8082;https=127.0.0.1:8082
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pedwa\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-12]
FireFox:
========
FF DefaultProfile: 4gtmw0jr.default
FF ProfilePath: C:\Users\pedwa\AppData\Roaming\Mozilla\Firefox\Profiles\4gtmw0jr.default [2020-09-12]
FF ProfilePath: C:\Users\pedwa\AppData\Roaming\Mozilla\Firefox\Profiles\rtgz6m61.default-release [2021-01-12]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2020-07-23] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default [2021-01-12]
CHR Notifications: Default -> hxxps://app.gotowebinar.com; hxxps://customer.jvzoo.com; hxxps://dnschecker.org; hxxps://install.searchconverterbox.com; hxxps://myvprepay.verizon.com; hxxps://nypost.com; hxxps://offlinesharks.com; hxxps://web.skype.com; hxxps://whatismyipaddress.com; hxxps://wpforms.com; hxxps://www.crowdcast.io; hxxps://www.facebook.com; hxxps://www.fastquicksearch.com; hxxps://www.isitwp.com; hxxps://www.kansas.com; hxxps://www.loom.com; hxxps://www.monsterinsights.com; hxxps://www.namehero.com; hxxps://www.newsbreak.com; hxxps://www.newsweek.com; hxxps://www.quora.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=110790&tt=3712_5&babsrc=HP_ss&mntrId=ee0ffd770000000000000021296edc84
CHR StartupUrls: Default -> "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020","hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_ir_17_02¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dminio%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyDyE0DtBtA0Czy0EzyyE0BtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyEzz0DyCtBzz0AtGtAtD0F0EtGtByD0DyDtGyDtB0E0DtGzy0A0CyDtBzz0AtBtC0D0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBzz0F0B0F0CyBtGyEtCtD0EtGyEyCyEtAtG0BtCyE0FtG0C0DzztDtC0ByE0AyDtCyDzz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyEyEzy%26cr%3D140861373%26a%3Dmnn_ir_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-23]
CHR Extension: (Docs) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-23]
CHR Extension: (Google Drive) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (Campaign Cloner) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkngdbfnacjhejokocclomjbfdahaaem [2021-01-02]
CHR Extension: (YouTube) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (TestOnlineSpeed) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdaeipojmgllhdibldbbhfhlepncijng [2020-07-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnacmlpiecdhgkdgeoipkmdbekengck [2020-07-23]
CHR Extension: (PopBlock+) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnefkmcmokiilacdgejmmfgnblcpoca [2020-12-22]
CHR Extension: (IncognitoSearches Search) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhlcepepdbeaodfgmgajpnakghnfejde [2020-07-23]
CHR Extension: (PackageTracking for Chrome) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dklnibnmfddlaopoeplilgaacloakjka [2020-07-23]
CHR Extension: (Sheets) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-23]
CHR Extension: (Magic Dropship Fulfillment) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkakbppdpakcmkeeaigjgkhjimmmimd [2020-07-23]
CHR Extension: (securyBrowse) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghaojflgonndmkaknkocggkmkbjjbgho [2020-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2021-01-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-11]
CHR Extension: (Newz Finder) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfmkmokccaciopjahpkmfdbkjbhmfp [2020-08-25]
CHR Extension: (Secured Web) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfkdnnflgkgpfeppboogbpabagblabp [2020-08-13]
CHR Extension: (NoTrack - Block Redirection Tracking) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\knjgjcgmkldnfeejjmacjojljgbhcdbf [2020-07-23]
CHR Extension: (Loom for Chrome) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2020-12-11]
CHR Extension: (Video DownloadHelper) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-01-10]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-07-23]
CHR Extension: (YouTube SEO Checklist (SEO Ranking Tool)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajddjijmeaibppajnagjiloknomjjp [2020-07-23]
CHR Extension: (JustAnswer It) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkhgmkdjjdfehkbibfeabhnncdolcah [2021-01-07]
CHR Extension: (Plugins) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2020-07-23]
CHR Extension: (multifolder) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfjlfpabnjllhcpgncdmbelnehboeki [2020-07-23]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2020-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Gmail) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR Extension: (Instagram Auto Follow) - C:\1 1 JAVA BOTS\javascriptCommissionBotInstagram\javascriptCommissionBotInstagram [2020-08-06]
CHR Extension: (javascript commission bot - Twitter) - C:\1 1 JAVA BOTS\javascriptCommissionBotTwitter\javascriptCommissionBotTwitter [2020-08-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-10-20] (philandro Software GmbH -> philandro Software GmbH)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [170352 2020-04-09] (TMRG, Inc. -> TMRG, Inc.) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cpuz149; C:\Users\pedwa\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2021-01-08] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-12 08:26 - 2021-01-12 08:28 - 000000000 ____D C:\FRST
2021-01-08 21:51 - 2021-01-08 21:51 - 000000000 ____D C:\Users\pedwa\AppData\Local\AAR
2021-01-08 18:48 - 2021-01-08 18:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-08 09:31 - 2021-01-08 09:31 - 000310585 _____ C:\Users\pedwa\OneDrive\Documents\Speccy report - DESKTOP-6N1U1A5.pdf
2021-01-08 09:28 - 2021-01-08 22:51 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-01-08 09:28 - 2021-01-08 22:51 - 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk
2021-01-08 09:28 - 2021-01-08 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-01-08 09:28 - 2021-01-08 09:28 - 000000000 ____D C:\Program Files\Speccy
2021-01-07 08:46 - 2021-01-09 22:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-06 15:58 - 2021-01-06 15:58 - 000025688 _____ C:\Users\pedwa\Downloads\premiumlogo.zip
2021-01-06 15:57 - 2021-01-06 15:57 - 000025688 _____ C:\Users\pedwa\Downloads\18291595 (2).zip
2021-01-06 15:57 - 2021-01-06 15:57 - 000025688 _____ C:\Users\pedwa\Downloads\18291595 (1).zip
2021-01-06 15:56 - 2021-01-06 15:56 - 000025688 _____ C:\Users\pedwa\Downloads\18291595.zip
2021-01-06 00:05 - 2021-01-06 00:21 - 000000000 ____D C:\1 1 Courserious
2021-01-05 21:36 - 2021-01-05 21:47 - 000000000 ____D C:\1 1 BLING BUNDLE
2021-01-05 12:57 - 2021-01-09 10:40 - 000000000 ____D C:\1 1 MAILVIO
2021-01-05 12:51 - 2021-01-05 21:31 - 000000000 ____D C:\1 1 BINSTA
2021-01-02 12:14 - 2021-01-02 12:14 - 000000000 ____D C:\1 1 MEETVIO WEBINARS
2021-01-01 14:45 - 2021-01-03 23:32 - 000000000 ____D C:\1 1 FUNNELVIO
2020-12-29 04:29 - 2020-12-29 04:29 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-27 20:02 - 2020-12-27 20:02 - 000000000 ____D C:\Users\pedwa\AppData\Local\GoTo Opener
2020-12-27 01:18 - 2020-12-27 01:19 - 000000000 ____D C:\1 1 PHOTOS
2020-12-26 23:13 - 2020-12-26 23:13 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (8).zip
2020-12-26 23:12 - 2020-12-26 23:12 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (7).zip
2020-12-26 23:02 - 2020-12-26 23:02 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (6).zip
2020-12-26 22:57 - 2020-12-26 22:57 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (5).zip
2020-12-26 22:55 - 2020-12-26 22:55 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (4).zip
2020-12-26 22:43 - 2020-12-26 22:45 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034327Z-001.zip
2020-12-26 22:42 - 2020-12-26 22:44 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034205Z-001.zip
2020-12-26 22:41 - 2020-12-26 22:42 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034052Z-001.zip
2020-12-26 22:33 - 2020-12-26 22:34 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T033310Z-001.zip
2020-12-26 22:30 - 2020-12-26 22:30 - 000072935 _____ C:\Users\pedwa\Downloads\leadgenchildtheme (2).zip
2020-12-26 22:29 - 2020-12-26 22:29 - 000072935 _____ C:\Users\pedwa\Downloads\leadgenchildtheme (1).zip
2020-12-26 22:24 - 2020-12-26 22:27 - 000000000 ____D C:\1 1 LEAD GEN THEME
2020-12-26 21:41 - 2020-12-26 21:41 - 000000000 ____D C:\Users\pedwa\OneDrive\Documents\leadgentheme (3)
2020-12-26 21:40 - 2020-12-26 21:40 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (3).zip
2020-12-26 21:37 - 2020-12-26 21:37 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (2).zip
2020-12-26 21:36 - 2020-12-26 21:36 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (1).zip
2020-12-26 21:35 - 2020-12-26 21:35 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme.zip
2020-12-26 21:16 - 2020-12-26 21:17 - 005802393 _____ C:\Users\pedwa\Downloads\Community-Resource-theme.zip
2020-12-26 12:37 - 2020-12-26 12:37 - 000000000 ____D C:\1 1 PROFIT MAIL
2020-12-26 10:14 - 2021-01-05 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2020-12-26 09:41 - 2020-12-26 09:41 - 000000000 _____ C:\WINDOWS\system32\Restoro.rep
2020-12-26 09:28 - 2020-12-26 09:28 - 002670815 _____ C:\Users\pedwa\Downloads\Autoruns.zip
2020-12-26 09:18 - 2020-12-26 09:18 - 000022808 _____ C:\WINDOWS\system32\Native.exe
2020-12-26 09:04 - 2020-12-26 18:49 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2020-12-26 09:04 - 2020-12-26 09:59 - 000000000 ____D C:\Users\pedwa\AppData\Local\LogMeIn Rescue Applet
2020-12-26 09:04 - 2020-12-26 09:04 - 000002325 _____ C:\Users\pedwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Log Me In Rescue 123.lnk
2020-12-26 08:43 - 2020-12-28 10:27 - 000000167 _____ C:\WINDOWS\restoro.ini
2020-12-22 01:15 - 2021-01-05 20:11 - 000000000 ____D C:\Program Files (x86)\RelevantKnowledge
2020-12-22 01:10 - 2020-12-22 01:11 - 000000000 ____D C:\Program Files (x86)\BrowserEngine
2020-12-22 01:06 - 2020-12-22 01:07 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\HolcusTopicalSoft
2020-12-22 00:31 - 2020-12-22 00:31 - 000000000 ____D C:\New folder
2020-12-21 22:31 - 2020-12-22 15:48 - 000000000 ____D C:\1 1 SUPER AFFILIATE SYSTEM
2020-12-20 03:15 - 2020-12-26 22:40 - 000000000 ____D C:\ProgramData\WinZip
2020-12-20 03:12 - 2020-12-20 03:12 - 000000000 ____D C:\ProgramData\UniqueId
2020-12-20 03:10 - 2020-12-20 03:11 - 000000000 ____D C:\1 1 WINZIP
2020-12-19 00:57 - 2020-12-19 00:57 - 000089644 _____ C:\Users\pedwa\OneDrive\Documents\LAWYER ALL.csv
2020-12-19 00:57 - 2020-12-19 00:57 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\java
2020-12-18 23:26 - 2020-12-19 00:58 - 000000000 ____D C:\Users\pedwa\.junique
2020-12-18 23:26 - 2020-12-18 23:26 - 000000000 ____D C:\Users\pedwa\Soci Spy
2020-12-18 23:26 - 2020-12-18 23:26 - 000000000 ____D C:\Users\pedwa\AppData\LocalLow\Ephox
2020-12-18 23:15 - 2020-12-18 23:15 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-18 23:15 - 2020-12-18 23:15 - 000000000 ____D C:\Program Files\Java
2020-12-18 09:27 - 2021-01-03 20:13 - 000000000 ____D C:\1 1 VIDEO 360
2020-12-15 23:03 - 2020-12-20 20:41 - 000000000 ____D C:\1 1 PROFIT PAGE
2020-12-14 01:06 - 2020-12-18 23:53 - 000000000 ____D C:\1 1 ONLINE REVENUE SYSTEM
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-12 08:24 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-12 08:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-12 08:19 - 2020-11-27 12:44 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-12 08:19 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-12 08:15 - 2020-09-16 14:18 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Loom
2021-01-12 08:15 - 2020-07-23 08:53 - 000000000 ___RD C:\Users\pedwa\OneDrive
2021-01-12 08:13 - 2020-11-27 12:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-12 08:13 - 2020-11-27 12:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-12 08:13 - 2020-07-23 08:50 - 000000000 __SHD C:\Users\pedwa\IntelGraphicsProfiles
2021-01-12 08:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-12 08:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-12 08:12 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-12 07:21 - 2020-11-27 12:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-12 04:25 - 2020-11-27 12:47 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E4BCC18B-0115-4760-BCE2-E567C14559FA}
2021-01-12 01:23 - 2020-07-23 10:10 - 000000000 ____D C:\1 1 ACASH
2021-01-12 00:46 - 2020-09-10 09:47 - 000000000 ____D C:\Users\pedwa\AppData\LocalLow\Mozilla
2021-01-12 00:43 - 2020-09-10 09:47 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-11 22:49 - 2020-11-28 04:14 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c4e47f2e740b
2021-01-11 22:49 - 2020-11-27 12:47 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-11 14:42 - 2020-07-23 09:27 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 14:42 - 2020-07-23 09:27 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-11 14:42 - 2020-07-23 09:27 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-10 17:52 - 2020-11-22 13:15 - 000000000 ____D C:\1 1 H-EDUCATE
2021-01-09 22:52 - 2020-09-10 09:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-09 10:51 - 2020-07-27 02:11 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-09 10:51 - 2020-07-27 02:11 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-09 10:51 - 2020-07-27 02:11 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-08 18:48 - 2020-09-10 09:47 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 11:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-06 01:43 - 2020-10-02 04:07 - 000000000 ____D C:\1 1 LOGOS
2021-01-05 13:53 - 2020-08-30 12:00 - 000000000 ____D C:\1 1 AMM AGENCY MEMBERSHIP
2021-01-05 09:07 - 2020-07-23 23:17 - 000000000 ____D C:\1 1 PAT
2021-01-03 23:25 - 2020-11-27 12:34 - 000000000 ____D C:\Users\pedwa
2020-12-29 14:15 - 2020-07-26 09:40 - 000000000 ____D C:\Users\pedwa\AppData\Local\ElevatedDiagnostics
2020-12-29 04:29 - 2020-09-30 09:35 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Zoom
2020-12-28 14:16 - 2020-11-27 07:20 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-27 23:03 - 2020-07-23 23:15 - 000000000 ____D C:\1 1 AgencyGrowthMachine OFFLINE SHARKS
2020-12-26 21:18 - 2019-07-06 08:11 - 000000000 ____D C:\Users\pedwa\Downloads\directorytheme
2020-12-26 08:41 - 2020-07-23 08:50 - 000000000 ____D C:\Users\pedwa\AppData\Local\Packages
2020-12-25 14:54 - 2020-09-24 18:47 - 000000000 ____D C:\1 1 PROFIT HOST
2020-12-18 23:15 - 2020-09-09 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-17 22:33 - 2020-07-25 09:56 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004.job
2020-12-17 22:33 - 2020-07-25 09:56 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004.job
2020-12-17 18:09 - 2020-11-27 12:47 - 000003834 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004
2020-12-17 18:09 - 2020-11-27 12:47 - 000003738 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004
2020-12-17 18:09 - 2020-07-25 09:56 - 000000000 ____D C:\Users\pedwa\AppData\Local\GoToMeeting
2020-12-13 21:39 - 2020-07-28 08:06 - 000000000 ____D C:\1 1 CONTENT GORILLA
==================== Files in the root of some directories ========
2020-07-30 01:32 - 2020-07-30 01:32 - 001295576 _____ (Google LLC) C:\Users\pedwa\ChromeSetup.exe
2020-09-09 09:23 - 2020-09-09 09:23 - 002083464 _____ (Oracle Corporation) C:\Users\pedwa\JavaSetup8u261.exe
2020-09-09 09:27 - 2020-09-09 09:28 - 069999448 _____ (Microsoft Corporation) C:\Users\pedwa\NDP452-KB2901907-x86-x64-AllOS-ENU 4.5.2.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
=========================================================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by pedwa (12-01-2021 08:29:49)
Running from C:\Users\pedwa\OneDrive\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-11-27 17:48:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-366862209-4135554110-2996454335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-366862209-4135554110-2996454335-503 - Limited - Disabled)
Guest (S-1-5-21-366862209-4135554110-2996454335-501 - Limited - Disabled)
pedwa (S-1-5-21-366862209-4135554110-2996454335-1004 - Administrator - Enabled) => C:\Users\pedwa
WDAGUtilityAccount (S-1-5-21-366862209-4135554110-2996454335-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.8 - philandro Software GmbH)
Blackmagic RAW Common Components (HKLM\...\{C569CAEE-D0BF-45DE-833E-E97988B5CB8B}) (Version: 1.8 - Blackmagic Design)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
DaVinci Resolve (HKLM\...\{F576A1B2-04B7-4946-9544-E98EBB6B5288}) (Version: 16.2.5015 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Job Finder 5.1.0.0 (HKLM\...\{862DC5FB-A869-4EB7-905B-C99DCC0976A1}) (Version: 5.1.0 - Mustapha Ajarmou)
Loom 0.57.0 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\{3643b966-bc28-5bc8-95ff-3d47d66438db}) (Version: 0.57.0 - Loom, Inc.)
Loom 0.64.4 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.64.4 - Loom, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.65 - )
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5985 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VideoDownloaderUltimate (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.161 - Link64)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)
Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.44.0_x64__pwbj9vvecjh7j [2021-01-12] (Amazon Development Centre (London) Ltd)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-08] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-366862209-4135554110-2996454335-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-366862209-4135554110-2996454335-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\pedwa\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-01-09 23:53 - 2021-01-11 17:18 - 002824192 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\ffmpeg.dll
2021-01-09 23:53 - 2021-01-11 17:18 - 000449024 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\libegl.dll
2021-01-09 23:53 - 2021-01-11 17:18 - 007620096 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\libglesv2.dll
2020-07-28 15:46 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2020-07-28 15:46 - 2013-03-08 01:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-366862209-4135554110-2996454335-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-09-19 15:13 - 2020-09-19 15:13 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{257166B6-6C76-4D02-98A6-3C4F1ACE75D3}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{778444A4-CCF9-45E5-829D-5E995DE66EE4}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7857232-D6DA-4816-AC31-0791110F4B82}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E6278A66-F321-40AD-B9C9-9F81F5EC82C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B6CA5707-AFF6-4150-9821-B751E16340CE}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Allow) C:\program files (x86)\relevantknowledge\rlvknlg.exe => No File
FirewallRules: [UDP Query User{77EBF881-635F-4620-ACAB-7CCC712FEF9D}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Allow) C:\program files (x86)\relevantknowledge\rlvknlg.exe => No File
FirewallRules: [TCP Query User{1ADAEA29-9563-42E2-8597-AFE4F705FE58}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{302E6828-D761-4015-ABA0-9CD974D78ED2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8D1E3EBD-E443-429A-9594-25B858A20C74}C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{7CA80FFA-DB33-44C1-908A-9231894A2A79}C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CF0ACFB7-34FF-439E-A5C2-AEA8CFE1787D}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{732A9D88-DF8F-4667-9755-623FC6C91454}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D60193DA-B8AE-41F1-B012-D01C395A410A}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{9323E77F-5818-4C4E-AF1C-AD9D4B124A75}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CEB02643-000C-482F-930E-9A1486A71314}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{672D7212-572A-4DCC-BC88-ADECEF533E32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64A8587B-750C-4A62-87D6-C87CFFF6A70C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{776D49FD-42FB-4F86-8230-C91F42501CC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2B2338E-BB33-43E1-AC67-37AA41CC10DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{687BBC9F-A339-454B-AC08-777E19F07CEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20316.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D3F3F30-6045-4192-BD68-A72AA7711218}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9634AF5-5973-4304-9906-7A91EA6F27B5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{8742C865-BB8F-4BFD-A502-BEA09968DA4F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{1488D74D-4D87-4F6D-A319-817C5ACFA41D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{B0C5924D-589B-4F91-B14B-644108B55337}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C49C6DBA-906C-4A9F-B245-B5DBC1D9B5B5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E1F76EF3-59B2-4805-B53A-DA9F947821AD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
==================== Restore Points =========================
29-12-2020 14:15:34 Scheduled Checkpoint
07-01-2021 13:15:01 Scheduled Checkpoint
08-01-2021 14:00:51 BEFORE GTG
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/12/2021 08:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Faulting module name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Exception code: 0xc0000005
Fault offset: 0x0000757a
Faulting process id: 0xd38
Faulting application start time: 0x01d6e8e4abd04681
Faulting application path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Faulting module path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Report Id: 0415b5d6-774f-4d4d-a1ef-69216a75522e
Faulting package full name:
Faulting package-relative application ID:
Error: (01/09/2021 10:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Faulting module name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Exception code: 0xc0000005
Fault offset: 0x0000757a
Faulting process id: 0xce0
Faulting application start time: 0x01d6e7040bdf0f3f
Faulting application path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Faulting module path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Report Id: 4cbb3302-fc85-4800-a65f-0fb022a0308c
Faulting package full name:
Faulting package-relative application ID:
Error: (01/09/2021 06:46:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (01/09/2021 06:41:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (01/09/2021 06:36:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (01/09/2021 05:54:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (01/09/2021 05:06:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (01/08/2021 05:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Loom.exe, version: 0.64.2.4487, time stamp: 0x5fe0dfbb
Faulting module name: ntdll.dll, version: 10.0.19041.662, time stamp: 0x27bfa5f0
Exception code: 0xc0000374
Fault offset: 0x00000000000ff0f9
Faulting process id: 0x2fec
Faulting application start time: 0x01d6e5288a312b90
Faulting application path: C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ea8cd18b-6180-428e-a33f-652a4d2863f7
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/12/2021 08:13:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RelevantKnowledge service terminated unexpectedly. It has done this 1 time(s).
Error: (01/09/2021 10:52:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RelevantKnowledge service terminated unexpectedly. It has done this 1 time(s).
Error: (01/08/2021 10:51:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
Unable to access a key.
Error: (01/08/2021 10:51:29 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
Error: (01/08/2021 02:41:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
Unable to access a key.
Error: (01/08/2021 02:41:30 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
Error: (01/08/2021 09:36:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
Unable to access a key.
Error: (01/08/2021 09:36:11 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
Windows Defender:
===================================
Date: 2021-01-12 08:29:04.5510000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: App:RelevantKnowledge
ID: 269065
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Windows\System32\rlls64.dll; process:_pid:3400,ProcessStart:132543688142688185; service:_RelevantKnowledge
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\pedwa\OneDrive\Desktop\FRST64.exe
Security intelligence Version: AV: 1.329.2075.0, AS: 1.329.2075.0, NIS: 1.329.2075.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-12 08:24:57.8240000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.D8!ml
ID: 2147757787
Severity: Severe
Category: Trojan
Path: file:_C:\Users\pedwa\OneDrive\Desktop\FRST32.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2075.0, AS: 1.329.2075.0, NIS: 1.329.2075.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-11 10:43:06.3640000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AE0FE363-6A42-41F8-AE27-B56D84E98B18}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-09 09:06:06.4410000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {E3C6A59C-1095-4271-8F87-9AF878B56C79}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-08 18:57:18.2400000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {13FAC117-55F2-4B10-AE70-A7787D3D6354}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-02 11:03:37.0000000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1512.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-01-02 11:03:36.9990000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.1512.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===================================
Date: 2020-12-28 06:14:55.1810000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-27 21:58:58.6130000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-27 11:11:27.1790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-26 22:35:18.1430000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-26 21:57:24.8260000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-26 21:52:29.8800000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-26 21:48:22.7260000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-26 18:57:06.7020000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A16 09/09/2013
Motherboard: Dell Inc. 0WR7PY
Processor: Intel® Core i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 16270.45 MB
Available physical RAM: 11594.75 MB
Total Virtual: 18702.45 MB
Available Virtual: 14192.89 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1861.93 GB) (Free:1703.29 GB) NTFS
Drive d: (ADSENSE) (CDROM) (Total:4.38 GB) (Free:4.2 GB) UDF
Drive e: () (Removable) (Total:3.74 GB) (Free:3.26 GB) FAT32
\\?\Volume{c4fe162a-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{c4fe162a-0000-0000-00e8-b891d1010000}\ () (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: C4FE162A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)
==========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================