Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop Dell Win 10 Unable to login to a specific website [Solved]

tech preview

  • This topic is locked This topic is locked

#16
pedwardscpa

pedwardscpa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by pedwa (administrator) on DESKTOP-6N1U1A5 (Dell Inc. OptiPlex 7010) (12-01-2021 08:27:35)
Running from C:\Users\pedwa\OneDrive\Desktop
Loaded Profiles: pedwa
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Link64 GmbH -> Link64 GmbH) C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe <2>
(Loom, Inc. -> ) C:\Users\pedwa\AppData\Local\Programs\Loom\resources\app.asar.unpacked\dist\binaries\loom-recorder-production.exe
(Loom, Inc. -> Loom, Inc.) C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\pedwa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2908888 2014-09-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [Unattend0000000001{4494B480-9AEE-4241-A268-0619C3B4DBFD}] => C:\WINDOWS\system32\devmgmt.msc [145622 2019-12-07] (Microsoft Windows -> )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [6189784 2020-11-22] (Link64 GmbH -> Link64 GmbH)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\Run: [electron.app.Loom] => C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe [126146088 2021-01-11] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [153600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-10-20]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07AA2FEE-02F8-45E0-A10D-D813C7E99344} - System32\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004 => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3314F4F7-7BCF-40B6-B7FE-5C06BA1384D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {688CA085-C8C2-4090-A748-FBED15B84A0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {76CA1601-3D38-4C9A-B11E-44227D170C57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8AC7DCE9-1476-470A-A462-99BEC871BF78} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8DA26406-0E17-4F2E-9C62-B273031ED29D} - System32\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004 => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-17] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {90AFC852-A6AC-4D8C-9728-221E90508AB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-23] (Google LLC -> Google LLC)
Task: {9B60D997-A778-4232-ACED-FDE28110FB8E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {B6ABA98A-78F7-4594-998F-EF2EA6CAF353} - System32\Tasks\Agent Activation Runtime\S-1-5-21-366862209-4135554110-2996454335-1004 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-09] (Microsoft Windows -> )
Task: {D2B36F06-D5EB-4763-A19E-DC543EECA18B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004.job => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004.job => C:\Users\pedwa\AppData\Local\GoToMeeting\19228\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-366862209-4135554110-2996454335-1004] => Proxy is enabled.
ProxyServer: [S-1-5-21-366862209-4135554110-2996454335-1004] => http=127.0.0.1:8082;https=127.0.0.1:8082
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{b4704bda-6fc5-4481-beea-0266af4c9b90}: [DhcpNameServer] 10.0.1.1
ManualProxies: 1http=127.0.0.1:8082;https=127.0.0.1:8082
 
Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pedwa\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-12]
 
FireFox:
========
FF DefaultProfile: 4gtmw0jr.default
FF ProfilePath: C:\Users\pedwa\AppData\Roaming\Mozilla\Firefox\Profiles\4gtmw0jr.default [2020-09-12]
FF ProfilePath: C:\Users\pedwa\AppData\Roaming\Mozilla\Firefox\Profiles\rtgz6m61.default-release [2021-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2020-07-23] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default [2021-01-12]
CHR Notifications: Default -> hxxps://app.gotowebinar.com; hxxps://customer.jvzoo.com; hxxps://dnschecker.org; hxxps://install.searchconverterbox.com; hxxps://myvprepay.verizon.com; hxxps://nypost.com; hxxps://offlinesharks.com; hxxps://web.skype.com; hxxps://whatismyipaddress.com; hxxps://wpforms.com; hxxps://www.crowdcast.io; hxxps://www.facebook.com; hxxps://www.fastquicksearch.com; hxxps://www.isitwp.com; hxxps://www.kansas.com; hxxps://www.loom.com; hxxps://www.monsterinsights.com; hxxps://www.namehero.com; hxxps://www.newsbreak.com; hxxps://www.newsweek.com; hxxps://www.quora.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=110790&tt=3712_5&babsrc=HP_ss&mntrId=ee0ffd770000000000000021296edc84
CHR StartupUrls: Default -> "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020","hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=mnn_ir_17_02&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3Dminio%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyDyE0DtBtA0Czy0EzyyE0BtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyEzz0DyCtBzz0AtGtAtD0F0EtGtByD0DyDtGyDtB0E0DtGzy0A0CyDtBzz0AtBtC0D0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBzz0F0B0F0CyBtGyEtCtD0EtGyEyCyEtAtG0BtCyE0FtG0C0DzztDtC0ByE0AyDtCyDzz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyEyEzy%26cr%3D140861373%26a%3Dmnn_ir_17_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-23]
CHR Extension: (Docs) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-23]
CHR Extension: (Google Drive) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (Campaign Cloner) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkngdbfnacjhejokocclomjbfdahaaem [2021-01-02]
CHR Extension: (YouTube) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-23]
CHR Extension: (TestOnlineSpeed) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdaeipojmgllhdibldbbhfhlepncijng [2020-07-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnacmlpiecdhgkdgeoipkmdbekengck [2020-07-23]
CHR Extension: (PopBlock+) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnefkmcmokiilacdgejmmfgnblcpoca [2020-12-22]
CHR Extension: (IncognitoSearches  Search) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhlcepepdbeaodfgmgajpnakghnfejde [2020-07-23]
CHR Extension: (PackageTracking for Chrome) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dklnibnmfddlaopoeplilgaacloakjka [2020-07-23]
CHR Extension: (Sheets) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-23]
CHR Extension: (Magic Dropship Fulfillment) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkakbppdpakcmkeeaigjgkhjimmmimd [2020-07-23]
CHR Extension: (securyBrowse) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghaojflgonndmkaknkocggkmkbjjbgho [2020-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2021-01-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-11]
CHR Extension: (Newz Finder) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfmkmokccaciopjahpkmfdbkjbhmfp [2020-08-25]
CHR Extension: (Secured Web) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfkdnnflgkgpfeppboogbpabagblabp [2020-08-13]
CHR Extension: (NoTrack - Block Redirection Tracking) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\knjgjcgmkldnfeejjmacjojljgbhcdbf [2020-07-23]
CHR Extension: (Loom for Chrome) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2020-12-11]
CHR Extension: (Video DownloadHelper) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-01-10]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2020-07-23]
CHR Extension: (YouTube SEO Checklist (SEO Ranking Tool)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajddjijmeaibppajnagjiloknomjjp [2020-07-23]
CHR Extension: (JustAnswer It) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkkhgmkdjjdfehkbibfeabhnncdolcah [2021-01-07]
CHR Extension: (Plugins) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcblfncjaclajmegihojiekebofjcen [2020-07-23]
CHR Extension: (multifolder) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfjlfpabnjllhcpgncdmbelnehboeki [2020-07-23]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2020-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Gmail) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\pedwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR Extension: (Instagram Auto Follow) - C:\1 1 JAVA BOTS\javascriptCommissionBotInstagram\javascriptCommissionBotInstagram [2020-08-06]
CHR Extension: (javascript commission bot - Twitter) - C:\1 1 JAVA BOTS\javascriptCommissionBotTwitter\javascriptCommissionBotTwitter [2020-08-06]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3670480 2020-10-20] (philandro Software GmbH -> philandro Software GmbH)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [170352 2020-04-09] (TMRG, Inc. -> TMRG, Inc.) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cpuz149; C:\Users\pedwa\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2021-01-08] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-12 08:26 - 2021-01-12 08:28 - 000000000 ____D C:\FRST
2021-01-08 21:51 - 2021-01-08 21:51 - 000000000 ____D C:\Users\pedwa\AppData\Local\AAR
2021-01-08 18:48 - 2021-01-08 18:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-08 09:31 - 2021-01-08 09:31 - 000310585 _____ C:\Users\pedwa\OneDrive\Documents\Speccy report - DESKTOP-6N1U1A5.pdf
2021-01-08 09:28 - 2021-01-08 22:51 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-01-08 09:28 - 2021-01-08 22:51 - 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk
2021-01-08 09:28 - 2021-01-08 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-01-08 09:28 - 2021-01-08 09:28 - 000000000 ____D C:\Program Files\Speccy
2021-01-07 08:46 - 2021-01-09 22:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-06 15:58 - 2021-01-06 15:58 - 000025688 _____ C:\Users\pedwa\Downloads\premiumlogo.zip
2021-01-06 15:57 - 2021-01-06 15:57 - 000025688 _____ C:\Users\pedwa\Downloads\18291595 (2).zip
2021-01-06 15:57 - 2021-01-06 15:57 - 000025688 _____ C:\Users\pedwa\Downloads\18291595 (1).zip
2021-01-06 15:56 - 2021-01-06 15:56 - 000025688 _____ C:\Users\pedwa\Downloads\18291595.zip
2021-01-06 00:05 - 2021-01-06 00:21 - 000000000 ____D C:\1 1 Courserious
2021-01-05 21:36 - 2021-01-05 21:47 - 000000000 ____D C:\1 1 BLING BUNDLE
2021-01-05 12:57 - 2021-01-09 10:40 - 000000000 ____D C:\1 1 MAILVIO
2021-01-05 12:51 - 2021-01-05 21:31 - 000000000 ____D C:\1 1 BINSTA
2021-01-02 12:14 - 2021-01-02 12:14 - 000000000 ____D C:\1 1 MEETVIO WEBINARS
2021-01-01 14:45 - 2021-01-03 23:32 - 000000000 ____D C:\1 1 FUNNELVIO
2020-12-29 04:29 - 2020-12-29 04:29 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-12-27 20:02 - 2020-12-27 20:02 - 000000000 ____D C:\Users\pedwa\AppData\Local\GoTo Opener
2020-12-27 01:18 - 2020-12-27 01:19 - 000000000 ____D C:\1 1 PHOTOS
2020-12-26 23:13 - 2020-12-26 23:13 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (8).zip
2020-12-26 23:12 - 2020-12-26 23:12 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (7).zip
2020-12-26 23:02 - 2020-12-26 23:02 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (6).zip
2020-12-26 22:57 - 2020-12-26 22:57 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (5).zip
2020-12-26 22:55 - 2020-12-26 22:55 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (4).zip
2020-12-26 22:43 - 2020-12-26 22:45 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034327Z-001.zip
2020-12-26 22:42 - 2020-12-26 22:44 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034205Z-001.zip
2020-12-26 22:41 - 2020-12-26 22:42 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T034052Z-001.zip
2020-12-26 22:33 - 2020-12-26 22:34 - 014259356 _____ C:\Users\pedwa\Downloads\Lead Gen Theme (Website Client System)-20201227T033310Z-001.zip
2020-12-26 22:30 - 2020-12-26 22:30 - 000072935 _____ C:\Users\pedwa\Downloads\leadgenchildtheme (2).zip
2020-12-26 22:29 - 2020-12-26 22:29 - 000072935 _____ C:\Users\pedwa\Downloads\leadgenchildtheme (1).zip
2020-12-26 22:24 - 2020-12-26 22:27 - 000000000 ____D C:\1 1 LEAD GEN THEME
2020-12-26 21:41 - 2020-12-26 21:41 - 000000000 ____D C:\Users\pedwa\OneDrive\Documents\leadgentheme (3)
2020-12-26 21:40 - 2020-12-26 21:40 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (3).zip
2020-12-26 21:37 - 2020-12-26 21:37 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (2).zip
2020-12-26 21:36 - 2020-12-26 21:36 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme (1).zip
2020-12-26 21:35 - 2020-12-26 21:35 - 014144679 _____ C:\Users\pedwa\Downloads\leadgentheme.zip
2020-12-26 21:16 - 2020-12-26 21:17 - 005802393 _____ C:\Users\pedwa\Downloads\Community-Resource-theme.zip
2020-12-26 12:37 - 2020-12-26 12:37 - 000000000 ____D C:\1 1 PROFIT MAIL
2020-12-26 10:14 - 2021-01-05 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2020-12-26 09:41 - 2020-12-26 09:41 - 000000000 _____ C:\WINDOWS\system32\Restoro.rep
2020-12-26 09:28 - 2020-12-26 09:28 - 002670815 _____ C:\Users\pedwa\Downloads\Autoruns.zip
2020-12-26 09:18 - 2020-12-26 09:18 - 000022808 _____ C:\WINDOWS\system32\Native.exe
2020-12-26 09:04 - 2020-12-26 18:49 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue Applet
2020-12-26 09:04 - 2020-12-26 09:59 - 000000000 ____D C:\Users\pedwa\AppData\Local\LogMeIn Rescue Applet
2020-12-26 09:04 - 2020-12-26 09:04 - 000002325 _____ C:\Users\pedwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Log Me In Rescue 123.lnk
2020-12-26 08:43 - 2020-12-28 10:27 - 000000167 _____ C:\WINDOWS\restoro.ini
2020-12-22 01:15 - 2021-01-05 20:11 - 000000000 ____D C:\Program Files (x86)\RelevantKnowledge
2020-12-22 01:10 - 2020-12-22 01:11 - 000000000 ____D C:\Program Files (x86)\BrowserEngine
2020-12-22 01:06 - 2020-12-22 01:07 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\HolcusTopicalSoft
2020-12-22 00:31 - 2020-12-22 00:31 - 000000000 ____D C:\New folder
2020-12-21 22:31 - 2020-12-22 15:48 - 000000000 ____D C:\1 1 SUPER AFFILIATE SYSTEM
2020-12-20 03:15 - 2020-12-26 22:40 - 000000000 ____D C:\ProgramData\WinZip
2020-12-20 03:12 - 2020-12-20 03:12 - 000000000 ____D C:\ProgramData\UniqueId
2020-12-20 03:10 - 2020-12-20 03:11 - 000000000 ____D C:\1 1 WINZIP
2020-12-19 00:57 - 2020-12-19 00:57 - 000089644 _____ C:\Users\pedwa\OneDrive\Documents\LAWYER ALL.csv
2020-12-19 00:57 - 2020-12-19 00:57 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\java
2020-12-18 23:26 - 2020-12-19 00:58 - 000000000 ____D C:\Users\pedwa\.junique
2020-12-18 23:26 - 2020-12-18 23:26 - 000000000 ____D C:\Users\pedwa\Soci Spy
2020-12-18 23:26 - 2020-12-18 23:26 - 000000000 ____D C:\Users\pedwa\AppData\LocalLow\Ephox
2020-12-18 23:15 - 2020-12-18 23:15 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-18 23:15 - 2020-12-18 23:15 - 000000000 ____D C:\Program Files\Java
2020-12-18 09:27 - 2021-01-03 20:13 - 000000000 ____D C:\1 1 VIDEO 360
2020-12-15 23:03 - 2020-12-20 20:41 - 000000000 ____D C:\1 1 PROFIT PAGE
2020-12-14 01:06 - 2020-12-18 23:53 - 000000000 ____D C:\1 1 ONLINE REVENUE SYSTEM
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-12 08:24 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-12 08:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-12 08:19 - 2020-11-27 12:44 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-12 08:19 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-12 08:15 - 2020-09-16 14:18 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Loom
2021-01-12 08:15 - 2020-07-23 08:53 - 000000000 ___RD C:\Users\pedwa\OneDrive
2021-01-12 08:13 - 2020-11-27 12:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-12 08:13 - 2020-11-27 12:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-12 08:13 - 2020-07-23 08:50 - 000000000 __SHD C:\Users\pedwa\IntelGraphicsProfiles
2021-01-12 08:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-12 08:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-12 08:12 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-12 07:21 - 2020-11-27 12:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-12 04:25 - 2020-11-27 12:47 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E4BCC18B-0115-4760-BCE2-E567C14559FA}
2021-01-12 01:23 - 2020-07-23 10:10 - 000000000 ____D C:\1 1 ACASH
2021-01-12 00:46 - 2020-09-10 09:47 - 000000000 ____D C:\Users\pedwa\AppData\LocalLow\Mozilla
2021-01-12 00:43 - 2020-09-10 09:47 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-11 22:49 - 2020-11-28 04:14 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c4e47f2e740b
2021-01-11 22:49 - 2020-11-27 12:47 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-11 14:42 - 2020-07-23 09:27 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 14:42 - 2020-07-23 09:27 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-11 14:42 - 2020-07-23 09:27 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-10 17:52 - 2020-11-22 13:15 - 000000000 ____D C:\1 1 H-EDUCATE
2021-01-09 22:52 - 2020-09-10 09:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-09 10:51 - 2020-07-27 02:11 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-09 10:51 - 2020-07-27 02:11 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-09 10:51 - 2020-07-27 02:11 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-08 18:48 - 2020-09-10 09:47 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 11:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-06 01:43 - 2020-10-02 04:07 - 000000000 ____D C:\1 1 LOGOS
2021-01-05 13:53 - 2020-08-30 12:00 - 000000000 ____D C:\1 1 AMM AGENCY MEMBERSHIP
2021-01-05 09:07 - 2020-07-23 23:17 - 000000000 ____D C:\1 1 PAT
2021-01-03 23:25 - 2020-11-27 12:34 - 000000000 ____D C:\Users\pedwa
2020-12-29 14:15 - 2020-07-26 09:40 - 000000000 ____D C:\Users\pedwa\AppData\Local\ElevatedDiagnostics
2020-12-29 04:29 - 2020-09-30 09:35 - 000000000 ____D C:\Users\pedwa\AppData\Roaming\Zoom
2020-12-28 14:16 - 2020-11-27 07:20 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-27 23:03 - 2020-07-23 23:15 - 000000000 ____D C:\1 1 AgencyGrowthMachine OFFLINE SHARKS
2020-12-26 21:18 - 2019-07-06 08:11 - 000000000 ____D C:\Users\pedwa\Downloads\directorytheme
2020-12-26 08:41 - 2020-07-23 08:50 - 000000000 ____D C:\Users\pedwa\AppData\Local\Packages
2020-12-25 14:54 - 2020-09-24 18:47 - 000000000 ____D C:\1 1 PROFIT HOST
2020-12-18 23:15 - 2020-09-09 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-17 22:33 - 2020-07-25 09:56 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004.job
2020-12-17 22:33 - 2020-07-25 09:56 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004.job
2020-12-17 18:09 - 2020-11-27 12:47 - 000003834 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-366862209-4135554110-2996454335-1004
2020-12-17 18:09 - 2020-11-27 12:47 - 000003738 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-366862209-4135554110-2996454335-1004
2020-12-17 18:09 - 2020-07-25 09:56 - 000000000 ____D C:\Users\pedwa\AppData\Local\GoToMeeting
2020-12-13 21:39 - 2020-07-28 08:06 - 000000000 ____D C:\1 1 CONTENT GORILLA
 
==================== Files in the root of some directories ========
 
2020-07-30 01:32 - 2020-07-30 01:32 - 001295576 _____ (Google LLC) C:\Users\pedwa\ChromeSetup.exe
2020-09-09 09:23 - 2020-09-09 09:23 - 002083464 _____ (Oracle Corporation) C:\Users\pedwa\JavaSetup8u261.exe
2020-09-09 09:27 - 2020-09-09 09:28 - 069999448 _____ (Microsoft Corporation) C:\Users\pedwa\NDP452-KB2901907-x86-x64-AllOS-ENU 4.5.2.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
=========================================================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by pedwa (12-01-2021 08:29:49)
Running from C:\Users\pedwa\OneDrive\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-11-27 17:48:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-366862209-4135554110-2996454335-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-366862209-4135554110-2996454335-503 - Limited - Disabled)
Guest (S-1-5-21-366862209-4135554110-2996454335-501 - Limited - Disabled)
pedwa (S-1-5-21-366862209-4135554110-2996454335-1004 - Administrator - Enabled) => C:\Users\pedwa
WDAGUtilityAccount (S-1-5-21-366862209-4135554110-2996454335-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.0.8 - philandro Software GmbH)
Blackmagic RAW Common Components (HKLM\...\{C569CAEE-D0BF-45DE-833E-E97988B5CB8B}) (Version: 1.8 - Blackmagic Design)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
DaVinci Resolve (HKLM\...\{F576A1B2-04B7-4946-9544-E98EBB6B5288}) (Version: 16.2.5015 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Job Finder 5.1.0.0 (HKLM\...\{862DC5FB-A869-4EB7-905B-C99DCC0976A1}) (Version: 5.1.0 - Mustapha Ajarmou)
Loom 0.57.0 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\{3643b966-bc28-5bc8-95ff-3d47d66438db}) (Version: 0.57.0 - Loom, Inc.)
Loom 0.64.4 (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.64.4 - Loom, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.65 - )
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5985 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VideoDownloaderUltimate (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.161 - Link64)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-366862209-4135554110-2996454335-1004\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.44.0_x64__pwbj9vvecjh7j [2021-01-12] (Amazon Development Centre (London) Ltd)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.8.12113.0_x64__8wekyb3d8bbwe [2021-01-08] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13530.20316.0_x86__8wekyb3d8bbwe [2021-01-08] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-08] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-366862209-4135554110-2996454335-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-366862209-4135554110-2996454335-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\pedwa\AppData\Local\GoToMeeting\18962\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-09 23:53 - 2021-01-11 17:18 - 002824192 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\ffmpeg.dll
2021-01-09 23:53 - 2021-01-11 17:18 - 000449024 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\libegl.dll
2021-01-09 23:53 - 2021-01-11 17:18 - 007620096 _____ () [File not signed] C:\Users\pedwa\AppData\Local\Programs\Loom\libglesv2.dll
2020-07-28 15:46 - 2005-04-21 23:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2020-07-28 15:46 - 2013-03-08 01:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-366862209-4135554110-2996454335-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2020-09-19 15:13 - 2020-09-19 15:13 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-366862209-4135554110-2996454335-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{257166B6-6C76-4D02-98A6-3C4F1ACE75D3}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{778444A4-CCF9-45E5-829D-5E995DE66EE4}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7857232-D6DA-4816-AC31-0791110F4B82}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E6278A66-F321-40AD-B9C9-9F81F5EC82C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B6CA5707-AFF6-4150-9821-B751E16340CE}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Allow) C:\program files (x86)\relevantknowledge\rlvknlg.exe => No File
FirewallRules: [UDP Query User{77EBF881-635F-4620-ACAB-7CCC712FEF9D}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => (Allow) C:\program files (x86)\relevantknowledge\rlvknlg.exe => No File
FirewallRules: [TCP Query User{1ADAEA29-9563-42E2-8597-AFE4F705FE58}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{302E6828-D761-4015-ABA0-9CD974D78ED2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8D1E3EBD-E443-429A-9594-25B858A20C74}C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{7CA80FFA-DB33-44C1-908A-9231894A2A79}C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\pedwa\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CF0ACFB7-34FF-439E-A5C2-AEA8CFE1787D}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{732A9D88-DF8F-4667-9755-623FC6C91454}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D60193DA-B8AE-41F1-B012-D01C395A410A}] => (Allow) C:\Users\pedwa\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{9323E77F-5818-4C4E-AF1C-AD9D4B124A75}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CEB02643-000C-482F-930E-9A1486A71314}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{672D7212-572A-4DCC-BC88-ADECEF533E32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64A8587B-750C-4A62-87D6-C87CFFF6A70C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{776D49FD-42FB-4F86-8230-C91F42501CC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2B2338E-BB33-43E1-AC67-37AA41CC10DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{687BBC9F-A339-454B-AC08-777E19F07CEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20316.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D3F3F30-6045-4192-BD68-A72AA7711218}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9634AF5-5973-4304-9906-7A91EA6F27B5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{8742C865-BB8F-4BFD-A502-BEA09968DA4F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{1488D74D-4D87-4F6D-A319-817C5ACFA41D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{B0C5924D-589B-4F91-B14B-644108B55337}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C49C6DBA-906C-4A9F-B245-B5DBC1D9B5B5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E1F76EF3-59B2-4805-B53A-DA9F947821AD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
29-12-2020 14:15:34 Scheduled Checkpoint
07-01-2021 13:15:01 Scheduled Checkpoint
08-01-2021 14:00:51 BEFORE GTG
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (01/12/2021 08:13:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Faulting module name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Exception code: 0xc0000005
Fault offset: 0x0000757a
Faulting process id: 0xd38
Faulting application start time: 0x01d6e8e4abd04681
Faulting application path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Faulting module path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Report Id: 0415b5d6-774f-4d4d-a1ef-69216a75522e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/09/2021 10:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Faulting module name: rlservice.exe, version: 1.1.24.120, time stamp: 0x5e8fa842
Exception code: 0xc0000005
Fault offset: 0x0000757a
Faulting process id: 0xce0
Faulting application start time: 0x01d6e7040bdf0f3f
Faulting application path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Faulting module path: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
Report Id: 4cbb3302-fc85-4800-a65f-0fb022a0308c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/09/2021 06:46:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/09/2021 06:41:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/09/2021 06:36:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/09/2021 05:54:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/09/2021 05:06:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (01/08/2021 05:09:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Loom.exe, version: 0.64.2.4487, time stamp: 0x5fe0dfbb
Faulting module name: ntdll.dll, version: 10.0.19041.662, time stamp: 0x27bfa5f0
Exception code: 0xc0000374
Fault offset: 0x00000000000ff0f9
Faulting process id: 0x2fec
Faulting application start time: 0x01d6e5288a312b90
Faulting application path: C:\Users\pedwa\AppData\Local\Programs\Loom\Loom.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ea8cd18b-6180-428e-a33f-652a4d2863f7
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/12/2021 08:13:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RelevantKnowledge service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/09/2021 10:52:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RelevantKnowledge service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/08/2021 10:51:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
Unable to access a key.
 
Error: (01/08/2021 10:51:29 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (01/08/2021 02:41:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
Unable to access a key.
 
Error: (01/08/2021 02:41:30 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (01/08/2021 09:36:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
Unable to access a key.
 
Error: (01/08/2021 09:36:11 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
 
Windows Defender:
===================================
Date: 2021-01-12 08:29:04.5510000Z
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: App:RelevantKnowledge
ID: 269065
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Program Files (x86)\RelevantKnowledge\rlservice.exe; file:_C:\Windows\System32\rlls64.dll; process:_pid:3400,ProcessStart:132543688142688185; service:_RelevantKnowledge
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\pedwa\OneDrive\Desktop\FRST64.exe
Security intelligence Version: AV: 1.329.2075.0, AS: 1.329.2075.0, NIS: 1.329.2075.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
 
Date: 2021-01-12 08:24:57.8240000Z
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.D8!ml
ID: 2147757787
Severity: Severe
Category: Trojan
Path: file:_C:\Users\pedwa\OneDrive\Desktop\FRST32.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2075.0, AS: 1.329.2075.0, NIS: 1.329.2075.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
 
Date: 2021-01-11 10:43:06.3640000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {AE0FE363-6A42-41F8-AE27-B56D84E98B18}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-09 09:06:06.4410000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {E3C6A59C-1095-4271-8F87-9AF878B56C79}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-08 18:57:18.2400000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {13FAC117-55F2-4B10-AE70-A7787D3D6354}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-01-02 11:03:37.0000000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1512.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2021-01-02 11:03:36.9990000Z
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.329.1512.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===================================
 
Date: 2020-12-28 06:14:55.1810000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-27 21:58:58.6130000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-27 11:11:27.1790000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-26 22:35:18.1430000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-26 21:57:24.8260000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-26 21:52:29.8800000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-26 21:48:22.7260000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-12-26 18:57:06.7020000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A16 09/09/2013
Motherboard: Dell Inc. 0WR7PY
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 16270.45 MB
Available physical RAM: 11594.75 MB
Total Virtual: 18702.45 MB
Available Virtual: 14192.89 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1861.93 GB) (Free:1703.29 GB) NTFS
Drive d: (ADSENSE) (CDROM) (Total:4.38 GB) (Free:4.2 GB) UDF
Drive e: () (Removable) (Total:3.74 GB) (Free:3.26 GB) FAT32
 
\\?\Volume{c4fe162a-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{c4fe162a-0000-0000-00e8-b891d1010000}\ () (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: C4FE162A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1861.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)
 
==========================================================
Disk: 1 (Protective MBR) (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements


#17
pedwardscpa

pedwardscpa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Forgot to pause windows defender.  Let me know if I need to run these again?


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,473 posts
  • MVP

If Windows Defender didn't eat FRST then everything is OK.

I think I see the problem:

ProxyEnable: [S-1-5-21-366862209-4135554110-2996454335-1004] => Proxy is enabled.
ProxyServer: [S-1-5-21-366862209-4135554110-2996454335-1004] => http=127.0.0.1:8082;https=127.0.0.1:8082
 
You have a proxy enabled.  That means that instead of going directly to the URL it has to be processed first by some program running on your PC.  Research suggests that Video Downloader Ultimate is the source of the proxy.
 
See:
 
Their solution:

the proxy is installed and used by Video Downloader Ultimate (VDU).
But it will be activated only, if VDU is running. If you close VDU, the proxy will be deactivated and the default settings restored again. This is needed to scan the websites for the video URLs.

I would suggest, that you run VDU only in cases if you want to download videos.
In all other cases, like working or gaming, close VDU.
You can change the start-up behaviour in the settings dialog of Video Downloader Ultimate. Just click the cogwheel icon in the menu to open the settings.
 

 

 
Reboot afterward.  May need to remove the proxy manually or we can let FRST remove it.

  • 0

#19
pedwardscpa

pedwardscpa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

RKInner. Congratulations on your sharp eye and recommended solution. For Ultimate Video Downloaded I changed the settings from automatic to manual activation, rebooted and now can login to my site.

Thank you very much for your help and knowledge. You are a Star. Have a great day. Thanks again for your help.

 

You can mark this one as resolved.


Edited by pedwardscpa, 12 January 2021 - 09:18 AM.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,473 posts
  • MVP

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: tech preview

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP