Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my chrome browser has been infected with pop ups [Closed]


  • This topic is locked This topic is locked

#1
jbr199

jbr199

    New Member

  • Member
  • Pip
  • 5 posts

if anyone would help, I will be most grateful.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2021
Ran by jonny (administrator) on LAPTOP-NP27E90N (HP HP Pavilion Notebook) (14-03-2021 09:34:21)
Running from C:\Users\jonny\Downloads
Loaded Profiles: jonny
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United Kingdom)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Application\chrome.exe <3>
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\csp\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(ZOODOTNET LIMITED -> ) C:\Users\jonny\AppData\Local\MyEss\MyEss.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270776 2019-03-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-27] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\Run: [Gaijin.Net Updater] => C:\Users\jonny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2350824 2020-09-14] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\Run: [MyEss] => C:\Users\jonny\AppData\Local\MyEss\MyEss.exe [602160 2020-05-15] (ZOODOTNET LIMITED -> )
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\Run: [GoogleChrome] => "C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Application\chrome.exe"

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C272DC-E64B-4EC3-85B0-C28600AEC3DA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {06C9526C-DC6A-4F48-92E7-98744BC3B665} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0AF9A3C2-10EF-4FFD-8B7B-26090D23FB2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {0BCAE0E4-CAD4-4597-91A8-856D992074C3} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {0BFD65FB-3EB9-4C9E-B237-D9FACEDA378A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {120C039C-DDC0-4060-8157-1C195EE3BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1057648 2017-09-27] (HP Inc. -> HP Inc.)
Task: {19F98958-C74C-400F-A9F6-BA085A9757B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)
Task: {1E122EE6-9373-4466-BC9F-78AE19F1717F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4676920 2021-01-07] (McAfee, LLC -> McAfee, LLC)
Task: {308A737D-DAF0-4FED-BDB9-CEB4A599D92B} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {34073631-CAD8-495F-9F3B-F31FF0C62145} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3445E740-D70E-4813-BB2A-828676A1786B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [216432 2017-09-27] (HP Inc. -> HP Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {3F580FFE-D1EE-4B9E-8CDC-1318389F05FB} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {40EAB164-11CF-4A8E-B22C-852579EFE665} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {49D8972D-5354-439F-BA40-3A6EF757CCD7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5BAB8B8C-3BC6-4A25-8C75-867F35E920D4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {60178100-E073-4D3D-B31A-63E5029AF636} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {618D0001-22B0-4252-98BC-0C88617D08B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {659B27F0-D667-4C53-A140-F92D314CF31F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {65A0C1E1-2685-4509-AFEA-A0F77111CB5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1057648 2017-09-27] (HP Inc. -> HP Inc.)
Task: {707C46FB-BF09-4F5C-B44B-E4E761727DF1} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {796E29A9-54C0-4A34-9894-9B4B4174B101} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-08-09] (McAfee, LLC. -> McAfee, LLC.)
Task: {804A8297-A881-4EEE-9AB2-A841A6235C27} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC)
Task: {9EF6938F-31B2-4B4A-8BAB-42E79095DDAB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7D6A4C0-50EE-4922-8246-2A72F314EFDB} - System32\Tasks\HPCeeScheduleForjonny => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {AB0C06D0-1538-435B-BCDA-F58211F3D9B6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B42ECC47-730B-4786-889A-12E91E5438C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [119664 2017-09-27] (HP Inc. -> HP Inc.)
Task: {BBF10AA4-F137-428A-8BF7-6067EC1E4B0E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C49121A4-CB06-4891-9C8D-75D76ABC5446} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C643BFF2-8F69-4D96-87F0-0A4555C1D6A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {CB28C1EF-FC23-4EF0-A038-C6811007EED5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D04D82D3-930A-44A2-A2CB-2E5BAB94A6B3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F22243F3-3166-4EF3-B2C4-8CF65CBEF481} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1359728 2017-10-25] (HP Inc. -> HP Development Company, L.P.)
Task: {FE224BD3-E9FD-4E8C-A679-2563483B395C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-25] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForjonny.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{80fcc14c-1ea0-4df1-8e24-88c36c4fe58d}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{b3378355-6d25-4fae-809e-8b42daf97730}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
DownloadDir: C:\Users\jonny\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3938178760-3216329319-1005203919-1001 -> hxxps://www.google.co.uk/
Edge DefaultProfile: Default
Edge Profile: C:\Users\jonny\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-14]
Edge DownloadDir: C:\Users\jonny\Downloads
Edge HomePage: Default -> hxxps://www.google.co.uk/
Edge StartupUrls: Default -> "hxxps://www.google.co.uk/"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{google:assistedQueryStats}

FireFox:
========
FF DefaultProfile: bmn2tn4j.default
FF ProfilePath: C:\Users\jonny\AppData\Roaming\Mozilla\Firefox\Profiles\bmn2tn4j.default [2021-02-14]
FF ProfilePath: C:\Users\jonny\AppData\Roaming\Mozilla\Firefox\Profiles\mjptuvsk.default-release [2021-03-14]
FF Extension: (AdGuard AdBlocker) - C:\Users\jonny\AppData\Roaming\Mozilla\Firefox\Profiles\mjptuvsk.default-release\Extensions\[email protected] [2021-03-12]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-08-23] (McAfee, LLC. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2020-12-27] (Adobe Systems Incorporated -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-08-23] (McAfee, LLC. -> )

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default [2021-03-14]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.wayfair.co.uk
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://google/"
CHR NewTab: Default ->  Not-active:"chrome-extension://pficgmfbdeigbbebkioddginbcckjeof/index.html", Not-active:"chrome-extension://ammedmhjkobkdljgdngfmkkdcgldommf/ntp.html"
CHR Extension: (Slides) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-07]
CHR Extension: (AllInOneDocs) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammedmhjkobkdljgdngfmkkdcgldommf [2020-07-17]
CHR Extension: (Docs) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-07]
CHR Extension: (Google Drive) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-07]
CHR Extension: (Sheets) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Web) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficgmfbdeigbbebkioddginbcckjeof [2020-01-18]
CHR Extension: (Gmail) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-28]
CHR Extension: (MIm6OVfNUAQA5FjvfAySS1sPPd7GakZNabcextsn) - C:\Users\jonny\AppData\Local\Google\Chrome\User Data [2021-03-14]
CHR Profile: C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-10-01]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-11] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2018-08-02] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747384 2019-08-23] (McAfee, LLC. -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2017-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1720032 2019-08-09] (McAfee, LLC -> McAfee, LLC.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1362400 2019-08-09] (McAfee, LLC. -> McAfee, Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1738368 2020-04-25] (Rockstar Games, Inc. -> Rockstar Games)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1640240 2020-10-05] (WildTangent Inc -> )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [564584 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108904 2019-07-21] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 MpKsl94cf74f5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD261540-189D-45BE-87FF-66E178D90B19}\MpKslDrv.sys [90360 2021-03-13] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 MpKsla41e512c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{154E5F46-6DD3-4513-845F-AC7D26B9E55D}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 09:34 - 2021-03-14 09:36 - 000026259 _____ C:\Users\jonny\Downloads\FRST.txt
2021-03-14 09:33 - 2021-03-14 09:36 - 000000000 ____D C:\FRST
2021-03-14 09:27 - 2021-03-14 09:27 - 002300928 _____ (Farbar) C:\Users\jonny\Downloads\FRST64(1).exe
2021-03-14 09:26 - 2021-03-14 09:26 - 002300928 _____ (Farbar) C:\Users\jonny\Downloads\FRST64.exe
2021-03-13 21:21 - 2021-03-13 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-03-12 21:28 - 2021-03-12 21:28 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 21:27 - 2021-03-12 21:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 21:27 - 2021-03-12 21:27 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 21:27 - 2021-03-12 21:27 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 21:26 - 2021-03-12 21:26 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 21:26 - 2021-03-12 21:26 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 21:26 - 2021-03-12 21:26 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 21:26 - 2021-03-12 21:26 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-12 21:25 - 2021-03-12 21:25 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-12 21:25 - 2021-03-12 21:25 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 21:25 - 2021-03-12 21:25 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-06 21:26 - 2021-03-06 21:29 - 002592124 _____ C:\WINDOWS\Minidump\030621-49109-01.dmp
2021-03-06 15:36 - 2021-03-06 15:44 - 002720412 _____ C:\WINDOWS\Minidump\030621-57359-01.dmp
2021-03-05 17:26 - 2021-03-05 17:47 - 002757484 _____ C:\WINDOWS\Minidump\030521-48671-01.dmp
2021-02-26 16:53 - 2021-02-26 16:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-25 22:13 - 2021-03-14 09:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-24 22:19 - 2021-02-24 22:29 - 002037844 _____ C:\WINDOWS\Minidump\022421-111359-01.dmp
2021-02-24 22:06 - 2021-02-24 22:06 - 000000000 _____ C:\WINDOWS\Minidump\022421-97640-01.dmp
2021-02-24 19:14 - 2021-03-13 21:13 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjonny.job
2021-02-24 19:14 - 2021-03-13 01:13 - 000003256 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForjonny
2021-02-22 10:39 - 2021-01-14 08:04 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-02-22 10:39 - 2021-01-14 08:04 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-02-22 10:39 - 2021-01-14 08:04 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-02-22 10:39 - 2021-01-14 08:04 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-02-22 10:39 - 2021-01-14 08:04 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-02-22 10:39 - 2021-01-14 08:04 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-02-22 10:39 - 2021-01-14 08:04 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-02-22 10:39 - 2021-01-14 08:04 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-02-22 10:39 - 2021-01-14 08:04 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-02-22 10:39 - 2021-01-14 08:04 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-02-22 10:39 - 2021-01-14 08:02 - 000047248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 006858992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445763.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 001484184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445763.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-02-22 10:39 - 2021-01-14 08:01 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-02-22 10:39 - 2021-01-14 07:59 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-02-14 09:35 - 2021-03-13 21:22 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-14 09:35 - 2021-03-13 21:21 - 000000000 ____D C:\Users\jonny\AppData\LocalLow\Mozilla
2021-02-14 09:35 - 2021-02-27 11:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-14 09:35 - 2021-02-26 16:53 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-14 09:35 - 2021-02-14 09:35 - 000001000 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-02-14 09:35 - 2021-02-14 09:35 - 000000000 ____D C:\Users\jonny\AppData\Roaming\Mozilla
2021-02-14 09:35 - 2021-02-14 09:35 - 000000000 ____D C:\Users\jonny\AppData\Local\Mozilla
2021-02-14 09:34 - 2021-02-14 09:34 - 000332960 _____ (Mozilla) C:\Users\jonny\Downloads\Firefox Installer.exe
2021-02-13 21:43 - 2021-02-13 21:43 - 000002435 _____ C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Google Chrome.lnk
2021-02-13 21:43 - 2021-02-13 21:43 - 000002433 _____ C:\Users\jonny\Desktop\Google Chrome.lnk
2021-02-13 21:43 - 2021-02-13 21:43 - 000000000 ____D C:\Users\jonny\AppData\Roaming\Google
2021-02-12 19:46 - 2021-03-06 21:26 - 1269879230 _____ C:\WINDOWS\MEMORY.DMP

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-14 09:37 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-14 09:10 - 2019-08-07 08:49 - 000000000 ____D C:\Program Files (x86)\Google
2021-03-14 09:01 - 2020-11-06 00:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-14 03:51 - 2020-11-06 01:19 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D127C88F-4964-416F-B4AB-8F1FA0CBD1D0}
2021-03-13 21:29 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-13 21:17 - 2018-12-12 05:11 - 000000000 ____D C:\ProgramData\NVIDIA
2021-03-13 21:15 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-03-13 21:15 - 2019-08-06 17:31 - 000000000 __SHD C:\Users\jonny\IntelGraphicsProfiles
2021-03-13 21:14 - 2020-11-06 00:59 - 000000000 ____D C:\Users\jonny
2021-03-13 21:13 - 2020-11-06 01:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-13 21:13 - 2020-11-06 00:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-13 00:34 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-13 00:32 - 2020-11-06 00:52 - 000346864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-13 00:29 - 2019-12-07 09:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-13 00:28 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-12 23:55 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-12 21:35 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-12 20:45 - 2020-05-22 18:39 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-12 20:19 - 2019-12-07 09:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-11 00:16 - 2019-08-07 08:34 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-11 00:16 - 2019-08-07 08:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-07 11:14 - 2019-08-06 17:36 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-06 21:29 - 2020-11-15 12:14 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-06 21:25 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-06 11:11 - 2018-04-28 06:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-04 20:42 - 2020-11-06 01:26 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b3d93becedbf
2021-03-04 20:42 - 2020-11-06 01:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-28 13:59 - 2021-01-24 17:32 - 000000000 ____D C:\Users\jonny\AppData\Roaming\Grand Ages Rome
2021-02-27 11:22 - 2019-08-06 17:31 - 000000000 ____D C:\Users\jonny\AppData\Local\Packages
2021-02-27 09:03 - 2020-11-06 01:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3938178760-3216329319-1005203919-1001
2021-02-27 09:03 - 2020-11-06 00:59 - 000002374 _____ C:\Users\jonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-27 09:03 - 2019-08-06 17:38 - 000000000 ___RD C:\Users\jonny\OneDrive
2021-02-24 22:15 - 2021-02-10 20:15 - 000000000 ____D C:\Users\jonny\AppData\Local\EasyScreen
2021-02-23 20:12 - 2019-08-06 18:36 - 000000000 ____D C:\Users\jonny\AppData\Local\D3DSCache
2021-02-23 18:21 - 2018-12-12 05:26 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-02-22 10:42 - 2018-12-12 05:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-22 10:42 - 2018-12-12 05:09 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-19 22:47 - 2020-09-30 16:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-15 20:40 - 2020-11-06 01:19 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-02-14 08:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-13 21:50 - 2019-08-07 08:49 - 000000000 ____D C:\Users\jonny\AppData\Local\Google
2021-02-12 18:26 - 2020-11-06 01:11 - 000936818 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories ========

2020-09-13 07:58 - 2020-09-13 07:58 - 000007602 _____ () C:\Users\jonny\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2021
Ran by jonny (14-03-2021 09:38:44)
Running from C:\Users\jonny\Downloads
Windows 10 Home Version 2004 19041.867 (X64) (2020-11-06 01:21:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3938178760-3216329319-1005203919-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3938178760-3216329319-1005203919-503 - Limited - Disabled)
Guest (S-1-5-21-3938178760-3216329319-1005203919-501 - Limited - Disabled)
jonny (S-1-5-21-3938178760-3216329319-1005203919-1001 - Administrator - Enabled) => C:\Users\jonny
WDAGUtilityAccount (S-1-5-21-3938178760-3216329319-1005203919-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: McAfee VirusScan (Enabled - Up to date) {2624E002-54CC-27F9-FD39-B2DD14D41191}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
FW: McAfee Firewall (Disabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
FXCM Trading Station Desktop (HKLM-x32\...\FXTS2) (Version:  - Forex Capital Markets, LLC ("FXCM LLC"))
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{10F0BF3E-DBDB-422A-8C12-B4D46711D7C8}) (Version: 2.22.2 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10208.5644 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.1.1020 - Intel Corporation)
Litecoin Core (64-bit) (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\Litecoin Core (64-bit)) (Version: 0.17.1 - Litecoin Core project)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R21 - McAfee, LLC.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 86.0 (x64 en-GB)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0.2 - Mozilla)
MyEss (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\MyEss) (Version: 1.0 - Zoodotnet Limited)
NOW TV Player 6.8.0.0 (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\com.bskyb.nowtvplayer_is1) (Version: 6.8.0.0 - NOW TV)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Graphics Driver 457.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.179 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8656 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.20.241 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.4 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
War Thunder Launcher 1.0.3.177 (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WhatsApp (HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\WhatsApp) (Version: 2.2043.21 - WhatsApp)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.46 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.428 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 6.0.0.43 - WildTangent) Hidden

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-03-22] (Amazon.com)
Booking.com: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comBigsavingsonhot_2.0.5.0_x64__mgae2k3ys4ra0 [2021-02-09] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-02-27] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1970.1.0_x86__kgqvnymyfvs32 [2021-03-04] (king.com)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-14] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-12-12] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-08-06] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-02-26] (McAfee LLC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-06] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13801.20294.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2020-12-12] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0 [2021-03-06] (Spotify AB) [Startup Task]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-25] (Synaptics Incorporated)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2021-02-27] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxDTCM.dll [2020-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-02-13 21:43 - 2021-02-13 21:43 - 001144320 _____ () [File not signed] C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Application\78.0.3904.108\chrome.dll
2021-02-09 01:32 - 2021-02-09 01:32 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\9c5cfbcc19c1aeccc535f309f05873d0\BRIDGECommon.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\5ddc004c538c7cdb0698e9790eae3229\BridgeExtension.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\f1912b65372681c4482025d2ea64d960\CleanStartController.ni.dll
2021-01-08 01:41 - 2021-01-08 01:41 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\a354c38f659363054b8dbd29ab5fc353\Interop.IWshRuntimeLibrary.ni.dll
2021-02-12 19:17 - 2021-02-12 19:17 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\a1a85735830a58d68de6b32c054c961f\RegistrationUtilities.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\dad9dd560e38c29da6dfe6688f817cae\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\69eaa834550a1f015679f4b9d6b38bd5\CommonPortable.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\12976f63c260c230152542f8f43d1f6f\NAudio.ni.dll
2021-02-09 01:32 - 2021-02-09 01:32 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\07fe9165a3593cb64a943a8b34855409\Newtonsoft.Json.ni.dll
2021-02-09 01:33 - 2021-02-09 01:33 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\c8129da97f8be4a90c3d4e569de73f88\Newtonsoft.Json.ni.dll
2021-02-12 19:17 - 2021-02-12 19:17 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\d6754e112bc586d282a446a3d72d6335\log4net.ni.dll
2021-02-13 21:43 - 2021-02-13 21:43 - 001601024 _____ (TODO: <Company name>) [File not signed] C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Application\78.0.3904.108\chrome_proxy.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3CB084D9-7779-4F88-A638-23B37F03B6D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3CB084D9-7779-4F88-A638-23B37F03B6D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3938178760-3216329319-1005203919-1001 -> {3CB084D9-7779-4F88-A638-23B37F03B6D5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-08-23] (McAfee, LLC. -> McAfee, LLC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3938178760-3216329319-1005203919-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{50857A9E-345C-4C72-9A06-DCADED1E50DF}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{D3A31648-1A71-4D9C-BFC5-212C300C3CF0}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{2BF9C003-6DD5-4ED3-9573-55AE5320CE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{E4B61E76-4F08-4679-9336-D89EDDDCA6DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{7E379AA9-897D-4D74-AFB2-EB92E39977D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade Demo\runme.exe () [File not signed]
FirewallRules: [{D344820C-EAB8-4569-A5BB-8E30DCC3CE4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount and Blade Demo\runme.exe () [File not signed]
FirewallRules: [{D0A3DCC7-2EFB-4A70-A723-5A14D1784878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{AC0ACBCA-56D9-41C3-AA60-D43156BD27D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{C78B5865-016A-4373-95CC-01C1600642C1}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{8EAC00C4-7974-41F9-BDB8-1BAB397657B7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2F814F63-013D-41FC-94EC-8C4CDD767B5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D43D3A2F-D21A-43BF-8745-D243E97A6D16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C6061CF-2D8A-4C8A-ACA3-03D2CA860816}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1CF052CA-FE91-4E5B-8ACB-03041B7B665B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A64952B3-8926-4A64-8AF9-80CDB12122A8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{CE166108-B6B0-4787-8C4A-AEF2BC09D4B1}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{1D7424EA-8189-4096-AC15-77EF91DB2E07}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{B6D5F0FF-D95F-42EC-8CF8-CA98A109D1FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A387B1BD-F3B7-4332-A2B9-E8D6EA0C8D25}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{779063D6-F787-4B0E-9182-C5DAB02B02CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AF20FB7A-DC23-43A0-804D-57B57F881DB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A2F49531-ABA5-4B77-B640-364208C6D45E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{08EEDF95-7D6A-4BD6-A6F2-FC1BDB9AA452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{65FD3529-9101-4D3A-8521-4CBCB03E4329}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{38BE73FD-B4F6-4C52-82E9-0D0DF04D6377}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CDA099BD-C1AB-4C0C-810B-EA6727691399}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7AFC5C81-9EE7-46A6-983E-050EE123A1B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0F9CF9EE-760A-4946-AC6B-DEF2A41001BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0EDF8175-7EA6-4F7E-AD15-63809C1D2370}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87763E40-2EBF-4072-B76E-92B7BB9CDA80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45CED60F-0843-4132-8404-39E039B71C07}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6217D100-625A-414B-A2AA-306E3A440750}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Warships\bin\clientrunner\clientrunner.exe => No File
FirewallRules: [{19C56AE6-AFAC-4D0F-8EA1-0F73432C1727}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Warships\bin\clientrunner\clientrunner.exe => No File
FirewallRules: [{090AE60C-2BAA-4AF3-A861-43825B767947}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{0090F211-3A46-4A10-B6C6-8DFC6BDD97D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{137F6000-943F-4081-B237-F607F764F1C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{80A39989-E67A-47A9-A1B4-C122A7F7676D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{30FA17D4-9D38-44B4-8A11-AB8DF8D56EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{924CC9DD-7929-4D35-9AAA-86A9C2BF79FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{E74BB214-4077-4A97-AC9B-F2998CECED1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{7643C06C-D1B5-4050-BFF8-B7BB275D773F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{37937B62-847D-4DEF-8517-967155A46A80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{DD92188F-451E-4EE4-B214-4B8890DF7A52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C8CAB4AB-28C9-4758-8E85-5E496405C9D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{C8F0F37B-D0A3-412F-B5A7-4E962DCF0048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{CAE5F408-B504-4F94-B690-E7B48571DBC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2E707556-3A99-4B1A-B8E7-0BED212803F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{26F101B5-5D8E-440B-8AFE-2FBEA1C18912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Plague Tale Innocence\APlagueTaleInnocence_x64.exe (Focus Home Interactive -> Asobo Studio)
FirewallRules: [{B6BAD2BF-6040-4F98-8501-9473DFFD5172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Plague Tale Innocence\APlagueTaleInnocence_x64.exe (Focus Home Interactive -> Asobo Studio)
FirewallRules: [{0BD06FCC-FE4A-4E89-B278-2991F7537528}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{0CD880F5-8E3E-43FB-A0EF-E7B83BCBB7DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{F66D8979-9C32-4118-BD06-ED34835B2E2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{59BBB6BD-8087-48CF-ABC3-352D6B240DA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{30672D0B-CA12-43D3-BDB4-65A62CADFD21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{2636A220-5E2E-4CCB-BAFB-5B0446BD9603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{1AE5165B-6BC6-4F53-B97F-069C5B8402A3}C:\program files (x86)\steam\steamapps\common\total war saga thrones of britannia\thrones.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war saga thrones of britannia\thrones.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{DD881F3D-7190-4768-8946-11DB36A918BB}C:\program files (x86)\steam\steamapps\common\total war saga thrones of britannia\thrones.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war saga thrones of britannia\thrones.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{1DC89104-AF0C-4FB7-A4D5-1FBDB2382755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Ages Rome\Rome.exe (Haemimont Games) [File not signed]
FirewallRules: [{9B63E529-3A5B-44CA-A7DF-AF2920B9F44F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Ages Rome\Rome.exe (Haemimont Games) [File not signed]
FirewallRules: [{215F8944-F4A1-47E5-B8B1-078029298EFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F6AD26F6-A65A-4E76-A89B-D1242EA984DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C535405B-4662-4580-BBBC-738A9DCA0DBC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{151DE636-91DE-4CC4-82AC-41B2F1B6C1C7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5DAED9E5-C11B-4648-A23F-C388C4F65288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones Winter is Coming\GotPC.exe (YOUZU (SINGAPORE) PTE. LTD. -> )
FirewallRules: [{541E94A6-DB8F-4595-8070-9EADED6B6F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones Winter is Coming\GotPC.exe (YOUZU (SINGAPORE) PTE. LTD. -> )
FirewallRules: [{62E955DB-DE8F-4E5D-9E03-DE4249AA8251}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Saga Thrones of Britannia\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{F8BDC7B8-BE6A-4656-98ED-A510931B002E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Saga Thrones of Britannia\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{184F9FD9-B4D0-401C-97DA-25EF3E35293C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1C638043-45A1-46B5-8959-FB1D8458B240}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{78DF54B8-5D35-4F84-8FEA-E2FA28FFCF28}C:\users\jonny\appdata\local\google\chrome\user data\application\chrome.exe] => (Allow) C:\users\jonny\appdata\local\google\chrome\user data\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{3717ED50-3BE8-409C-898D-C778143B9A24}C:\users\jonny\appdata\local\google\chrome\user data\application\chrome.exe] => (Allow) C:\users\jonny\appdata\local\google\chrome\user data\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{F547AE7D-53FE-417B-AF5E-199AB32182F2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{935E7E5B-559E-4F7F-AEAA-3500EA10A84C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FB5F6501-5537-4883-8CE4-477A96B1C193}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5643DDA4-9FAF-4A8E-AB0A-8ADF48386AEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01E99105-11CC-47B2-9F7B-DFCC9F67FD27}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DB243AB2-6D97-4527-9FE4-AAB00F14EB79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60C6EB01-355F-4CEA-8933-2A297D03F0F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E0A8061D-625C-46AF-9F57-DBD62052ED91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1A7B51A6-03C2-49EC-AE1D-818DF26BCB9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60D0EA27-4394-4B7F-BC8E-6C45D850F301}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0335F760-888E-4D71-9478-38022E3AE4B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13801.20294.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

07-03-2021 20:28:58 Scheduled Checkpoint
12-03-2021 20:22:17 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/14/2021 09:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.746, time stamp: 0x5b78739c
Faulting module name: windows.storage.dll, version: 10.0.19041.844, time stamp: 0x7313c2f7
Exception code: 0xc0000005
Fault offset: 0x0000000000103249
Faulting process ID: 0x26f4
Faulting application start time: 0x01d718b0a9faa3b6
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\system32\windows.storage.dll
Report ID: 0672c002-f0c4-4394-b713-6a4c837185de
Faulting package full name: Microsoft.OneConnect_5.2011.3081.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (03/13/2021 09:19:11 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/12/2021 08:32:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.746, time stamp: 0x5b78739c
Faulting module name: windows.storage.dll, version: 10.0.19041.789, time stamp: 0xdc832f6d
Exception code: 0xc0000005
Fault offset: 0x0000000000103389
Faulting process ID: 0x3580
Faulting application start time: 0x01d7177ea4c7d419
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\system32\windows.storage.dll
Report ID: 6d337866-ea51-4ffb-8199-65307ecdf426
Faulting package full name: Microsoft.OneConnect_5.2011.3081.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1

Error: (03/12/2021 08:22:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/12/2021 08:21:46 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/10/2021 06:06:07 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/09/2021 06:48:50 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/09/2021 06:48:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.19041.746, time stamp: 0x5b78739c
Faulting module name: windows.storage.dll, version: 10.0.19041.789, time stamp: 0xdc832f6d
Exception code: 0xc0000005
Fault offset: 0x0000000000103389
Faulting process ID: 0x2ca4
Faulting application start time: 0x01d71514c3dc36f2
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\system32\windows.storage.dll
Report ID: 6f4a4907-4952-4303-8189-6e32f58eb854
Faulting package full name: Microsoft.OneConnect_5.2011.3081.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1


System errors:
=============
Error: (03/13/2021 09:17:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.

Error: (03/13/2021 09:12:35 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (03/13/2021 09:13:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:01:33 on ‎13/‎03/‎2021 was unexpected.

Error: (03/13/2021 12:37:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.

Error: (03/12/2021 08:24:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service did not respond on starting.

Error: (03/12/2021 08:18:00 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (03/12/2021 08:18:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:00:16 on ‎11/‎03/‎2021 was unexpected.

Error: (03/10/2021 06:04:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.


Windows Defender:
================
Date: 2021-03-10 18:15:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-08 19:02:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-03 19:18:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-02 19:01:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-28 19:16:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-12 20:43:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.333.116.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17900.7
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-03-07 11:25:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2546.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2021-03-07 11:25:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.2546.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2021-03-13 21:24:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-13 21:18:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2021-03-13 18:32:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.25 05/28/2019
Motherboard: HP 84F7
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 68%
Total physical RAM: 8071.09 MB
Available physical RAM: 2522.9 MB
Total Virtual: 10503.09 MB
Available Virtual: 2741.22 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.95 GB) (Free:522.3 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.33 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7bba2b35-08b3-4765-b721-f3b69e664745}\ () (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{2b360fef-8a9a-4837-91c7-531167bcc37a}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C9207EE)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, jbr199.

 

Welcome to Geeks to Go Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

=============================================

 

Currently reviewing your logs and I will be back to you as soon as possible.

 

Note, that we may have a time zone difference. Here it is 13:00 right now.


  • 0

#3
jbr199

jbr199

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

many thanks


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Hi, jbr199.
 
Here are my comments/instructions regarding your logs:
 
1. P2P program

You have Litecoin Core installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. Although the program claims that it is safe, please do not use it during the cleaning procedure.
 
 
2. Uninstall Adobe Flash Player plugin
 
The product reached its end of life by the end of 2020. Having it installed consists a safety risk for your computer. Follow the instructions here to uninstall it.
 
 
3. Antivirus issue
 
Although you have McAfee Personal Security in your computer, it seems that it isn't work properly. The computer is also protected by Windows Security platform, which includes the Windows Defender antivirus. This is actually a built-in Windows 10 antivirus, which is good enough to protect you, considering you follow the safe computing rules. If you want to keep McAfee, please uninstall and reinstall it. If you wish to stay with Windows Defender, just uninstall McAfee.
 
To uninstall McAfee:

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
McAfee Personal Security
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Sophos Anti-Virus items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

 

To reinstall McAfee (if you wish):
 
Here you can follow instructions to reinstall McAfee again.
 
 
4. Notifications from Chrome
 
Did you intentionally enable notifications from these sites?

hxxps://calendar.google.com
hxxps://www.wayfair.co.uk

 
5. Uninstall an extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find MIm6OVfNUAQA5FjvfAySS1sPPd7GakZNabcextsn, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 
6. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{779063D6-F787-4B0E-9182-C5DAB02B02CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AF20FB7A-DC23-43A0-804D-57B57F881DB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
CHR NewTab: Default ->  Not-active:"chrome-extension://pficgmfbdeigbbebkioddginbcckjeof/index.html", Not-active:"chrome-extension://ammedmhjkobkdljgdngfmkkdcgldommf/ntp.html"
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  1. What did you do with the antivirus
  2. Your reply about Chrome notifications
  3. The fixlog.txt
  4. Any question/concern/issue

  • 0

#5
jbr199

jbr199

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

hi there, many thanks for your time

  1. What did you do with the antivirus I just uninstalled and left it
  2. Your reply about Chrome notifications I dont recall, as a rule, I don't authorise notifications
  3. The fixlog.txt
  4. Any question/concern/issue

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by jonny (14-03-2021 16:18:51) Run:1
Running from C:\Users\jonny\Desktop
Loaded Profiles: jonny
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{779063D6-F787-4B0E-9182-C5DAB02B02CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AF20FB7A-DC23-43A0-804D-57B57F881DB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
CHR NewTab: Default ->  Not-active:"chrome-extension://pficgmfbdeigbbebkioddginbcckjeof/index.html", Not-active:"chrome-extension://ammedmhjkobkdljgdngfmkkdcgldommf/ntp.html"
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{779063D6-F787-4B0E-9182-C5DAB02B02CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF20FB7A-DC23-43A0-804D-57B57F881DB6}" => removed successfully
"Chrome NewTab" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31666527 B
Java, Flash, Steam htmlcache => 75819616 B
Windows/system/drivers => 19775556 B
Edge => 4601599 B
Chrome => 108505087 B
Firefox => 1163952942 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2859214 B
systemprofile32 => 2859214 B
LocalService => 2892150 B
NetworkService => 6213220 B
jonny => 58393125 B
defaultuser100000 => 58400293 B

RecycleBin => 689542 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:23:27 ====


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Thanks. Good. :)

 

Next...


1. Run AdwCleaner

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
jbr199

jbr199

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

thanks again, I hope these are correct

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-14-2021
# Duration: 00:00:15
# OS:       Windows 10 Home
# Scanned:  3845
# Detected: 42


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{308A737D-DAF0-4FED-BDB9-CEB4A599D92B}  
Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch   Task   C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HP\HP COOLSENSE
Preinstalled.HPCoolSense   Folder   C:\Users\jonny\AppData\Local\HP\HP COOLSENSE
Preinstalled.HPCoolSense   Folder   C:\Windows\System32\Tasks\HP\HP COOLSENSE
Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Preinstalled.HPJumpStartApps   Folder   C:\Program Files (x86)\HP\HP JUMPSTART APPS
Preinstalled.HPJumpStartApps   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps
Preinstalled.HPJumpStartBridge   Folder   C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Preinstalled.HPJumpStartLaunch   Folder   C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{707C46FB-BF09-4F5C-B44B-E4E761727DF1}  
Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Preinstalled.HPJumpStartLaunch   Task   C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Users\jonny\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Users\jonny\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}
Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\SHORTCUTPROVIDER
Preinstalled.WildTangentGamesBundle   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

 

 

 

 

 

 

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 14/03/2021
Scan Time: 18:20
Log File: f8dcfa6c-84f1-11eb-be37-e4e749401322.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1217
Update Package Version: 1.0.38145
Licence: Trial

-System Information-
OS: Windows 10 (Build 19041.867)
CPU: x64
File System: NTFS
User: LAPTOP-NP27E90N\jonny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 310573
Threats Detected: 9
Threats Quarantined: 0
Time Elapsed: 7 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AMMEDMHJKOBKDLJGDNGFMKKDCGLDOMMF\13.931.18.7502_0, No Action By User, 1866, 456842, 1.0.38145, , ame, , ,
PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AMMEDMHJKOBKDLJGDNGFMKKDCGLDOMMF, No Action By User, 1866, 443121, 1.0.38145, , ame, , ,
Adware.PopAds, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\EXTENSION, No Action By User, 13769, 811740, 1.0.38145, , ame, , ,

File: 6
PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AMMEDMHJKOBKDLJGDNGFMKKDCGLDOMMF\13.931.18.7502_0\CONFIG\CONFIG.JSON, No Action By User, 1866, 456842, 1.0.38145, , ame, , EFBFFB7BCA7B5F5F6316A11D77C70E4C, EBA79EBF7BEBF2C6C6DB405650BF9344209B5CDA6743C48CB935CCDFC469E61E
PUP.Optional.MindSpark.Generic, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AMMEDMHJKOBKDLJGDNGFMKKDCGLDOMMF\13.931.18.7502_0\MANIFEST.JSON, No Action By User, 1866, 443121, 1.0.38145, , ame, , 86FCBD59C2490238897681E96E3BE657, 73E01E880D7B2860176311DC7D20D9CBC6F024FEF4B749F4A556DCB22859B664
Adware.PopAds, C:\USERS\JONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\EXTENSION\BACKGROUND.JS, No Action By User, 13769, 811740, 1.0.38145, , ame, , 658BB25F697B7A71252AC97940F1C667, 257C3F189AE926F7235DEE6632E9722D1F6226C2D68ADCEF8F619BB1D9D7EA71
Adware.PopAds, C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Extension\content.js, No Action By User, 13769, 811740, , , , , 7FC1683361825B973C16B8B16FB51A10, 6ED0961C1EE8CA37AACADEC54967E9EFE390A54E5C4BBF3E7FB8444E7C760B6C
Adware.PopAds, C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Extension\icon.png, No Action By User, 13769, 811740, , , , , 494F963DC73BE3D20FC01E4A7F765A2A, B969B076E6C87AB5A94623441F40E5ECDED74037A5F2E56036C43C550BC846A4
Adware.PopAds, C:\Users\jonny\AppData\Local\Google\Chrome\User Data\Extension\manifest.json, No Action By User, 13769, 811740, , , , , 1C1E67D04CFE6493A7F4A16A56115C7A, F6FCC68B4C9BD716D04ADB163A53C6FE320CC2D292E4E263F49A488C2DF3FBEB

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Thanks, jbr199.
 
Let's clean now.
 
1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

Nothing malicious has been found by this tool.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. As you see, there are many many programs in the list. Personally, I don't keep anything I don't use/need. But it's your computer, so your decision. If you want to remove the preinstalled software (the whole package or part of it), please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please attach the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Eset online
 
Just to ensure that the computer is completely clean...

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

4. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt (in case you choose to run it)
  • The Malwarebytes report
  • The Eset report
  • The fresh logs, FRST.txt and Addition.txt

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Are you still with me?


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 2,614 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP