Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer: Suspected Malware in System [Solved]


  • This topic is locked This topic is locked

#1
rybards

rybards

    Member

  • Member
  • PipPip
  • 66 posts

Hi!

 

I'd like to ask for your help to see if my laptop has malware or spyware. I'm not very good about this stuff and doing this on my own. I'd appreciate if somebody can walk me through how to find out if my computer is infected.

 

Thank you!


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello, rybards.
 
Welcome to GTG Forums.
 
To begin with, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#3
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Good day DR M,

 

Thanks so much for your speedy response. I appreciate it.

 

Here are the logs:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by Ryan (administrator) on DESKTOP-NC9HVNJ (HP HP Notebook) (11-06-2021 17:29:09)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan
Platform: Windows 10 Home Single Language Version 2004 19041.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_video.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
Failed to access process -> conhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dwm.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> MoUsoCoreWorker.exe
Failed to access process -> OfficeC2RClient.exe
Failed to access process -> powershell.exe
Failed to access process -> TiWorker.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> wuauclt.exe
Failed to access process -> WUDFHost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-10-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2015-08-20] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1972088 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [BingSvc] => C:\Users\Ryan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-15] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109961080 2021-05-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-06-11] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Ryan\AppData\Local\slack\slack.exe [308368 2021-06-08] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- "C:\Users\Ryan\Desktop\Jap\Genki - An I (the data entry has 91 more characters).
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\MountPoints2: {ca81ae49-7cc5-11e9-9cb8-a8a7955d5be2} - "F:\HiSuiteDownLoader.exe" 
HKLM\...\Windows x64\Print Processors\HPCPP155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.dll [597792 2013-09-10] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-11] (Microsoft Windows Hardware Compatibility Publisher -> HP)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM135: C:\WINDOWS\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-05-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2198\SSScheduler.exe (McAfee, LLC. -> McAfee, LLC)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-06-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0197BF56-0D80-4969-BE36-286A779FA1D1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2831232 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {02B7D7E1-FE18-43EC-BFE0-9400703FB922} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {096C0699-B78C-486D-AD81-9006F08B8C89} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {0BDAD3D9-145E-44F4-A584-D4286B4843AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {13385EEA-69CC-42AA-B3E2-E0F8D13AE688} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [405048 2020-03-16] (Adobe Inc. -> Adobe Inc.)
Task: {1513CFA1-7AF1-4829-AA07-86B886A4EA85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [352368 2021-05-17] (HP Inc. -> HP Inc.)
Task: {220C1656-1A5E-455F-82D2-A1AB8610A659} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {23DDBBCB-59D9-4CAA-8100-0DB8739125CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DE6E150-F6E5-4975-A81D-3B67FB8D3147} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-22] (HP Inc. -> )
Task: {37869FAF-7684-4E81-8DE3-640D09E928FE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A92D0AA-6D4A-4CE7-B99B-DF09C6BD1CCC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DE328C4-8B4C-4D3E-9255-1EFF5A8D78D5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {50541FA9-88B1-4D64-A396-5B67C68C3B25} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5895392A-A351-45CB-9DB8-E186B0BC70B0} - System32\Tasks\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Glyph\GlyphClientApp.exe" -d "C:\Program Files (x86)\Glyph" -c -uninstall -silent -debug
Task: {62D7B45D-AC6A-44A5-8313-C4372B3FA6F6} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [474472 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {68EFC8E6-B789-4045-8CDD-18DCC58A723B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {865EC776-810F-44F0-8DB5-112BE5E9DF7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {8A2DEFB5-CC70-4FBF-8F9A-672692E654FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CE70BD9-F282-4DC7-A8BD-DF8AE92E5E32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9B747888-D1E4-4B66-B4B0-BA8ED2FBDC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {A787174D-D2FD-4E24-A99E-0D77E14F670E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {AD123015-4105-452E-B956-A99D1192B1DE} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {B17B0FA6-F64F-46AF-B39A-6E35C780E550} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {BA78896D-1B02-481C-94D4-0222AA47CD8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {CD651D4C-90D3-4CA4-9CEC-CB36F04B8934} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D44DAEDD-D528-4860-8EEE-F08745EC1B09} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D95378FD-B28D-44CD-A137-26BF6DACDBDA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DACD9E7E-C567-487F-9719-160E503DBB3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\d7dcdedb8ce6b33b121246911ad33b47" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\DropboxOEM" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\HPCeeScheduleForRyan" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1211838656-3945196859-822910569-1001" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F652A8CE-8AAD-4B17-97C2-CFEC2FF6BEE6}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WpsNotifyTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WpsUpdateTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\YCMServiceAgent" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E1E944BC-680D-474A-A424-EBA655CEFBF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {E5943B14-B274-4F1F-8DE9-27E2F3341A88} - System32\Tasks\d7dcdedb8ce6b33b121246911ad33b47 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\d7dcdedb8ce6b33b121246911ad33b47.ps1 <==== ATTENTION
Task: {F10670E2-BC14-44F9-99AC-C289391D0BF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7B2DACF-1C99-4B1A-A32D-DC31594D599D} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [517480 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {FD3D2E17-0A27-437F-9B95-E19BAA83DA65} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FE93F97B-0E96-47F5-9CC2-5D6F264104E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bcde77e-240f-4c10-84f3-761f61ca1577}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{81adeb0f-1b8d-47ca-b5cb-db77373ce48f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{cf628cd7-8fd6-4567-a7a3-f63135ab7c76}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f0032578-55e6-4f2f-9d5a-1d2ebf8755bc}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> hxxps://www.google.com/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Ryan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-08]
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\phur0440.default-1500038885698 [2019-07-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] (WildTangent Inc -> )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2021-06-11]
CHR Notifications: Default -> hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://meet.google.com
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113","hxxps://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR Extension: (Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Skype Calling) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Vimeo™ Video Downloader) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpbghdbejagejmciefmekcklikpoeel [2020-12-06]
CHR Extension: (AVG Secure Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2020-01-13]
CHR Extension: (Facebook Unseen) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2016-06-20]
CHR Extension: (Video Downloader professional) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-25]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-05-24]
CHR Extension: (Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-06-08]
CHR Extension: (rikaikun) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2021-06-08]
CHR Extension: (HP Network Check Launcher) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30]
CHR Extension: (Save to Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-06-27]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-06-07]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2021-06-03]
CHR Extension: (Search Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-12-03]
CHR Extension: (Awesome Screenshot & Screen Recorder) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2021-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Speedtest by Ookla) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2021-04-15]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\FileSyncHelper.exe [2101120 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-23] (Macrovision Europe Ltd.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent Inc -> WildTangent)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973072 2021-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [398408 2021-05-01] (McAfee, LLC. -> McAfee, LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\OneDriveUpdaterService.exe [2565504 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] (CyberLink Corp. -> )
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425208 2021-06-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-11 17:29 - 2021-06-11 17:36 - 000043485 _____ C:\Users\Ryan\Desktop\FRST.txt
2021-06-11 16:39 - 2021-06-11 17:34 - 000000000 ____D C:\FRST
2021-06-11 16:20 - 2021-06-11 16:22 - 002300416 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2021-06-11 03:06 - 2021-06-11 15:44 - 000000000 ____D C:\Users\Ryan\Documents\YouCam
2021-06-10 21:14 - 2021-06-10 21:14 - 000012724 _____ C:\Users\Ryan\Downloads\Product Listing Template (1).odt
2021-06-10 17:20 - 2021-06-10 17:21 - 088037336 _____ C:\Users\Ryan\Downloads\RY_ZAPPYO_NURIA_061021.mp4
2021-06-08 22:42 - 2021-06-08 22:42 - 000253494 _____ C:\Users\Ryan\Downloads\Ryan Bardahi_Content Editor.xlsx
2021-06-08 22:40 - 2021-06-08 22:41 - 000253494 _____ C:\Users\Ryan\Downloads\ryan_bardahi_content_editor.xlsx
2021-06-08 17:46 - 2021-06-08 17:47 - 055184650 _____ C:\Users\Ryan\Downloads\editing_process_for_clauie_and_ry_s_reference.mp4
2021-06-08 09:56 - 2021-06-08 09:56 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-06-08 09:55 - 2021-06-08 09:57 - 000000000 ____D C:\Users\Ryan\AppData\Local\slack
2021-06-07 16:20 - 2021-06-11 14:12 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Slack
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\fltk.org
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\ProgramData\fltk.org
2021-06-07 12:46 - 2021-06-11 02:07 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Hubstaff
2021-06-07 12:41 - 2021-06-07 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hubstaff
2021-06-07 12:41 - 2021-06-07 12:41 - 000000000 ____D C:\Program Files\Hubstaff
2021-05-28 13:58 - 2021-05-28 13:58 - 000065160 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2021-05-28 13:58 - 2021-05-28 13:58 - 000035992 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2021-05-14 22:42 - 2021-05-14 22:42 - 000000000 ____D C:\Users\Ryan\AppData\Local\upwork-updater
2021-05-14 22:42 - 2021-05-14 22:42 - 000000000 ____D C:\Users\Ryan\AppData\Local\Upwork
2021-05-13 11:10 - 2021-05-13 11:10 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-13 11:10 - 2021-05-13 11:10 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-13 11:09 - 2021-05-13 11:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-13 11:09 - 2021-05-13 11:09 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-13 11:09 - 2021-05-13 11:09 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-13 11:09 - 2021-05-13 11:09 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-13 11:08 - 2021-05-13 11:08 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-13 11:08 - 2021-05-13 11:08 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-13 11:08 - 2021-05-13 11:08 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-13 11:08 - 2021-05-13 11:08 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-13 11:06 - 2021-05-13 11:06 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-13 11:06 - 2021-05-13 11:06 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-11 17:37 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-11 17:25 - 2019-10-12 11:18 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-06-11 17:25 - 2019-10-12 11:18 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-06-11 17:21 - 2016-02-27 05:01 - 000000000 ___RD C:\Users\Ryan\OneDrive
2021-06-11 17:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-11 17:16 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-11 17:12 - 2020-10-04 21:45 - 000000000 ____D C:\Users\Ryan
2021-06-11 17:12 - 2017-05-30 13:07 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-06-11 17:12 - 2016-02-27 04:57 - 000000000 __SHD C:\Users\Ryan\IntelGraphicsProfiles
2021-06-11 17:09 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-11 16:53 - 2015-12-03 10:24 - 000000000 ____D C:\ProgramData\Intel
2021-06-11 16:52 - 2020-10-04 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-11 16:52 - 2020-10-04 21:36 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-11 16:52 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-11 16:51 - 2019-12-07 17:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-06-11 16:46 - 2020-10-04 21:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-11 16:46 - 2020-06-23 10:52 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-06-11 15:10 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2021-06-11 15:05 - 2017-12-02 12:37 - 000000000 ____D C:\Users\Ryan\AppData\Local\Packages
2021-06-11 02:54 - 2015-12-03 10:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-10 14:35 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-10 14:33 - 2020-04-23 23:33 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-06-10 14:33 - 2020-04-23 23:33 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-06-09 18:48 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-09 17:42 - 2021-05-05 18:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-06-09 16:59 - 2016-05-13 12:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:50 - 2016-05-13 12:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 09:57 - 2016-07-08 16:27 - 000000000 ____D C:\Users\Ryan\AppData\Local\SquirrelTemp
2021-06-07 19:53 - 2020-10-05 12:41 - 000495970 _____ C:\WINDOWS\system32\perfh011.dat
2021-06-07 19:53 - 2020-10-05 12:41 - 000138438 _____ C:\WINDOWS\system32\perfc011.dat
2021-06-07 19:53 - 2020-10-04 22:00 - 001548022 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-07 14:54 - 2018-11-09 17:32 - 000000000 ____D C:\Users\Ryan\AppData\Local\PlaceholderTileLogoFolder
2021-06-07 14:52 - 2017-04-22 13:11 - 000000000 ____D C:\Users\Ryan\Documents\Personal
2021-06-06 15:24 - 2018-03-02 00:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-05 12:10 - 2020-07-15 21:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-04 14:12 - 2016-10-08 17:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2021-06-04 14:06 - 2016-09-29 14:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-29 22:44 - 2020-10-04 22:24 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-05-29 22:44 - 2020-06-23 10:53 - 000000000 ___RD C:\Users\defaultuser1.DESKTOP-NC9HVNJ\OneDrive
2021-05-29 22:44 - 2020-04-13 19:24 - 000000000 ___RD C:\Users\Jundril\OneDrive
2021-05-29 22:43 - 2020-06-23 10:53 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-28 18:48 - 2018-07-23 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-13 18:14 - 2016-05-28 23:25 - 000000000 ___RD C:\Users\Ryan\Documents\Work
2021-05-13 13:44 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-13 13:37 - 2020-10-04 21:36 - 000380936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-13 13:33 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-13 11:25 - 2019-12-07 17:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
 
==================== Files in the root of some directories ========
 
2016-08-28 20:39 - 2016-08-31 23:51 - 000000033 _____ () C:\Users\Ryan\AppData\Roaming\AdobeWLCMCache.dat
2016-02-27 04:58 - 2019-08-17 11:33 - 004863888 _____ () C:\Users\Ryan\AppData\Local\BTServer.log
2018-09-29 07:17 - 2018-09-29 07:17 - 000000000 _____ () C:\Users\Ryan\AppData\Local\oobelibMkey.log
2016-06-21 10:30 - 2016-06-21 10:30 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{13A4A428-21DB-4AE6-B550-8F579BAB0DC1}
2016-06-24 13:47 - 2016-06-24 13:47 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{2BAF8F5D-9B83-47EC-A642-DB80C8AFEBDF}
2016-06-17 19:28 - 2016-06-17 19:28 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{3F00E856-FBC1-46A6-9FA0-45421FB921B6}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by Ryan (11-06-2021 17:41:33)
Running from C:\Users\Ryan\Desktop
Windows 10 Home Single Language Version 2004 19041.985 (X64) (2020-10-04 14:26:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1211838656-3945196859-822910569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1211838656-3945196859-822910569-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-1211838656-3945196859-822910569-1004 - Limited - Enabled) => C:\Users\defaultuser1.DESKTOP-NC9HVNJ
Guest (S-1-5-21-1211838656-3945196859-822910569-501 - Limited - Disabled)
Ryan (S-1-5-21-1211838656-3945196859-822910569-1001 - Administrator - Enabled) => C:\Users\Ryan
WDAGUtilityAccount (S-1-5-21-1211838656-3945196859-822910569-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-f6a4a545-e534-4330-b288-de308fc7c365) (Version: 3.0.2.118 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_b44d0aa750ffecdce0eafad5a93f527) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A14A2A00-D5CB-867E-8C03-8108DC2702D7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 7.0.3 (HKLM-x32\...\Any Video Converter) (Version: 7.0.3 - Anvsoft)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-c886034d-12e3-4236-bad2-5487e2d9e073) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-2eefcd8b-c074-4e0d-b5c2-6a42832c51c1) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudApp for Windows (HKLM-x32\...\{95319D69-E9F4-42EA-B714-25F41D63DD51}) (Version: 5.7.0.77 - CloudPlus, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-4ff96c8e-d782-4348-a0b6-d895c0f9a91a) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-c8436530-3d00-43ea-bdc9-d6dcc44fe477) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
eBIRForms version v7.8.1 (HKLM-x32\...\eBIRForms_is1) (Version: v7.8.1 - )
ELAN Touchpad 15.2.5.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.2.5.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-e8b92b51-7c70-41c6-9aad-0e97c3c53587) (Version: 3.0.2.59 - WildTangent) Hidden
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-52610c72-9b4c-49b9-ae40-79039854aeba) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
Home Makeover (HKLM-x32\...\WTA-88c58a89-31b3-410c-ba91-29de1bc3ab93) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.8.34.31 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPReyos (HKLM-x32\...\HPReyos) (Version:  - ) <==== ATTENTION
Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.5.19 - Netsoft Holdings, LLC.)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-d578daaa-ebb4-462a-87a7-c9b3299176d5) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-83516f4e-34e1-40d3-805c-9ec4d1645aef) (Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-32f6605e-28cf-4232-b252-4df6e8052886) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10604.207 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-e72af8c1-c6fe-4616-90d6-5075e78605b5) (Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-7bd0f048-d01b-4982-901b-71b2c2ed446e) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-e9c0e3da-ea01-47cc-ba99-66d69694bdd4) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-4e0fb448-bdfa-40b8-bb43-5779539460e3) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-bef8ad43-22ab-4715-a4d0-1dda19c1ef40) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2198.1 - McAfee, LLC)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.41 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.14026.20270 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-e48022a6-15d1-4c65-a1fb-0baefbb66b50) (Version: 3.0.2.59 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-f80a7519-a55b-41db-94e4-26260516bfca) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-731d3fbc-1ca0-4c2b-b739-09a7a9b3a19b) (Version: 3.0.2.59 - WildTangent) Hidden
RagnarokOnline (HKLM-x32\...\{CEAD2132-9705-422C-9FAB-FD4360FBB8DA}) (Version: 14.20.0000 - Gravity)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.1021 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31219 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-4498b762-1be3-45fc-a497-3c145ff45d5b) (Version: 3.0.2.126 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.72 (HKLM-x32\...\Skype_is1) (Version: 8.72 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\slack) (Version: 4.17.1 - Slack Technologies Inc.)
Spotify (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{3D241290-3AB5-4D3E-9EA1-0CC741A98B11}) (Version: 6.1.0.1623 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.596 - McAfee, LLC)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Zoom (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-04-27] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-04-23] (Adobe Systems Incorporated)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-09] (Autodesk Inc.)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-15] (Flipboard)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-03-31] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-08] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-08] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-23] (Microsoft Corporation)
RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2017-09-22] (Tiny Opener)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-12] (Random Salad Games LLC)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2016-03-04] (The Weather Channel.)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-18] (TripAdvisor LLC)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-03D691D89D5D} -> [Creative Cloud Files] => C:\Users\Ryan\Creative Cloud Files [2016-08-23 11:23]
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Ryan\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <==== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agoda.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.agoda.com/?cid=1649895&tag=square
 
==================== Loaded Modules (Whitelisted) =============
 
2015-12-03 10:26 - 2011-08-24 10:39 - 000081920 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2021-05-08 20:21 - 2021-05-08 20:22 - 092143616 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-04-02 18:09 - 2021-04-04 21:46 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2015-12-03 10:26 - 2015-07-01 15:25 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\MSVCR71.dll
2020-10-04 21:53 - 2020-10-04 21:53 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-10-04 21:53 - 2020-10-04 21:53 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2020-04-20 09:30 - 2020-04-20 09:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-20 09:30 - 2020-04-20 09:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2015-12-03 10:26 - 2011-08-24 10:39 - 002113536 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\python25.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231413757170427&GUID=A8D2861F-B181-470C-B2F9-3C234A12F775
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ph/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://mysearch.avg.com/search?cid={FE0C9B38-E2D2-462D-A542-1946605F50EA}&mid=d3f796d5bcda47cfb14179eed3b9b211-f564f79562d74746c6647c88325a3f36054c6e3c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-17 04:24:53&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\sharepoint.com -> hxxps://omgww-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-05-27 23:19 - 2021-05-27 23:19 - 000000861 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-1211838656-3945196859-822910569-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5777FC7B-8953-47F5-BB0D-F917368A7ADE}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{60986C1A-2AC1-457D-A0E2-93C6D7D111EA}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{0A20D7A5-577C-4875-A300-E76A4D9AC5C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{03CC7FD6-3D4F-49E9-A540-B5BB9CB8BA00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{913A308F-3BEE-4D5D-A585-9E1725BA9ABE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{59E779BB-92AD-4D51-A34B-0DCE92491FD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [UDP Query User{195E4B19-2D4F-40EF-9693-8C2543D0DA8F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{93D7DC47-37E6-471E-9592-C4AEA787E132}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A06F9ED3-573B-4CD0-B75B-B3C62B7C8FC3}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{9F092B36-5ABE-47DD-BD28-7FEE7ECA1E3C}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{CE3D09F2-00B2-45F3-8D71-CA8D17AB7A0A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{785B8EFE-C5E4-4167-88D2-9A129DF5E52B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8642CBB4-E860-488E-9416-3ACB2FFA34D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D60956C6-2684-44A4-BF87-8FEFA2CF843B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71E68AF6-F895-4C3C-9848-DBD60E4EE1DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E67DF5-E4DE-4029-AEBC-DEBADFC22236}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E0864A86-2694-4380-9B7F-06B72B727AA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AA0789D0-E095-41AE-B04B-F5579A7613BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80562A76-AFA9-48ED-AE57-F84035CEF361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{CC4D6EDB-9545-4134-A114-03E23AD11601}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F9598931-8452-4615-8C88-3A0012DA92D5}] => (Allow) LPort=1900
FirewallRules: [{F1F3BC61-F0FB-4391-9BCB-296D34DBF420}] => (Allow) LPort=2869
FirewallRules: [{62E48C0F-0890-48E9-AD56-642060C96495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A12A4E46-1830-4490-B0D7-AD3242498940}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{2978F723-A15A-4A61-A41A-86ACFC9B5FFF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{3D82FF8D-C3A7-4ADB-8EB1-C4B3580BD18B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{02AA07B2-AEF5-4F8C-8BAE-8854DBF11D43}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{83F5E9B5-F067-4CDD-AEFF-BF0F30116A13}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E978F50E-90F5-4454-9F31-2AF43FC1EC07}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{32594A16-6F6F-487F-A57B-413F6349412E}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9138EA11-F9FB-4438-BD86-AD9BA0016728}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0BA2408C-156B-4595-B611-3EE02F8753DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{DB693282-1255-409C-A6AE-7CDC8236560C}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27A102E6-A5A8-4CF2-A64B-5982278053F2}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0B5B9609-4022-4200-BDE4-7B85A6894898}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{83120D97-9AD3-4FEA-9A8A-B72BCA1F837F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{223744D9-0BDD-432B-9A8B-A603B787E759}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{30C8CC80-211C-4680-AF14-A8BD25149C37}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{1BF9B8E3-08F8-47B9-BCD6-23132A635D64}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{4655DA4F-8BE3-45A5-9377-D7CA6E316355}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{B438D418-8953-4D8F-8CA0-A526C2220AA5}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{95BD59FE-9C72-4F0D-9B3B-3EDD616B8497}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{439A0A05-95B4-4722-BF4F-AD1E21B983AB}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{8F8DAB2F-880A-4BC0-9A54-A047400D6C9F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{F257BCB6-E143-411B-80F4-26E71AD9DE73}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{4F43AF0C-0A55-4CB4-B87D-F49CEB99C362}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{AB95AA59-AB6E-4AFC-B381-7085DDE96F59}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{ED9733CB-FB5B-47BD-8D94-D3283375F053}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{280190F0-4C51-4F24-AFFF-884457BA223E}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{FD2CEDE6-4340-4590-954D-98F7D5C35505}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{C11BD620-E126-41A5-8EF1-235D4102948A}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [{E4DFC382-55FE-43FD-A5F2-87D9FAB76727}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [TCP Query User{18D45DE5-47B2-4297-B842-7189A5861864}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [UDP Query User{9BB8E2C7-11E8-47CA-8009-9033F53B9F37}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [{238B685D-AF2C-42FA-BD31-E2D23C564393}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [{1171CAA1-07C8-4EEE-817E-EAC3AA51C710}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{887082AF-6087-4272-95B3-BA085FD8D4EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6DE831C8-EC68-41CA-B7B3-D05BEDBA6C68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BBC80808-A1A1-43D8-B548-BCE4CF09F960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A8178277-005A-467C-B987-6EC6C1F3622C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{45B87E26-E83B-4AE6-AE12-396D2E6A15C5}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8B1E8E28-0515-4C6D-8641-70A36127DE4E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{B8B9428E-CB66-47BB-B007-C72ADD87F89A}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{14AFB7B8-7EF6-4C10-8B59-D5660F020D0F}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{67A0A61E-A4CF-4AF4-8810-DA056095690E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{C2941601-5F97-4A1A-8F9F-EFD9ED4FCDFE}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{2074ADE2-0750-476D-A33D-EA704C7B61C5}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [UDP Query User{5FD47EEF-52B1-448C-B825-2C4194DF455B}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [{909C94D6-0F01-454F-9CF6-7838BB8BD836}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1C6CB81-B483-46CD-8CA4-95E362ED449E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0CC1067B-A7AD-4C57-9E22-C004D24CC065}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [UDP Query User{DABAFB19-C75C-4C25-9DA1-085513C421E9}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{D7AFE13E-B8E2-4435-A6D8-305C1FDDD276}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{049086F9-66D3-451F-BBFF-1A817C95EDB9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9FD81AC-D327-4831-8873-2E350BDA3768}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
05-06-2021 00:42:43 Scheduled Checkpoint
08-06-2021 11:18:30 Language Pack Removal
11-06-2021 15:47:59 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/11/2021 05:23:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 28e8
 
Start Time: 01d75ea2bba0ea29
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
 
Report Id: b761912c-3a49-4c0c-9b47-bfdbc09c94bf
 
Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (06/11/2021 05:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TiWorker.exe, version: 10.0.19041.1022, time stamp: 0x6b22e996
Faulting module name: cbscore.dll, version: 10.0.19041.1022, time stamp: 0x494f0839
Exception code: 0xc0000005
Fault offset: 0x000000000000230f
Faulting process id: 0xd64
Faulting application start time: 0x01d75e9f2abd4ccf
Faulting application path: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
Faulting module path: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\cbscore.dll
Report Id: 6a788ce4-ffcb-473e-b68d-b7b694959c04
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/11/2021 04:35:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 7.3.0.157, time stamp: 0x602c8d14
Faulting module name: AGSService.exe, version: 7.3.0.157, time stamp: 0x602c8d14
Exception code: 0xc0000005
Fault offset: 0x001b97af
Faulting process id: 0x104c
Faulting application start time: 0x01d75469de5fcd9f
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Report Id: a79c46d7-7c62-44ff-b6ed-d505a7e7bcad
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/11/2021 02:08:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.621.4222.0, time stamp: 0x60818071
Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, time stamp: 0x812662a7
Exception code: 0xc0000409
Fault offset: 0x000000000010b39c
Faulting process id: 0x38a8
Faulting application start time: 0x01d75e87f950587c
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: a3463c50-db0a-48ea-8081-2acf4ba6cf0a
Faulting package full name: Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (06/11/2021 02:07:35 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (06/11/2021 02:04:33 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (06/11/2021 02:03:35 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (06/11/2021 05:02:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47078
 
 
System errors:
=============
Error: (06/11/2021 05:03:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (06/11/2021 05:00:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.
 
Error: (06/11/2021 04:52:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/11/2021 04:52:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (06/11/2021 04:52:50 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
Error: (06/11/2021 04:52:50 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
Error: (06/11/2021 04:47:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/11/2021 04:47:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.
 
 
Windows Defender:
================
Date: 2021-06-10 15:49:48
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-09 18:41:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-08 17:19:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-07 17:50:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-06 17:38:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-09 18:00:57
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.341.301.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18200.4
Error code: 0x80070050
Error description: The file exists. 
 
Date: 2021-06-04 14:06:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1962.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.24.0
Previous security intelligence Version: 1.339.1962.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.24.0
Previous security intelligence Version: 1.339.1962.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.31 05/06/2020
Motherboard: HP 80BC
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 93%
Total physical RAM: 4011.01 MB
Available physical RAM: 274.77 MB
Total Virtual: 10411.01 MB
Available Virtual: 6241.77 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.54 GB) (Free:288.5 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.12 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{68b8bcb9-b5a1-4cf9-ad61-2944d82b4720}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.

 

Can you please run FRST once more, making sure that you are running it as administrator?  Right click on the FRST and choose Run as Administrator. Attach for me the two logs created. 


  • 0

#5
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Thanks for your patience! Here are the new logs:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by Ryan (administrator) on DESKTOP-NC9HVNJ (HP HP Notebook) (12-06-2021 03:39:52)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan
Platform: Windows 10 Home Single Language Version 2004 19041.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
Failed to access process -> CompatTelRunner.exe
Failed to access process -> CompatTelRunner.exe
Failed to access process -> conhost.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dwm.exe
Failed to access process -> dxgiadaptercache.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> GoogleCrashHandler.exe
Failed to access process -> GoogleCrashHandler64.exe
Failed to access process -> MoUsoCoreWorker.exe
Failed to access process -> OfficeC2RClient.exe
Failed to access process -> unsecapp.exe
Failed to access process -> wermgr.exe
Failed to access process -> WMIADAP.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WUDFHost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-10-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2015-08-20] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1972088 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [BingSvc] => C:\Users\Ryan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-15] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109961080 2021-05-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-06-11] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Ryan\AppData\Local\slack\slack.exe [308368 2021-06-08] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- "C:\Users\Ryan\Desktop\Jap\Genki - An I (the data entry has 91 more characters).
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\MountPoints2: {ca81ae49-7cc5-11e9-9cb8-a8a7955d5be2} - "F:\HiSuiteDownLoader.exe" 
HKLM\...\Windows x64\Print Processors\HPCPP155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.dll [597792 2013-09-10] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-11] (Microsoft Windows Hardware Compatibility Publisher -> HP)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM135: C:\WINDOWS\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-06-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-05-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2198\SSScheduler.exe (McAfee, LLC. -> McAfee, LLC)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-06-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0197BF56-0D80-4969-BE36-286A779FA1D1} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2831232 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {02B7D7E1-FE18-43EC-BFE0-9400703FB922} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {096C0699-B78C-486D-AD81-9006F08B8C89} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {0BDAD3D9-145E-44F4-A584-D4286B4843AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {13385EEA-69CC-42AA-B3E2-E0F8D13AE688} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [405048 2020-03-16] (Adobe Inc. -> Adobe Inc.)
Task: {1513CFA1-7AF1-4829-AA07-86B886A4EA85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [352368 2021-05-17] (HP Inc. -> HP Inc.)
Task: {220C1656-1A5E-455F-82D2-A1AB8610A659} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {23DDBBCB-59D9-4CAA-8100-0DB8739125CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DE6E150-F6E5-4975-A81D-3B67FB8D3147} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-22] (HP Inc. -> )
Task: {37869FAF-7684-4E81-8DE3-640D09E928FE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A92D0AA-6D4A-4CE7-B99B-DF09C6BD1CCC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DE328C4-8B4C-4D3E-9255-1EFF5A8D78D5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {50541FA9-88B1-4D64-A396-5B67C68C3B25} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5895392A-A351-45CB-9DB8-E186B0BC70B0} - System32\Tasks\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Glyph\GlyphClientApp.exe" -d "C:\Program Files (x86)\Glyph" -c -uninstall -silent -debug
Task: {62D7B45D-AC6A-44A5-8313-C4372B3FA6F6} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [474472 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {68EFC8E6-B789-4045-8CDD-18DCC58A723B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {865EC776-810F-44F0-8DB5-112BE5E9DF7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {8A2DEFB5-CC70-4FBF-8F9A-672692E654FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CE70BD9-F282-4DC7-A8BD-DF8AE92E5E32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9B747888-D1E4-4B66-B4B0-BA8ED2FBDC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {A787174D-D2FD-4E24-A99E-0D77E14F670E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {AD123015-4105-452E-B956-A99D1192B1DE} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {B17B0FA6-F64F-46AF-B39A-6E35C780E550} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {BA78896D-1B02-481C-94D4-0222AA47CD8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {CD651D4C-90D3-4CA4-9CEC-CB36F04B8934} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D44DAEDD-D528-4860-8EEE-F08745EC1B09} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D95378FD-B28D-44CD-A137-26BF6DACDBDA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DACD9E7E-C567-487F-9719-160E503DBB3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\d7dcdedb8ce6b33b121246911ad33b47" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\DropboxOEM" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\HPCeeScheduleForRyan" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1211838656-3945196859-822910569-1001" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F652A8CE-8AAD-4B17-97C2-CFEC2FF6BEE6}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WpsNotifyTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WpsUpdateTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\YCMServiceAgent" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E1E944BC-680D-474A-A424-EBA655CEFBF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {E5943B14-B274-4F1F-8DE9-27E2F3341A88} - System32\Tasks\d7dcdedb8ce6b33b121246911ad33b47 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\d7dcdedb8ce6b33b121246911ad33b47.ps1 <==== ATTENTION
Task: {F10670E2-BC14-44F9-99AC-C289391D0BF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7B2DACF-1C99-4B1A-A32D-DC31594D599D} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [517480 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {FD3D2E17-0A27-437F-9B95-E19BAA83DA65} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MpCmdRun.exe [644888 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FE93F97B-0E96-47F5-9CC2-5D6F264104E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bcde77e-240f-4c10-84f3-761f61ca1577}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{81adeb0f-1b8d-47ca-b5cb-db77373ce48f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{cf628cd7-8fd6-4567-a7a3-f63135ab7c76}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f0032578-55e6-4f2f-9d5a-1d2ebf8755bc}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> hxxps://www.google.com/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Ryan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-08]
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\phur0440.default-1500038885698 [2019-07-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] (WildTangent Inc -> )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2021-06-12]
CHR Notifications: Default -> hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://meet.google.com
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113","hxxps://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR Extension: (Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Skype Calling) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Vimeo™ Video Downloader) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpbghdbejagejmciefmekcklikpoeel [2020-12-06]
CHR Extension: (AVG Secure Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2020-01-13]
CHR Extension: (Facebook Unseen) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2016-06-20]
CHR Extension: (Video Downloader professional) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-25]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-05-24]
CHR Extension: (Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-06-08]
CHR Extension: (rikaikun) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2021-06-08]
CHR Extension: (HP Network Check Launcher) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30]
CHR Extension: (Save to Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-06-27]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-06-07]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2021-06-03]
CHR Extension: (Search Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2019-12-03]
CHR Extension: (Awesome Screenshot & Screen Recorder) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2021-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Speedtest by Ookla) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2021-04-15]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\FileSyncHelper.exe [2101120 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-23] (Macrovision Europe Ltd.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent Inc -> WildTangent)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973072 2021-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [398408 2021-05-01] (McAfee, LLC. -> McAfee, LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\OneDriveUpdaterService.exe [2565504 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] (CyberLink Corp. -> )
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425208 2021-06-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-12 03:49 - 2021-06-12 03:49 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-06-12 03:39 - 2021-06-12 03:44 - 000043234 _____ C:\Users\Ryan\Desktop\FRST.txt
2021-06-11 18:08 - 2021-06-11 18:08 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-11 18:08 - 2021-06-11 18:08 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-11 18:08 - 2021-06-11 18:08 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-11 18:08 - 2021-06-11 18:08 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-11 18:07 - 2021-06-11 18:07 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-11 18:07 - 2021-06-11 18:07 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-11 18:07 - 2021-06-11 18:07 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-11 18:07 - 2021-06-11 18:07 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-11 18:07 - 2021-06-11 18:07 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-11 18:07 - 2021-06-11 18:07 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-11 18:06 - 2021-06-11 18:06 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-11 18:06 - 2021-06-11 18:06 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-11 18:05 - 2021-06-11 18:05 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-11 18:05 - 2021-06-11 18:05 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-11 18:05 - 2021-06-11 18:05 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-11 18:04 - 2021-06-11 18:04 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-11 18:04 - 2021-06-11 18:04 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-11 18:04 - 2021-06-11 18:04 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-11 17:41 - 2021-06-11 17:58 - 000067182 _____ C:\Users\Ryan\Desktop\Addition.txt
2021-06-11 16:39 - 2021-06-12 03:42 - 000000000 ____D C:\FRST
2021-06-11 16:20 - 2021-06-11 16:22 - 002300416 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2021-06-11 03:06 - 2021-06-11 18:41 - 000000000 ____D C:\Users\Ryan\Documents\YouCam
2021-06-10 21:14 - 2021-06-10 21:14 - 000012724 _____ C:\Users\Ryan\Downloads\Product Listing Template (1).odt
2021-06-10 17:20 - 2021-06-10 17:21 - 088037336 _____ C:\Users\Ryan\Downloads\RY_ZAPPYO_NURIA_061021.mp4
2021-06-08 22:42 - 2021-06-08 22:42 - 000253494 _____ C:\Users\Ryan\Downloads\Ryan Bardahi_Content Editor.xlsx
2021-06-08 22:40 - 2021-06-08 22:41 - 000253494 _____ C:\Users\Ryan\Downloads\ryan_bardahi_content_editor.xlsx
2021-06-08 17:46 - 2021-06-08 17:47 - 055184650 _____ C:\Users\Ryan\Downloads\editing_process_for_clauie_and_ry_s_reference.mp4
2021-06-08 09:56 - 2021-06-08 09:56 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-06-08 09:55 - 2021-06-08 09:57 - 000000000 ____D C:\Users\Ryan\AppData\Local\slack
2021-06-07 16:20 - 2021-06-12 03:08 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Slack
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\fltk.org
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\ProgramData\fltk.org
2021-06-07 12:46 - 2021-06-12 02:52 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Hubstaff
2021-06-07 12:41 - 2021-06-07 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hubstaff
2021-06-07 12:41 - 2021-06-07 12:41 - 000000000 ____D C:\Program Files\Hubstaff
2021-05-28 13:58 - 2021-05-28 13:58 - 000065160 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2021-05-28 13:58 - 2021-05-28 13:58 - 000035992 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2021-05-14 22:42 - 2021-05-14 22:42 - 000000000 ____D C:\Users\Ryan\AppData\Local\upwork-updater
2021-05-14 22:42 - 2021-05-14 22:42 - 000000000 ____D C:\Users\Ryan\AppData\Local\Upwork
2021-05-13 11:10 - 2021-05-13 11:10 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-13 11:09 - 2021-05-13 11:09 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-13 11:08 - 2021-05-13 11:08 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-13 11:08 - 2021-05-13 11:08 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-13 11:06 - 2021-05-13 11:06 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-13 11:06 - 2021-05-13 11:06 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-12 03:46 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-12 03:39 - 2020-10-05 12:41 - 000495970 _____ C:\WINDOWS\system32\perfh011.dat
2021-06-12 03:39 - 2020-10-05 12:41 - 000138438 _____ C:\WINDOWS\system32\perfc011.dat
2021-06-12 03:39 - 2020-10-04 22:00 - 001548022 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-12 03:39 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-12 03:38 - 2016-02-27 05:01 - 000000000 ___RD C:\Users\Ryan\OneDrive
2021-06-12 03:36 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-12 03:35 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-12 03:35 - 2016-02-27 04:57 - 000000000 __SHD C:\Users\Ryan\IntelGraphicsProfiles
2021-06-12 03:34 - 2017-05-30 13:07 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-06-12 03:32 - 2020-10-04 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-12 03:32 - 2020-10-04 21:36 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-12 03:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-12 03:23 - 2019-12-07 17:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-06-12 03:16 - 2020-10-04 21:36 - 000380936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-12 03:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-12 03:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-12 03:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-12 03:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-12 03:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-12 03:02 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-12 02:48 - 2019-10-12 11:18 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-06-11 21:42 - 2017-12-02 12:37 - 000000000 ____D C:\Users\Ryan\AppData\Local\Packages
2021-06-11 18:40 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-11 18:10 - 2020-10-04 21:45 - 000000000 ____D C:\Users\Ryan
2021-06-11 17:46 - 2020-10-04 21:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-11 16:53 - 2015-12-03 10:24 - 000000000 ____D C:\ProgramData\Intel
2021-06-11 16:46 - 2020-06-23 10:52 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-06-11 15:10 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2021-06-11 02:54 - 2015-12-03 10:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-10 14:33 - 2020-04-23 23:33 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-06-10 14:33 - 2020-04-23 23:33 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-06-09 18:48 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-09 17:42 - 2021-05-05 18:45 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2021-06-09 16:59 - 2016-05-13 12:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:50 - 2016-05-13 12:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 09:57 - 2016-07-08 16:27 - 000000000 ____D C:\Users\Ryan\AppData\Local\SquirrelTemp
2021-06-07 14:54 - 2018-11-09 17:32 - 000000000 ____D C:\Users\Ryan\AppData\Local\PlaceholderTileLogoFolder
2021-06-07 14:52 - 2017-04-22 13:11 - 000000000 ____D C:\Users\Ryan\Documents\Personal
2021-06-06 15:24 - 2018-03-02 00:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-05 12:10 - 2020-07-15 21:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-04 14:12 - 2016-10-08 17:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2021-06-04 14:06 - 2016-09-29 14:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-29 22:44 - 2020-10-04 22:24 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-05-29 22:44 - 2020-06-23 10:53 - 000000000 ___RD C:\Users\defaultuser1.DESKTOP-NC9HVNJ\OneDrive
2021-05-29 22:44 - 2020-04-13 19:24 - 000000000 ___RD C:\Users\Jundril\OneDrive
2021-05-29 22:43 - 2020-06-23 10:53 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-28 18:48 - 2018-07-23 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-05-13 18:14 - 2016-05-28 23:25 - 000000000 ___RD C:\Users\Ryan\Documents\Work
2021-05-13 13:33 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-13 13:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-13 13:32 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-13 11:25 - 2019-12-07 17:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
 
==================== Files in the root of some directories ========
 
2016-08-28 20:39 - 2016-08-31 23:51 - 000000033 _____ () C:\Users\Ryan\AppData\Roaming\AdobeWLCMCache.dat
2016-02-27 04:58 - 2019-08-17 11:33 - 004863888 _____ () C:\Users\Ryan\AppData\Local\BTServer.log
2018-09-29 07:17 - 2018-09-29 07:17 - 000000000 _____ () C:\Users\Ryan\AppData\Local\oobelibMkey.log
2016-06-21 10:30 - 2016-06-21 10:30 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{13A4A428-21DB-4AE6-B550-8F579BAB0DC1}
2016-06-24 13:47 - 2016-06-24 13:47 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{2BAF8F5D-9B83-47EC-A642-DB80C8AFEBDF}
2016-06-17 19:28 - 2016-06-17 19:28 - 000000000 _____ () C:\Users\Ryan\AppData\Local\{3F00E856-FBC1-46A6-9FA0-45421FB921B6}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by Ryan (12-06-2021 03:49:48)
Running from C:\Users\Ryan\Desktop
Windows 10 Home Single Language Version 2004 19041.1052 (X64) (2020-10-04 14:26:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1211838656-3945196859-822910569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1211838656-3945196859-822910569-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-1211838656-3945196859-822910569-1004 - Limited - Enabled) => C:\Users\defaultuser1.DESKTOP-NC9HVNJ
Guest (S-1-5-21-1211838656-3945196859-822910569-501 - Limited - Disabled)
Ryan (S-1-5-21-1211838656-3945196859-822910569-1001 - Administrator - Enabled) => C:\Users\Ryan
WDAGUtilityAccount (S-1-5-21-1211838656-3945196859-822910569-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-f6a4a545-e534-4330-b288-de308fc7c365) (Version: 3.0.2.118 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\Adobe_b44d0aa750ffecdce0eafad5a93f527) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A14A2A00-D5CB-867E-8C03-8108DC2702D7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 7.0.3 (HKLM-x32\...\Any Video Converter) (Version: 7.0.3 - Anvsoft)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.8.566 - AVG Technologies)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-c886034d-12e3-4236-bad2-5487e2d9e073) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-2eefcd8b-c074-4e0d-b5c2-6a42832c51c1) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudApp for Windows (HKLM-x32\...\{95319D69-E9F4-42EA-B714-25F41D63DD51}) (Version: 5.7.0.77 - CloudPlus, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-4ff96c8e-d782-4348-a0b6-d895c0f9a91a) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-c8436530-3d00-43ea-bdc9-d6dcc44fe477) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
eBIRForms version v7.8.1 (HKLM-x32\...\eBIRForms_is1) (Version: v7.8.1 - )
ELAN Touchpad 15.2.5.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.2.5.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-e8b92b51-7c70-41c6-9aad-0e97c3c53587) (Version: 3.0.2.59 - WildTangent) Hidden
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-52610c72-9b4c-49b9-ae40-79039854aeba) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
Home Makeover (HKLM-x32\...\WTA-88c58a89-31b3-410c-ba91-29de1bc3ab93) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.8.34.31 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPReyos (HKLM-x32\...\HPReyos) (Version:  - ) <==== ATTENTION
Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.5.19 - Netsoft Holdings, LLC.)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-d578daaa-ebb4-462a-87a7-c9b3299176d5) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-83516f4e-34e1-40d3-805c-9ec4d1645aef) (Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-32f6605e-28cf-4232-b252-4df6e8052886) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10604.207 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-e72af8c1-c6fe-4616-90d6-5075e78605b5) (Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-7bd0f048-d01b-4982-901b-71b2c2ed446e) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-e9c0e3da-ea01-47cc-ba99-66d69694bdd4) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-4e0fb448-bdfa-40b8-bb43-5779539460e3) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-bef8ad43-22ab-4715-a4d0-1dda19c1ef40) (Version: 3.0.2.59 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2198.1 - McAfee, LLC)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.41 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.14026.20270 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-e48022a6-15d1-4c65-a1fb-0baefbb66b50) (Version: 3.0.2.59 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-f80a7519-a55b-41db-94e4-26260516bfca) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-731d3fbc-1ca0-4c2b-b739-09a7a9b3a19b) (Version: 3.0.2.59 - WildTangent) Hidden
RagnarokOnline (HKLM-x32\...\{CEAD2132-9705-422C-9FAB-FD4360FBB8DA}) (Version: 14.20.0000 - Gravity)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.1021 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31219 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-4498b762-1be3-45fc-a497-3c145ff45d5b) (Version: 3.0.2.126 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.72 (HKLM-x32\...\Skype_is1) (Version: 8.72 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\slack) (Version: 4.17.1 - Slack Technologies Inc.)
Spotify (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{3D241290-3AB5-4D3E-9EA1-0CC741A98B11}) (Version: 6.1.0.1623 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.596 - McAfee, LLC)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Zoom (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-04-27] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-04-23] (Adobe Systems Incorporated)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-09] (Autodesk Inc.)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-15] (Flipboard)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-03-31] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-06-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-08] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-06-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-23] (Microsoft Corporation)
RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2017-09-22] (Tiny Opener)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-12] (Random Salad Games LLC)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2016-03-04] (The Weather Channel.)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-18] (TripAdvisor LLC)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-03D691D89D5D} -> [Creative Cloud Files] => C:\Users\Ryan\Creative Cloud Files [2016-08-23 11:23]
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.083.0425.0003\amd64\FileSyncShell64.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Ryan\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <==== Cyrillic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agoda.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.agoda.com/?cid=1649895&tag=square
 
==================== Loaded Modules (Whitelisted) =============
 
2015-12-03 10:26 - 2011-08-24 10:39 - 000081920 _____ () [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\_ctypes.pyd
2015-08-07 13:35 - 2015-08-07 13:35 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2021-05-08 20:21 - 2021-05-08 20:22 - 092143616 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-04-02 18:09 - 2021-04-04 21:46 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2015-12-03 10:26 - 2015-07-01 15:25 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\MSVCR71.dll
2020-10-04 21:53 - 2020-10-04 21:53 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-10-04 21:53 - 2020-10-04 21:53 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2020-04-20 09:30 - 2020-04-20 09:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-20 09:30 - 2020-04-20 09:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2015-12-03 10:26 - 2011-08-24 10:39 - 002113536 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\CyberLink\YouCam6\koan\python25.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231413757170427&GUID=A8D2861F-B181-470C-B2F9-3C234A12F775
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ph/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://mysearch.avg.com/search?cid={FE0C9B38-E2D2-462D-A542-1946605F50EA}&mid=d3f796d5bcda47cfb14179eed3b9b211-f564f79562d74746c6647c88325a3f36054c6e3c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-17 04:24:53&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\sharepoint.com -> hxxps://omgww-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-05-27 23:19 - 2021-05-27 23:19 - 000000861 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-1211838656-3945196859-822910569-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5777FC7B-8953-47F5-BB0D-F917368A7ADE}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{60986C1A-2AC1-457D-A0E2-93C6D7D111EA}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{0A20D7A5-577C-4875-A300-E76A4D9AC5C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{03CC7FD6-3D4F-49E9-A540-B5BB9CB8BA00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{913A308F-3BEE-4D5D-A585-9E1725BA9ABE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{59E779BB-92AD-4D51-A34B-0DCE92491FD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [UDP Query User{195E4B19-2D4F-40EF-9693-8C2543D0DA8F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{93D7DC47-37E6-471E-9592-C4AEA787E132}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A06F9ED3-573B-4CD0-B75B-B3C62B7C8FC3}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{9F092B36-5ABE-47DD-BD28-7FEE7ECA1E3C}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{CE3D09F2-00B2-45F3-8D71-CA8D17AB7A0A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{785B8EFE-C5E4-4167-88D2-9A129DF5E52B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8642CBB4-E860-488E-9416-3ACB2FFA34D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D60956C6-2684-44A4-BF87-8FEFA2CF843B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71E68AF6-F895-4C3C-9848-DBD60E4EE1DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E67DF5-E4DE-4029-AEBC-DEBADFC22236}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E0864A86-2694-4380-9B7F-06B72B727AA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AA0789D0-E095-41AE-B04B-F5579A7613BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80562A76-AFA9-48ED-AE57-F84035CEF361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{CC4D6EDB-9545-4134-A114-03E23AD11601}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F9598931-8452-4615-8C88-3A0012DA92D5}] => (Allow) LPort=1900
FirewallRules: [{F1F3BC61-F0FB-4391-9BCB-296D34DBF420}] => (Allow) LPort=2869
FirewallRules: [{62E48C0F-0890-48E9-AD56-642060C96495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A12A4E46-1830-4490-B0D7-AD3242498940}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{2978F723-A15A-4A61-A41A-86ACFC9B5FFF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{3D82FF8D-C3A7-4ADB-8EB1-C4B3580BD18B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{02AA07B2-AEF5-4F8C-8BAE-8854DBF11D43}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{83F5E9B5-F067-4CDD-AEFF-BF0F30116A13}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E978F50E-90F5-4454-9F31-2AF43FC1EC07}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{32594A16-6F6F-487F-A57B-413F6349412E}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9138EA11-F9FB-4438-BD86-AD9BA0016728}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0BA2408C-156B-4595-B611-3EE02F8753DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{DB693282-1255-409C-A6AE-7CDC8236560C}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{27A102E6-A5A8-4CF2-A64B-5982278053F2}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0B5B9609-4022-4200-BDE4-7B85A6894898}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{83120D97-9AD3-4FEA-9A8A-B72BCA1F837F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{223744D9-0BDD-432B-9A8B-A603B787E759}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{30C8CC80-211C-4680-AF14-A8BD25149C37}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{1BF9B8E3-08F8-47B9-BCD6-23132A635D64}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{4655DA4F-8BE3-45A5-9377-D7CA6E316355}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{B438D418-8953-4D8F-8CA0-A526C2220AA5}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{95BD59FE-9C72-4F0D-9B3B-3EDD616B8497}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{439A0A05-95B4-4722-BF4F-AD1E21B983AB}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{8F8DAB2F-880A-4BC0-9A54-A047400D6C9F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{F257BCB6-E143-411B-80F4-26E71AD9DE73}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{4F43AF0C-0A55-4CB4-B87D-F49CEB99C362}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{AB95AA59-AB6E-4AFC-B381-7085DDE96F59}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{ED9733CB-FB5B-47BD-8D94-D3283375F053}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{280190F0-4C51-4F24-AFFF-884457BA223E}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{FD2CEDE6-4340-4590-954D-98F7D5C35505}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{C11BD620-E126-41A5-8EF1-235D4102948A}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [{E4DFC382-55FE-43FD-A5F2-87D9FAB76727}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [TCP Query User{18D45DE5-47B2-4297-B842-7189A5861864}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [UDP Query User{9BB8E2C7-11E8-47CA-8009-9033F53B9F37}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [{238B685D-AF2C-42FA-BD31-E2D23C564393}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [{1171CAA1-07C8-4EEE-817E-EAC3AA51C710}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{887082AF-6087-4272-95B3-BA085FD8D4EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6DE831C8-EC68-41CA-B7B3-D05BEDBA6C68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BBC80808-A1A1-43D8-B548-BCE4CF09F960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A8178277-005A-467C-B987-6EC6C1F3622C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{45B87E26-E83B-4AE6-AE12-396D2E6A15C5}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8B1E8E28-0515-4C6D-8641-70A36127DE4E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{B8B9428E-CB66-47BB-B007-C72ADD87F89A}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{14AFB7B8-7EF6-4C10-8B59-D5660F020D0F}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{67A0A61E-A4CF-4AF4-8810-DA056095690E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{C2941601-5F97-4A1A-8F9F-EFD9ED4FCDFE}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{2074ADE2-0750-476D-A33D-EA704C7B61C5}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [UDP Query User{5FD47EEF-52B1-448C-B825-2C4194DF455B}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [{909C94D6-0F01-454F-9CF6-7838BB8BD836}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1C6CB81-B483-46CD-8CA4-95E362ED449E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0CC1067B-A7AD-4C57-9E22-C004D24CC065}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [UDP Query User{DABAFB19-C75C-4C25-9DA1-085513C421E9}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [{D7AFE13E-B8E2-4435-A6D8-305C1FDDD276}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{049086F9-66D3-451F-BBFF-1A817C95EDB9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9FD81AC-D327-4831-8873-2E350BDA3768}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BAA199B7-907B-4EF0-9A32-5363D6B69A55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70DAD5E9-651D-427D-B226-0A1676A5237E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B32FA48D-E603-4E6C-B501-43E561FC1A48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DCF7CCAD-70FF-4D1B-AA86-712315A27E14}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
05-06-2021 00:42:43 Scheduled Checkpoint
08-06-2021 11:18:30 Language Pack Removal
11-06-2021 15:47:59 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/12/2021 03:41:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcrobatNotificationClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2748
 
Start Time: 01d75ef98c593056
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
 
Report Id: 16453304-ebba-439c-8bb9-3a6862a67a8c
 
Faulting package full name: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (06/11/2021 06:11:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31328
 
Error: (06/11/2021 06:11:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31328
 
Error: (06/11/2021 06:11:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/11/2021 06:11:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15703
 
Error: (06/11/2021 06:11:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15703
 
Error: (06/11/2021 06:11:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/11/2021 05:23:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeNotificationClient.exe version 4.9.0.484 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 28e8
 
Start Time: 01d75ea2bba0ea29
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
 
Report Id: b761912c-3a49-4c0c-9b47-bfdbc09c94bf
 
Faulting package full name: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
 
System errors:
=============
Error: (06/12/2021 03:32:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/12/2021 03:32:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (06/12/2021 03:32:06 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
Error: (06/12/2021 03:32:06 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
Error: (06/12/2021 03:23:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8A1A8BB1-242F-431A-9F5B-254BA754631C} did not register with DCOM within the required timeout.
 
Error: (06/12/2021 03:23:26 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Update Orchestrator Service service did not shut down properly after receiving a preshutdown control.
 
Error: (06/12/2021 03:17:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/12/2021 03:17:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.
 
 
Windows Defender:
================
Date: 2021-06-11 19:04:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-10 15:49:48
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-09 18:41:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-08 17:19:47
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-07 17:50:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-09 18:00:57
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.341.301.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18200.4
Error code: 0x80070050
Error description: The file exists. 
 
Date: 2021-06-04 14:06:34
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1962.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.24.0
Previous security intelligence Version: 1.339.1962.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.24.0
Previous security intelligence Version: 1.339.1962.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 14:06:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.31 05/06/2020
Motherboard: HP 80BC
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 77%
Total physical RAM: 4011.01 MB
Available physical RAM: 891.22 MB
Total Virtual: 10411.01 MB
Available Virtual: 6737.9 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.54 GB) (Free:287.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.12 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{68b8bcb9-b5a1-4cf9-ad61-2944d82b4720}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, Ryan.
 
My reply comes with a bit of delay, but I had to check several things regarding your computer.
 
These are my first comments/instructions:

 
1. McAfee 
 
You are using a method to bypass activation of McAfee products. This is illegal. My fix will remove this method and you have to uninstall the following:
 
McAfee Security Scan Plus 
McAfee True Key 
WebAdvisor by McAfee
 
To do that:
 
1.1. Remove McAfee products with the normal Windows procedure

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
McAfee Security Scan Plus 
McAfee True Key 
WebAdvisor by McAfee
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

1.2. Use the McAfee Removal Tool
 
Apply Method 2 to remove McAfee products' remnants.
 
 
2. Pirated programs
 
Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. We don't want that, right?
 
So... if any other program installed in the computer is not legally activated (e.g. Adobe Illustrator), please uninstall it/them along with the programs listed in Step 3 below.
 
 
3. Uninstall programs
 
Adobe Shockwave reached its end of life 2 years ago. 
AVG Web Tuneup is "an optimizer" and we do not recommend the use of such programs. They can harm a computer rather than do any good.

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Adobe Shockwave Player 12.1 
AVG Web TuneUp 
HPReyos
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

4. Uninstall Chrome extensions

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find the following extensions and remove them, one by one, clicking on Remove.
    AVG Secure Search
    Search Manager
  • Confirm the action by clicking Remove once again.

 

5. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Start::
CreateRestorePoint:
CloseProcesses: 
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Shortcut: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Ryan\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <==== Cyrillic
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://mysearch.avg.com/search?cid={FE0C9B38-E2D2-462D-A542-1946605F50EA}&mid=d3f796d5bcda47cfb14179eed3b9b211-f564f79562d74746c6647c88325a3f36054c6e3c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-17 04:24:53&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
FirewallRules: [{5777FC7B-8953-47F5-BB0D-F917368A7ADE}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{60986C1A-2AC1-457D-A0E2-93C6D7D111EA}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{0A20D7A5-577C-4875-A300-E76A4D9AC5C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{03CC7FD6-3D4F-49E9-A540-B5BB9CB8BA00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{913A308F-3BEE-4D5D-A585-9E1725BA9ABE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{59E779BB-92AD-4D51-A34B-0DCE92491FD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{A06F9ED3-573B-4CD0-B75B-B3C62B7C8FC3}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [{AA0789D0-E095-41AE-B04B-F5579A7613BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80562A76-AFA9-48ED-AE57-F84035CEF361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A12A4E46-1830-4490-B0D7-AD3242498940}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{2978F723-A15A-4A61-A41A-86ACFC9B5FFF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{3D82FF8D-C3A7-4ADB-8EB1-C4B3580BD18B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{02AA07B2-AEF5-4F8C-8BAE-8854DBF11D43}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{0BA2408C-156B-4595-B611-3EE02F8753DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{DB693282-1255-409C-A6AE-7CDC8236560C}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{223744D9-0BDD-432B-9A8B-A603B787E759}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{30C8CC80-211C-4680-AF14-A8BD25149C37}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{1BF9B8E3-08F8-47B9-BCD6-23132A635D64}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{4655DA4F-8BE3-45A5-9377-D7CA6E316355}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{B438D418-8953-4D8F-8CA0-A526C2220AA5}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{95BD59FE-9C72-4F0D-9B3B-3EDD616B8497}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{439A0A05-95B4-4722-BF4F-AD1E21B983AB}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{8F8DAB2F-880A-4BC0-9A54-A047400D6C9F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{F257BCB6-E143-411B-80F4-26E71AD9DE73}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{4F43AF0C-0A55-4CB4-B87D-F49CEB99C362}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{AB95AA59-AB6E-4AFC-B381-7085DDE96F59}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{ED9733CB-FB5B-47BD-8D94-D3283375F053}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{280190F0-4C51-4F24-AFFF-884457BA223E}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{FD2CEDE6-4340-4590-954D-98F7D5C35505}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{C11BD620-E126-41A5-8EF1-235D4102948A}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [{E4DFC382-55FE-43FD-A5F2-87D9FAB76727}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [UDP Query User{9BB8E2C7-11E8-47CA-8009-9033F53B9F37}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [{238B685D-AF2C-42FA-BD31-E2D23C564393}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [{1171CAA1-07C8-4EEE-817E-EAC3AA51C710}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{887082AF-6087-4272-95B3-BA085FD8D4EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6DE831C8-EC68-41CA-B7B3-D05BEDBA6C68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BBC80808-A1A1-43D8-B548-BCE4CF09F960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A8178277-005A-467C-B987-6EC6C1F3622C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{2074ADE2-0750-476D-A33D-EA704C7B61C5}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [UDP Query User{5FD47EEF-52B1-448C-B825-2C4194DF455B}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [TCP Query User{0CC1067B-A7AD-4C57-9E22-C004D24CC065}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [UDP Query User{DABAFB19-C75C-4C25-9DA1-085513C421E9}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-06-11] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\MountPoints2: {ca81ae49-7cc5-11e9-9cb8-a8a7955d5be2} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-05-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2198\SSScheduler.exe (McAfee, LLC. -> McAfee, LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {02B7D7E1-FE18-43EC-BFE0-9400703FB922} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4DE328C4-8B4C-4D3E-9255-1EFF5A8D78D5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\d7dcdedb8ce6b33b121246911ad33b47" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\DropboxOEM" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\HPCeeScheduleForRyan" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1211838656-3945196859-822910569-1001" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F652A8CE-8AAD-4B17-97C2-CFEC2FF6BEE6}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WpsNotifyTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WpsUpdateTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\YCMServiceAgent" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E5943B14-B274-4F1F-8DE9-27E2F3341A88} - System32\Tasks\d7dcdedb8ce6b33b121246911ad33b47 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\d7dcdedb8ce6b33b121246911ad33b47.ps1 <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com
CHR NewTab: Default ->  Not-active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973072 2021-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [398408 2021-05-01] (McAfee, LLC. -> McAfee, LLC)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Users\Ryan\AppData\Local\{13A4A428-21DB-4AE6-B550-8F579BAB0DC1}
C:\Users\Ryan\AppData\Local\{2BAF8F5D-9B83-47EC-A642-DB80C8AFEBDF}
C:\Users\Ryan\AppData\Local\{3F00E856-FBC1-46A6-9FA0-45421FB921B6} 
C:\Program Files\McAfee
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\McAfee Security Scan
C:\Program Files\Common Files\AV\McAfee VirusScan
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Wondershare
Hosts:
EmptyTemp: 
End::
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
    • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your Desktop.
    • Please post the log in your next reply.

 

In your next reply please post:

  • The programs you uninstalled including the recommendations
  • If everything went fine with the extensions uninstall.
  • The fixlog.txt

  • 0

#7
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Thank you for your advice and effort!

 

  • The programs you uninstalled including the recommendations
  • If everything went fine with the extensions uninstall.
  • The fixlog.txt

1. Uninstalled programs

  • Adobe Illustrator
  • Adobe Photoshop
  • Adobe Genuine Service
  • McAfee Security Scan Plus 
  • McAfee True Key 
  • WebAdvisor by McAfee
  • Adobe Shockwave Player 12.1 
  • AVG Web TuneUp 
  • HPReyos

2. Done removing the extensions.

 

3. Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2021
Ran by Ryan (12-06-2021 23:11:00) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & defaultuser1
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses: 
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Shortcut: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Ryan\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <==== Cyrillic
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://mysearch.avg.com/search?cid={FE0C9B38-E2D2-462D-A542-1946605F50EA}&mid=d3f796d5bcda47cfb14179eed3b9b211-f564f79562d74746c6647c88325a3f36054c6e3c&lang=en&ds=AVG&coid=avgtbavg&cmpid=1216tb&pr=fr&d=2016-11-17 04:24:53&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_17_30_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0CtA0F0D0ByEyEtD0CyE0Azy0C0CtDtN0D0Tzu0StBtDtAyEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzy0AtCtA0ByByBtGtAyE0A0DtGzyyB0A0DtGyC0BtByEtGzzyE0DyCyE0E0FtC0ByCtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0Czz0DtCtAyE0CtG0B0FyDyEtGyEtD0A0FtGzzzyzyyDtGzy0D0C0CtB0A0DtD0CtC0FyB2QtN0A0LzutB%26cr%3D847331072%26a%3Dwbf_nrssi_17_30_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.8.566\AVG Web TuneUp.dll [2017-10-20] (AVG Technologies CZ, s.r.o. -> AVG)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-06-11] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
FirewallRules: [{5777FC7B-8953-47F5-BB0D-F917368A7ADE}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{60986C1A-2AC1-457D-A0E2-93C6D7D111EA}] => (Allow) C:\Users\Ryan\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{0A20D7A5-577C-4875-A300-E76A4D9AC5C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{03CC7FD6-3D4F-49E9-A540-B5BB9CB8BA00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{913A308F-3BEE-4D5D-A585-9E1725BA9ABE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{59E779BB-92AD-4D51-A34B-0DCE92491FD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{A06F9ED3-573B-4CD0-B75B-B3C62B7C8FC3}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File
FirewallRules: [{AA0789D0-E095-41AE-B04B-F5579A7613BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{80562A76-AFA9-48ED-AE57-F84035CEF361}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A12A4E46-1830-4490-B0D7-AD3242498940}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{2978F723-A15A-4A61-A41A-86ACFC9B5FFF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{3D82FF8D-C3A7-4ADB-8EB1-C4B3580BD18B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{02AA07B2-AEF5-4F8C-8BAE-8854DBF11D43}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe => No File
FirewallRules: [{0BA2408C-156B-4595-B611-3EE02F8753DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{DB693282-1255-409C-A6AE-7CDC8236560C}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{223744D9-0BDD-432B-9A8B-A603B787E759}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{30C8CC80-211C-4680-AF14-A8BD25149C37}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\andy-x64\Setup.exe => No File
FirewallRules: [{1BF9B8E3-08F8-47B9-BCD6-23132A635D64}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{4655DA4F-8BE3-45A5-9377-D7CA6E316355}] => (Allow) C:\Program Files\Andy\andy.exe => No File
FirewallRules: [{B438D418-8953-4D8F-8CA0-A526C2220AA5}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{95BD59FE-9C72-4F0D-9B3B-3EDD616B8497}] => (Allow) C:\Program Files\Andy\AndyConsole.exe => No File
FirewallRules: [{439A0A05-95B4-4722-BF4F-AD1E21B983AB}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{8F8DAB2F-880A-4BC0-9A54-A047400D6C9F}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{F257BCB6-E143-411B-80F4-26E71AD9DE73}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{4F43AF0C-0A55-4CB4-B87D-F49CEB99C362}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe => No File
FirewallRules: [{AB95AA59-AB6E-4AFC-B381-7085DDE96F59}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{ED9733CB-FB5B-47BD-8D94-D3283375F053}] => (Allow) C:\Users\Ryan\AppData\Local\Temp\RemoveTemp.exe => No File
FirewallRules: [{280190F0-4C51-4F24-AFFF-884457BA223E}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{FD2CEDE6-4340-4590-954D-98F7D5C35505}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe => No File
FirewallRules: [{C11BD620-E126-41A5-8EF1-235D4102948A}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [{E4DFC382-55FE-43FD-A5F2-87D9FAB76727}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe => No File
FirewallRules: [UDP Query User{9BB8E2C7-11E8-47CA-8009-9033F53B9F37}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
FirewallRules: [{238B685D-AF2C-42FA-BD31-E2D23C564393}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [{1171CAA1-07C8-4EEE-817E-EAC3AA51C710}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{887082AF-6087-4272-95B3-BA085FD8D4EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6DE831C8-EC68-41CA-B7B3-D05BEDBA6C68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BBC80808-A1A1-43D8-B548-BCE4CF09F960}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A8178277-005A-467C-B987-6EC6C1F3622C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{2074ADE2-0750-476D-A33D-EA704C7B61C5}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [UDP Query User{5FD47EEF-52B1-448C-B825-2C4194DF455B}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [TCP Query User{0CC1067B-A7AD-4C57-9E22-C004D24CC065}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
FirewallRules: [UDP Query User{DABAFB19-C75C-4C25-9DA1-085513C421E9}C:\users\ryan\appdata\local\programs\upwork\upwork.exe] => (Allow) C:\users\ryan\appdata\local\programs\upwork\upwork.exe => No File
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2187336 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-06-11] (Spotify AB -> Spotify Ltd) <==== ATTENTION
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\MountPoints2: {ca81ae49-7cc5-11e9-9cb8-a8a7955d5be2} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-05-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2198\SSScheduler.exe (McAfee, LLC. -> McAfee, LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {02B7D7E1-FE18-43EC-BFE0-9400703FB922} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4DE328C4-8B4C-4D3E-9255-1EFF5A8D78D5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\[email protected]" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\BlueStacksHelper" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\d7dcdedb8ce6b33b121246911ad33b47" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\DropboxOEM" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\HPCeeScheduleForRyan" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1211838656-3945196859-822910569-1001" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F652A8CE-8AAD-4B17-97C2-CFEC2FF6BEE6}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\WpsNotifyTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\WpsUpdateTask_Administrator" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\YCMServiceAgent" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48}" /ENABLE
Task: {E1143EA4-505D-4766-A310-67A94E44AE1E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E5943B14-B274-4F1F-8DE9-27E2F3341A88} - System32\Tasks\d7dcdedb8ce6b33b121246911ad33b47 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\d7dcdedb8ce6b33b121246911ad33b47.ps1 <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-06-11] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
CHR HomePage: Default -> mysearch.avg.com
CHR NewTab: Default ->  Not-active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [973072 2021-06-11] (McAfee, LLC -> McAfee, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2198\McCHSvc.exe [398408 2021-05-01] (McAfee, LLC. -> McAfee, LLC)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-10-20] (AVG Technologies CZ, s.r.o. -> )
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare Technology Co.,Ltd -> Wondershare)
C:\Users\Ryan\AppData\Local\{13A4A428-21DB-4AE6-B550-8F579BAB0DC1}
C:\Users\Ryan\AppData\Local\{2BAF8F5D-9B83-47EC-A642-DB80C8AFEBDF}
C:\Users\Ryan\AppData\Local\{3F00E856-FBC1-46A6-9FA0-45421FB921B6} 
C:\Program Files\McAfee
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\McAfee Security Scan
C:\Program Files\Common Files\AV\McAfee VirusScan
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\Wondershare
Hosts:
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5777FC7B-8953-47F5-BB0D-F917368A7ADE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60986C1A-2AC1-457D-A0E2-93C6D7D111EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A20D7A5-577C-4875-A300-E76A4D9AC5C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03CC7FD6-3D4F-49E9-A540-B5BB9CB8BA00}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{913A308F-3BEE-4D5D-A585-9E1725BA9ABE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59E779BB-92AD-4D51-A34B-0DCE92491FD1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A06F9ED3-573B-4CD0-B75B-B3C62B7C8FC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA0789D0-E095-41AE-B04B-F5579A7613BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80562A76-AFA9-48ED-AE57-F84035CEF361}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A12A4E46-1830-4490-B0D7-AD3242498940}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2978F723-A15A-4A61-A41A-86ACFC9B5FFF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D82FF8D-C3A7-4ADB-8EB1-C4B3580BD18B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02AA07B2-AEF5-4F8C-8BAE-8854DBF11D43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BA2408C-156B-4595-B611-3EE02F8753DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB693282-1255-409C-A6AE-7CDC8236560C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{223744D9-0BDD-432B-9A8B-A603B787E759}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30C8CC80-211C-4680-AF14-A8BD25149C37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BF9B8E3-08F8-47B9-BCD6-23132A635D64}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4655DA4F-8BE3-45A5-9377-D7CA6E316355}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B438D418-8953-4D8F-8CA0-A526C2220AA5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95BD59FE-9C72-4F0D-9B3B-3EDD616B8497}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{439A0A05-95B4-4722-BF4F-AD1E21B983AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F8DAB2F-880A-4BC0-9A54-A047400D6C9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F257BCB6-E143-411B-80F4-26E71AD9DE73}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F43AF0C-0A55-4CB4-B87D-F49CEB99C362}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB95AA59-AB6E-4AFC-B381-7085DDE96F59}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED9733CB-FB5B-47BD-8D94-D3283375F053}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{280190F0-4C51-4F24-AFFF-884457BA223E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD2CEDE6-4340-4590-954D-98F7D5C35505}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C11BD620-E126-41A5-8EF1-235D4102948A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4DFC382-55FE-43FD-A5F2-87D9FAB76727}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9BB8E2C7-11E8-47CA-8009-9033F53B9F37}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{238B685D-AF2C-42FA-BD31-E2D23C564393}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1171CAA1-07C8-4EEE-817E-EAC3AA51C710}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{887082AF-6087-4272-95B3-BA085FD8D4EF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DE831C8-EC68-41CA-B7B3-D05BEDBA6C68}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBC80808-A1A1-43D8-B548-BCE4CF09F960}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8178277-005A-467C-B987-6EC6C1F3622C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2074ADE2-0750-476D-A33D-EA704C7B61C5}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5FD47EEF-52B1-448C-B825-2C4194DF455B}C:\users\ryan\appdata\roaming\utorrent\updates\3.5.5_45291.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0CC1067B-A7AD-4C57-9E22-C004D24CC065}C:\users\ryan\appdata\local\programs\upwork\upwork.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DABAFB19-C75C-4C25-9DA1-085513C421E9}C:\users\ryan\appdata\local\programs\upwork\upwork.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt" => not found
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom" => removed successfully
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify" => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca81ae49-7cc5-11e9-9cb8-a8a7955d5be2} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED} => not found
HKLM\System\CurrentControlSet\Control\Lsa\\"Notification Packages"="scecli" => value restored successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"C:\Program Files\McAfee Security Scan\3.11.2198\SSScheduler.exe" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02B7D7E1-FE18-43EC-BFE0-9400703FB922}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B7D7E1-FE18-43EC-BFE0-9400703FB922}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE328C4-8B4C-4D3E-9255-1EFF5A8D78D5}" => not found
"C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1143EA4-505D-4766-A310-67A94E44AE1E}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5943B14-B274-4F1F-8DE9-27E2F3341A88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5943B14-B274-4F1F-8DE9-27E2F3341A88}" => removed successfully
C:\WINDOWS\System32\Tasks\d7dcdedb8ce6b33b121246911ad33b47 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d7dcdedb8ce6b33b121246911ad33b47" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => not found
"C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi" => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => not found
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Mozilla\SeaMonkey\Extensions\\[email protected]" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => not found
"Chrome HomePage" => removed successfully
"Chrome NewTab" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => removed successfully
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => removed successfully
McAfee WebAdvisor => service not found.
McComponentHostService => service not found.
TrueKey => service not found.
TrueKeyScheduler => service not found.
TrueKeyServiceHelper => service not found.
WtuSystemSupport => service not found.
WsAppService => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\WsAppService => removed successfully
WsAppService => service removed successfully
C:\Users\Ryan\AppData\Local\{13A4A428-21DB-4AE6-B550-8F579BAB0DC1} => moved successfully
C:\Users\Ryan\AppData\Local\{2BAF8F5D-9B83-47EC-A642-DB80C8AFEBDF} => moved successfully
C:\Users\Ryan\AppData\Local\{3F00E856-FBC1-46A6-9FA0-45421FB921B6} => moved successfully
"C:\Program Files\McAfee" => not found
"C:\Program Files (x86)\AVG Web TuneUp" => not found
"C:\Program Files\McAfee Security Scan" => not found
"C:\Program Files\Common Files\AV\McAfee VirusScan" => not found
"C:\Program Files (x86)\Common Files\AVG Secure Search" => not found
C:\Program Files (x86)\Wondershare => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143821946 B
Java, Flash, Steam htmlcache => 25212483 B
Windows/system/drivers => 25321862 B
Edge => 3923778 B
Chrome => 597920932 B
Firefox => 64743652 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1216512 B
NetworkService => 904872620 B
Ryan => 1011904395 B
defaultuser1.DESKTOP-NC9HVNJ => 1011911563 B
Jundril => 1012005439 B
 
RecycleBin => 5173673215 B
EmptyTemp: => 9.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:20:47 ====

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Thank you, Ryan.
 
You did a good job.  :thumbsup:

Moving on.

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#9
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi again!

 

AdwCleaner.exe isn't running properly. Whenever I double click it, a window with black background appears then closes quickly. Please see the attached to see how it looks.


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

No attachment.

 

Restart the computer and give AdwCleaner another chance. Please let me know what happens.


  • 0

Advertisements


#11
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Still not working after restart. I also tried clicking the "Run as Administrator" option but to no avail. The black window (looks the same as cmd window) still appears then disappears quickly. I also uninstalled then reinstalled the app.


Edited by rybards, 12 June 2021 - 10:34 AM.

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

OK, Ryan.

 

Try to scan the computer with Malwarebytes as instructed above, leaving AdwCleaner for now.

 

Let me know about the result.


  • 0

#13
rybards

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Here it is:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/13/21
Scan Time: 1:20 AM
Log File: 7a1b2a3a-cba2-11eb-8e92-fc3fdb440c4a.json
 
-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41647
License: Trial
 
-System Information-
OS: Windows 10 (Build 19041.1052)
CPU: x64
File System: NTFS
User: DESKTOP-NC9HVNJ\Ryan
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 366375
Threats Detected: 86
Threats Quarantined: 0
Time Elapsed: 37 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
Adware.Norassie, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Norassie, No Action By User, 6734, 361347, 1.0.41647, , ame, , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\CSASTATS\ic, No Action By User, 516, 586068, 1.0.41647, , ame, , , 
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\PRODUCTSETUP, No Action By User, 516, 481004, 1.0.41647, , ame, , , 
Adware.Wajam.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, 5156, -1, 0.0.0, , action, , , 
 
Registry Value: 11
PUP.Optional.InstallCore, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, 516, 481004, 1.0.41647, , ame, , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, No Action By User, 283, 626738, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, No Action By User, 283, 626738, , , , , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, No Action By User, 5156, -1, 0.0.0, , action, , , 
Adware.Wajam.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, 5156, -1, 0.0.0, , action, , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, 283, 626739, , , , , , 
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1211838656-3945196859-822910569-1005\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, 283, 626739, , , , , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 18
PUP.Optional.Elex, C:\USERS\RYAN\APPDATA\ROAMING\GAMELAUNCHER\SEVILER, No Action By User, 1064, 318133, 1.0.41647, , ame, , , 
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e, No Action By User, 5158, 408157, , , , , , 
Adware.Social2Search.EncJob, C:\PROGRAM FILES\61f97e576fd13a57e168dca3722def3d, No Action By User, 5158, 408157, 1.0.41647, , ame, , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers, No Action By User, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons, No Action By User, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources, No Action By User, 1329, 322618, , , , , , 
PUP.Optional.HPDefender, C:\USERS\RYAN\APPDATA\ROAMING\HPREYOS, No Action By User, 1329, 322618, 1.0.41647, , ame, , , 
PUP.Optional.ByteFence, C:\PROGRAMDATA\BYTEFENCE, No Action By User, 1087, 388718, 1.0.41647, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Extensions\pilplloabdedfmialnfchjomjmpjcoej, No Action By User, 283, 626738, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, No Action By User, 283, 626738, 1.0.41647, , ame, , , 
Adware.Wajam.PrxySvrRST, C:\WINDOWS\SYSTEM32\SSL, No Action By User, 5156, 878871, 1.0.41647, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, 283, 626739, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, 283, 626739, 1.0.41647, , ame, , , 
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, No Action By User, 1087, 823167, 1.0.41647, , ame, , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 283, 626729, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 283, 626729, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 283, 628563, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\RYAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 283, 628563, , , , , , 
 
File: 53
Adware.Social2Search.EncJob, C:\PROGRAM FILES\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\84f6178f1b3ea0abe4494caba91f149b.ico, No Action By User, 5158, 408157, 1.0.41647, , ame, , 20885CF292A9CFF5D95AA8B74EAF9A61, B71357524D673C9385EBBFCD2253D1F0804B141F0F0D2229118096DBE12803A2
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\a0c171b3159cdc99c9077456bd3f978c.ico, No Action By User, 5158, 408157, , , , , 215B35A90905F3C17BEF2EBB8466B516, 2930890697A979EEA7E376B1DFCCD11B0C25AEFFF07308676261D754F257327A
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\9a72a52adf54310d97429f346f1c259e\f248a72501a21c4b0a4a5e03ae9eb4d6.ico, No Action By User, 5158, 408157, , , , , 9675A43428B30AEF2E8104BB907CB1AE, 84571DFD9066B947815E9E87C5D43D29467DB09206820AACAFEEC3189821ADC6
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a0c171b3159cdc99c9077456bd3f978c.ico, No Action By User, 5158, 408157, , , , , 215B35A90905F3C17BEF2EBB8466B516, 2930890697A979EEA7E376B1DFCCD11B0C25AEFFF07308676261D754F257327A
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a743e55fdd50345d1b6c34325012045f, No Action By User, 5158, 408157, , , , , 960B61602F5A99CC3348544573196397, 55D75572E668C390047662CFBE5A95D692874AA1AA763C26BAC9A6C6AD2858DB
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\a950cbe601307b99ba3d443dcd26d329, No Action By User, 5158, 408157, , , , , B2AC30D9E5CA60D6817E7D96D8C24707, F96FB7A977683B6C3FCD855AD452AD32AD95A521A2F01EC130C174E6AAD0ACBB
Adware.Social2Search.EncJob, C:\Program Files\61f97e576fd13a57e168dca3722def3d\d668f2097b0acbd7c7825be7fd93da94__00007FF7515C5C13__C0000005.dmp, No Action By User, 5158, 408157, , , , , F63723E2AF27775BFDFA23E747666285, DD7B813C4AD7CBBFBDEBD9884CED7225E3FC97B713B661FF9FE173EA42B66162
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\chrome.ico, No Action By User, 1329, 322618, , , , , ABD1E7A4EC5EB38095B42D2070C27667, 4CD4A25D1C9F3C93E138513E4FDE24AA9F277F0434D3EE19D4DE7CE7463CE5C1
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\firefox.ico, No Action By User, 1329, 322618, , , , , 0FD7091679DC3D9B677C7022992F9F08, F54066F0208804319751EC71B1C47610539928640EDF11EC4CD2F77FB77D4274
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\ie.ico, No Action By User, 1329, 322618, , , , , E5626647A15AC05E3B83979962EEE36D, 764B14608F46B608870AB14FCC9CC61D7153190AFA6F019037E77A00212A97B4
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\opera.ico, No Action By User, 1329, 322618, , , , , 9E6C8E17023E3C1E7D36A4D29F588F15, 8B55F09EA4349F09E03ABEF88D0E68FB3CAF1DE359F4AEAFBED922031C165146
PUP.Optional.HPDefender, C:\Users\Ryan\AppData\Roaming\HPReyos\Resources\Icons\Browsers\yandex.ico, No Action By User, 1329, 322618, , , , , 5A591464D0461ECD841761B2FEFE03F5, CB1B585D197D987E8BBC7C39365C67828ACD3C44A1231616E1177530B0BA8FCB
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 626738, , , , , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, 283, 626738, , , , , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 283, 626738, , , , , BA57C81AE62093771673EB0A08FB50B9, D18984B87936FCAB943ED8B6F22A4ACB509138B40B2351B1BEB466B811B481E0
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, 283, 626738, , , , , F9EAA4B5B8B2DDF987E8D9ADF4008337, ED6ED61F0B971C3A49F8EF690BE9ADCB83D8354304DCC510F7D6318DA8F528C2
Adware.Wajam.PrxySvrRST, C:\WINDOWS\SYSTEM32\SSL\CERT.DB, No Action By User, 5156, 878871, 1.0.41647, , ame, , 3FFFFF71A4C091786328DA7016D44193, AEA2A570D06D812680D5AFEB76B2F534FE38DF080F764B8E8504AA43153CCE28
Adware.Wajam.PrxySvrRST, C:\Windows\System32\SSL\f951fb6936945a12.cer, No Action By User, 5156, 878871, , , , , 574A33E64FB90A509C16651D53FF793D, 073E0773AA8252A6D7DA6412EB56920C5912A09586944C2BB5C92762EF793867
Adware.Wajam.PrxySvrRST, C:\Windows\System32\SSL\xtls.db, No Action By User, 5156, 878871, , , , , 65D35CF9425EC9CC95CF84D7BA4E49C2, F0581A02363AFC469A9719BD03D71798E0CC5091B8293A57DA486A958D6E776F
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 626739, , , , , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, 283, 626739, , , , , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 283, 626739, , , , , BA57C81AE62093771673EB0A08FB50B9, D18984B87936FCAB943ED8B6F22A4ACB509138B40B2351B1BEB466B811B481E0
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, 283, 626739, , , , , F9EAA4B5B8B2DDF987E8D9ADF4008337, ED6ED61F0B971C3A49F8EF690BE9ADCB83D8354304DCC510F7D6318DA8F528C2
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\MANIFEST.JSON, No Action By User, 283, 626728, 1.0.41647, , ame, , DE70067CE7237C41AA2C22A0034F4CCF, 815B944244BA67220E3923B5D855712B7BA04858896595A4EA4D356831AA360B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\MANIFEST.JSON, No Action By User, 283, 626728, 1.0.41647, , ame, , 659E1A50CB11AAAE804F97B0236EB1AA, 2839B5D41EE8365B89FF56A8581DB876D314DD1EF1F16E7B5C2AAF005EEC9378
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\MANIFEST.JSON, No Action By User, 283, 626728, 1.0.41647, , ame, , DE70067CE7237C41AA2C22A0034F4CCF, 815B944244BA67220E3923B5D855712B7BA04858896595A4EA4D356831AA360B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\MANIFEST.JSON, No Action By User, 283, 626728, 1.0.41647, , ame, , 659E1A50CB11AAAE804F97B0236EB1AA, 2839B5D41EE8365B89FF56A8581DB876D314DD1EF1F16E7B5C2AAF005EEC9378
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\RESPONSECONFIG.JSON, No Action By User, 283, 626727, 1.0.41647, , ame, , 4EF91EC44811ECEE4DB7DF102C77D382, AD5D0F95AFC4E21C042ABC0F257E669149F997F4A3F5D15062762F7147C9C906
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ\10.1.4.55_0\RESPONSECONFIG.JSON, No Action By User, 283, 626727, 1.0.41647, , ame, , 4EF91EC44811ECEE4DB7DF102C77D382, AD5D0F95AFC4E21C042ABC0F257E669149F997F4A3F5D15062762F7147C9C906
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\RESPONSECONFIG.JSON, No Action By User, 283, 626727, 1.0.41647, , ame, , 0EEBA7D4FF0CEB131CE4CAD8D97BC612, 9716CD2BBE4FFF18E5DC887D5064D2DCC800A823B8971B6F48D0974766A19810
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE\10.1.4.60_0\RESPONSECONFIG.JSON, No Action By User, 283, 626727, 1.0.41647, , ame, , 0EEBA7D4FF0CEB131CE4CAD8D97BC612, 9716CD2BBE4FFF18E5DC887D5064D2DCC800A823B8971B6F48D0974766A19810
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 283, 626729, , , , , B99FA4F4D7A29A85AA3CA184DCF42AC2, 7967AEF04AF21AEC068D5A97DB7ECCAA5D992FA919A16C3CF877A0F63159FE0A
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000090.ldb, No Action By User, 283, 626729, , , , , 86C0B8D363A09CFDCC9028C8507D4FA2, A855CB6C680F110A8B6EEF832C7182AB1589FC7BCA7829CF97D95C5CA8CAB05C
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000092.ldb, No Action By User, 283, 626729, , , , , 722C07112469EFE4280C3DDA9D41EF1E, 38C530381EA0B52B7EA5FB18B167E873AE635A89C52771AC05E389490999E8F1
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000093.log, No Action By User, 283, 626729, , , , , 3C8FD9E84559FF73C07E4DB8A5C58D5B, 1E6A5DCDA9054BE0A51E0E5CCBC7C64EA9DED371B3C3D94D90386F2F5C8A502B
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000094.ldb, No Action By User, 283, 626729, , , , , BECEFDF53B1FE7D45D87AE719059C7AC, 85EBC1F03D3E9BE8873CEBF70680C7EA8B499EE265EA216F7A9A877B94AC38A9
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 283, 626729, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 283, 626729, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 283, 626729, , , , , F20538B223148985AE2587E60953D090, 4DFAAFEBAA18C0A36C91AA5FBB77863A2BE9106DB5705AE1BCFDE324E71DDC62
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 283, 626729, , , , , D0DE706C6EB196A396BB6CD3FE759F6C, 4732044662A300730400A55334E045F097DBDB4D0FFFFA040B874A2189998A7B
PUP.Optional.SearchManager.BITSRST, C:\Users\Jundril\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 283, 626729, , , , , B7CF569866D4BAB47865842D5127C7FE, 367F966D26161FFD300A846ADB8376AA41C6CFBEBAE0D7B7C6A4884FAB7083C5
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 283, 626729, , , , , 733D1F86CAD40A6BC203764F9CCDA70E, 2DE040DC4C89C1D2EA5A6808CA1C3D6AFE66939B838439ADD005F505655C91E2
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\011881.log, No Action By User, 283, 626729, , , , , 85A79E0295EE600C6AEEE34ECB4009F6, 7027C61FFD9F97100AF3E64C9AD06DFD26AA9BF6F56B5594D46551B806B910AE
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\011883.ldb, No Action By User, 283, 626729, , , , , 962626FF57B237A5C947B83949BF8EE9, 41A093EC60A7BE3CC17F2DBABB0FEE9FB09265E1A31288DAA030F9CBD1339090
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 283, 626729, , , , , BE8D16C77A488A674E45EBF5088B8B36, E50E7E36D1177FC26AEDE6A09F2E37D8D9F5F4455CBBF5EF40D6CA9D556857C8
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 283, 626729, , , , , , 
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 283, 626729, , , , , 139E38BD9FA2418A91CA9B058D9ACD1C, FD019A2D5EF4BE5F69D8B490936FA1EB226E78CDC92B310B39ECD9D77158A4E6
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 283, 626729, , , , , 535BF51B826397BCA717B4F9DA4D096E, 5274D882BCA87CBD199CD23F2EE916C3431B3CBA90030052B1D63450F5AAFCDF
PUP.Optional.SearchManager.BITSRST, C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-009206, No Action By User, 283, 626729, , , , , 312B999DD81F15C4C5285618708D8B9F, 66E4AAAFE87DFA9AB365E4BB45E77D0C24B7ACB7325204D72DE7AA8DCA7DC48B
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 626729, 1.0.41647, , ame, , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 628563, 1.0.41647, , ame, , C54C59B9BE562DAD14D9A907A2AA4BF7, C9797EB8AF288C4AF77B0C2A320C3FA1D33B892FFF56E0CD17F8DF3DF895F4BD
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, 283, 628563, 1.0.41647, , ame, , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
PUP.Optional.SearchManager.BITSRST, C:\USERS\JUNDRIL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, 283, 626729, 1.0.41647, , ame, , AD0B2A1520BAD2BA1D44118C1B2C4028, 07908CBBFF415FD8330B4A778AE6C6E1F2058424E0529C385039FCDD650422EF
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Many things detected and they all need to be removed.
 
Now you need to run Malwarebytes in Clean mode, to quarantine the detected items.
 
1. Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

2. Eset Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The Malwarebytes report
  2. The eset.txt

  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Any progress with the above?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP