Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer: Suspected Malware in System [Solved]

Started by rybards , Jun 11 2021 01:36 AM

  • This topic is locked This topic is locked

#31
rybards
Posted 19 June 2021 - 08:06 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2021

Ran by Ryan (19-06-2021 20:19:01) Run:2
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan & defaultuser1
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "uTorrent"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
FirewallRules: [{0B5B9609-4022-4200-BDE4-7B85A6894898}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{18D45DE5-47B2-4297-B842-7189A5861864}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe => No File
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
Task: {096C0699-B78C-486D-AD81-9006F08B8C89} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
C:\WINDOWS\system32\Tasks\McAfee
C:\Program Files (x86)\Adobe\Acrobat DC
C:\ProgramData\BlueStacks
VirusTotal: C:\Users\Public\ASR.dat
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uTorrent" => removed successfully
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iTunesHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B5B9609-4022-4200-BDE4-7B85A6894898}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{18D45DE5-47B2-4297-B842-7189A5861864}C:\users\ryan\appdata\local\skypeplugin\pluginhost.exe" => removed successfully
"HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Synchronizer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{096C0699-B78C-486D-AD81-9006F08B8C89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{096C0699-B78C-486D-AD81-9006F08B8C89}" => removed successfully
C:\WINDOWS\System32\Tasks\BlueStacksHelper => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlueStacksHelper" => removed successfully
C:\WINDOWS\system32\Tasks\McAfee => moved successfully
C:\Program Files (x86)\Adobe\Acrobat DC => moved successfully
"C:\ProgramData\BlueStacks" => not found
"VirusTotal: C:\Users\Public\ASR.dat" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37008044 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 45349996 B
Edge => 0 B
Chrome => 745520254 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 263511 B
NetworkService => 291295 B
Ryan => 238016742 B
defaultuser1.DESKTOP-NC9HVNJ => 238016742 B
Jundril => 238016742 B
 
RecycleBin => 194876438 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:22:54 ====
 
 
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2021
Ran by Ryan (administrator) on DESKTOP-NC9HVNJ (HP HP Notebook) (20-06-2021 06:14:02)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan
Platform: Windows 10 Home Single Language Version 21H1 19043.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dwm.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WUDFHost.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-10-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349224 2015-08-20] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-06-12] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1972608 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [BingSvc] => C:\Users\Ryan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-15] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [Viber] => C:\Users\Ryan\AppData\Local\Viber\Viber.exe [38582344 2019-11-28] (Viber Media S.à r.l. -> Viber Media S.à r.l.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Ryan\AppData\Local\slack\slack.exe [308368 2021-06-08] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- "C:\Users\Ryan\Desktop\Jap\Genki - An I (the data entry has 91 more characters).
HKLM\...\Windows x64\Print Processors\HPCPP155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.dll [597792 2013-09-10] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp160: C:\Windows\System32\spool\prtprocs\x64\hpcpp160.dll [602912 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-11] (Microsoft Windows Hardware Compatibility Publisher -> HP)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM135: C:\WINDOWS\system32\hpmlm135.dll [237344 2013-12-04] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-06-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B5C96F2-79FF-4E42-9B1D-A75379549056} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0BDAD3D9-145E-44F4-A584-D4286B4843AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {1513CFA1-7AF1-4829-AA07-86B886A4EA85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [352368 2021-05-17] (HP Inc. -> HP Inc.)
Task: {2DE6E150-F6E5-4975-A81D-3B67FB8D3147} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-22] (HP Inc. -> )
Task: {33C6A568-69A9-4D82-A654-8FBD2A70CB18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37869FAF-7684-4E81-8DE3-640D09E928FE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A92D0AA-6D4A-4CE7-B99B-DF09C6BD1CCC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AD8130B-6B26-4102-BC66-CDBD6159F85F} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [423096 2021-06-12] (Adobe Inc. -> Adobe Inc.)
Task: {50541FA9-88B1-4D64-A396-5B67C68C3B25} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5895392A-A351-45CB-9DB8-E186B0BC70B0} - System32\Tasks\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Glyph\GlyphClientApp.exe" -d "C:\Program Files (x86)\Glyph" -c -uninstall -silent -debug
Task: {68EFC8E6-B789-4045-8CDD-18DCC58A723B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {865EC776-810F-44F0-8DB5-112BE5E9DF7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {90D71BAA-299D-4F56-B3FB-B2427B4F7E3D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2819968 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {97E25573-7E0D-4D3A-B32C-1D75C7E09C27} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Ryan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-06-13] (ESET, spol. s r.o. -> ESET)
Task: {9B747888-D1E4-4B66-B4B0-BA8ED2FBDC90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-29] (Google Inc -> Google Inc.)
Task: {A787174D-D2FD-4E24-A99E-0D77E14F670E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {AD123015-4105-452E-B956-A99D1192B1DE} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {B17B0FA6-F64F-46AF-B39A-6E35C780E550} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {BA78896D-1B02-481C-94D4-0222AA47CD8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {BDC70C65-55F2-4F8B-AC18-1920F104EFDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D44DAEDD-D528-4860-8EEE-F08745EC1B09} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D95378FD-B28D-44CD-A137-26BF6DACDBDA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DACD9E7E-C567-487F-9719-160E503DBB3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {E1E944BC-680D-474A-A424-EBA655CEFBF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {EDF2DE97-9982-486B-8A7B-CFE270FE689E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F10670E2-BC14-44F9-99AC-C289391D0BF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB74F080-27D6-46EF-8FEB-7B781597CA2F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Ryan\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-06-13] (ESET, spol. s r.o. -> ESET)
Task: {FE93F97B-0E96-47F5-9CC2-5D6F264104E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.99.1 8.8.8.8
Tcpip\..\Interfaces\{1bcde77e-240f-4c10-84f3-761f61ca1577}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{81adeb0f-1b8d-47ca-b5cb-db77373ce48f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{cf628cd7-8fd6-4567-a7a3-f63135ab7c76}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f0032578-55e6-4f2f-9d5a-1d2ebf8755bc}: [DhcpNameServer] 192.168.99.1 8.8.8.8
 
Edge: 
=======
Edge HomeButtonPage: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> hxxps://www.google.com/
Edge Profile: C:\Users\Ryan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-20]
 
FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\phur0440.default-1500038885698 [2021-06-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-06-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-26] (WildTangent Inc -> )
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-06-12] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2021-06-20]
CHR Notifications: Default -> hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://meet.google.com
CHR HomePage: Default -> hxxp://www.google.com.ph/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Skype Calling) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Facebook Unseen) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof [2016-06-20]
CHR Extension: (Video Downloader professional) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2021-06-16]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-05-24]
CHR Extension: (Sheets) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-06-19]
CHR Extension: (rikaikun) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2021-06-15]
CHR Extension: (HP Network Check Launcher) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30]
CHR Extension: (Save to Facebook) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2021-06-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-06-17]
CHR Extension: (Awesome Screenshot & Screen Recorder) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2021-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Speedtest by Ookla) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2021-04-15]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-06-12] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\FileSyncHelper.exe [2103168 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-26] (WildTangent Inc -> WildTangent)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-18] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-12-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-13] (Malwarebytes Inc -> Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\OneDriveUpdaterService.exe [2567552 2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] (CyberLink Corp. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-13] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-06-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-20] (Malwarebytes Inc -> Malwarebytes)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-09-13] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-20 19:11 - 2021-06-20 03:58 - 000000000 ____D C:\Windows.old
2021-06-20 19:05 - 2021-06-20 19:11 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-06-20 19:02 - 2021-06-20 19:04 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-06-20 19:02 - 2021-06-20 19:02 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-06-20 18:47 - 2021-06-20 18:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-06-20 18:46 - 2021-06-20 18:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-20 18:46 - 2021-06-20 18:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-20 18:46 - 2021-06-20 18:46 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-20 18:46 - 2021-06-20 18:46 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-06-20 18:46 - 2021-06-20 18:46 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-20 18:46 - 2021-06-20 18:46 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-20 18:46 - 2021-06-20 18:46 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-20 18:45 - 2021-06-20 18:45 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-20 18:45 - 2021-06-20 18:45 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-06-20 18:45 - 2021-06-20 18:45 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-20 18:45 - 2021-06-20 18:45 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-20 18:45 - 2021-06-20 18:45 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-20 18:44 - 2021-06-20 18:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-20 18:44 - 2021-06-20 18:44 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-20 18:44 - 2021-06-20 18:44 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-20 18:44 - 2021-06-20 18:44 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-20 18:44 - 2021-06-20 18:44 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-20 18:44 - 2021-06-20 18:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-06-20 18:43 - 2021-06-20 18:43 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-20 18:43 - 2021-06-20 18:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-20 18:43 - 2021-06-20 18:43 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-20 18:43 - 2021-06-20 18:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-06-20 18:43 - 2021-06-20 18:43 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-06-20 18:30 - 2019-10-16 05:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-06-20 18:30 - 2019-10-16 05:50 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2021-06-20 18:30 - 2019-04-19 10:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-06-20 18:24 - 2021-06-20 18:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-06-20 18:24 - 2021-06-20 18:24 - 000000000 ____D C:\Program Files\MSBuild
2021-06-20 18:24 - 2021-06-20 18:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-06-20 18:24 - 2021-06-20 18:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-06-20 18:24 - 2021-06-20 18:24 - 000000000 ____D C:\inetpub
2021-06-20 04:08 - 2021-06-20 04:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-06-20 04:06 - 2021-06-20 04:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-06-20 03:59 - 2021-06-20 03:59 - 000000020 ___SH C:\Users\Ryan\ntuser.ini
2021-06-20 03:55 - 2021-06-20 03:57 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-06-20 03:55 - 2021-06-20 03:56 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-20 03:55 - 2021-06-20 03:56 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-20 03:55 - 2021-06-20 03:56 - 000003306 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F652A8CE-8AAD-4B17-97C2-CFEC2FF6BEE6}
2021-06-20 03:55 - 2021-06-20 03:56 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-20 03:55 - 2021-06-20 03:56 - 000003018 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-06-20 03:55 - 2021-06-20 03:56 - 000002808 _____ C:\WINDOWS\system32\Tasks\[email protected]
2021-06-20 03:55 - 2021-06-20 03:56 - 000002728 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-06-20 03:55 - 2021-06-20 03:56 - 000002638 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-06-20 03:55 - 2021-06-20 03:56 - 000002490 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent
2021-06-20 03:55 - 2021-06-20 03:56 - 000002366 _____ C:\WINDOWS\system32\Tasks\{D5D9ABA2-FD6A-4978-BC30-ECC925298A48}
2021-06-20 03:55 - 2021-06-20 03:56 - 000002310 _____ C:\WINDOWS\system32\Tasks\Adobe Uninstaller
2021-06-20 03:55 - 2021-06-20 03:55 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-20 03:55 - 2021-06-20 03:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-20 03:55 - 2021-06-20 03:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-1211838656-3945196859-822910569-1001
2021-06-20 03:55 - 2021-06-20 03:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-06-20 03:55 - 2021-06-20 03:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-20 03:53 - 2021-06-20 03:55 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2021-06-20 03:53 - 2021-06-20 03:55 - 000015243 _____ C:\WINDOWS\diagerr.xml
2021-06-20 03:38 - 2021-06-20 03:38 - 000936882 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-20 03:32 - 2021-06-20 03:32 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-06-20 03:32 - 2021-06-20 03:32 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-06-20 03:32 - 2021-06-20 03:32 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-06-20 03:20 - 2021-06-20 03:59 - 000000000 ____D C:\Users\Ryan
2021-06-20 03:20 - 2021-06-20 03:41 - 000000000 ____D C:\Users\Jundril
2021-06-20 03:20 - 2021-06-20 03:33 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-NC9HVNJ
2021-06-20 03:20 - 2019-12-07 17:10 - 000001105 _____ C:\Users\Jundril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-20 03:20 - 2019-12-07 17:10 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-NC9HVNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-20 03:12 - 2021-06-20 06:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-20 03:12 - 2021-06-20 03:13 - 000363464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-19 23:31 - 2021-06-20 04:00 - 000000000 ___DC C:\WINDOWS\Panther
2021-06-19 22:05 - 2021-06-19 23:31 - 000000000 ____D C:\ESD
2021-06-19 22:00 - 2021-06-19 22:00 - 000000000 ___HD C:\$Windows.~WS
2021-06-19 20:30 - 2021-06-19 20:30 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-06-19 17:43 - 2021-06-19 17:43 - 000026862 _____ C:\Users\Ryan\Desktop\CN_muraka1_8_700x525_FitToBoxSmallDimension_Center.webp
2021-06-19 17:43 - 2021-06-19 17:43 - 000006798 _____ C:\Users\Ryan\Desktop\download (1).jfif
2021-06-19 17:38 - 2021-06-19 17:38 - 000005433 _____ C:\Users\Ryan\Desktop\download.jfif
2021-06-18 10:53 - 2021-06-18 10:53 - 008534696 _____ (Malwarebytes) C:\Users\Ryan\Desktop\AdwCleaner.exe
2021-06-18 10:24 - 2021-06-18 10:45 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-18 10:23 - 2021-06-18 10:46 - 000594726 _____ C:\WINDOWS\ntbtlog.txt
2021-06-18 10:02 - 2021-06-18 10:06 - 000000000 ____D C:\Users\Ryan\Documents\ViberDownloads
2021-06-16 00:22 - 2021-06-16 00:22 - 000046286 _____ C:\Users\Ryan\Downloads\New KWS Samantha Margaret 06.15.2021.xlsx
2021-06-15 22:54 - 2021-06-15 22:54 - 000000268 _____ C:\Users\Ryan\Desktop\eset.txt
2021-06-15 18:55 - 2021-06-17 15:42 - 000000000 ____D C:\Users\Ryan\Downloads\Samantha Margaret - screenshots
2021-06-13 16:19 - 2021-06-15 12:24 - 000001278 _____ C:\Users\Ryan\Desktop\ESET Online Scanner.lnk
2021-06-13 16:17 - 2021-06-15 12:23 - 000001384 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-06-13 16:17 - 2021-06-13 16:17 - 000000000 ____D C:\Users\Ryan\AppData\Local\ESET
2021-06-13 16:15 - 2021-06-13 16:15 - 011697056 _____ (ESET) C:\Users\Ryan\Desktop\esetonlinescanner.exe
2021-06-13 02:01 - 2021-06-18 15:56 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\IGDump
2021-06-13 01:02 - 2021-06-18 10:48 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-13 01:02 - 2021-06-13 01:02 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-13 01:02 - 2021-06-13 01:02 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-13 01:02 - 2021-06-13 01:02 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-13 01:02 - 2021-06-13 01:02 - 000000000 ____D C:\Users\Ryan\AppData\Local\mbam
2021-06-13 01:02 - 2021-06-13 01:01 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-13 01:02 - 2021-06-13 01:00 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-13 01:01 - 2021-06-13 01:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-13 01:00 - 2021-06-13 01:00 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-13 00:58 - 2021-06-13 00:58 - 002080712 _____ (Malwarebytes) C:\Users\Ryan\Desktop\MBSetup.exe
2021-06-13 00:13 - 2021-06-13 00:13 - 000000000 ____D C:\AdwCleaner
2021-06-12 23:11 - 2021-06-19 20:22 - 000004276 _____ C:\Users\Ryan\Desktop\Fixlog.txt
2021-06-12 23:09 - 2021-06-19 20:18 - 000000000 ____D C:\Users\Ryan\Desktop\FRST-OlderVersion
2021-06-12 22:50 - 2021-06-12 22:50 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-06-12 03:39 - 2021-06-20 06:18 - 000029248 _____ C:\Users\Ryan\Desktop\FRST.txt
2021-06-11 17:41 - 2021-06-19 18:26 - 000049505 _____ C:\Users\Ryan\Desktop\Addition.txt
2021-06-11 16:39 - 2021-06-20 06:17 - 000000000 ____D C:\FRST
2021-06-11 16:20 - 2021-06-19 20:18 - 002300416 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2021-06-11 03:06 - 2021-06-20 04:11 - 000000000 ____D C:\Users\Ryan\Documents\YouCam
2021-06-10 21:14 - 2021-06-10 21:14 - 000012724 _____ C:\Users\Ryan\Downloads\Product Listing Template (1).odt
2021-06-08 22:42 - 2021-06-08 22:42 - 000253494 _____ C:\Users\Ryan\Downloads\Ryan Bardahi_Content Editor.xlsx
2021-06-08 22:40 - 2021-06-08 22:41 - 000253494 _____ C:\Users\Ryan\Downloads\ryan_bardahi_content_editor.xlsx
2021-06-08 09:56 - 2021-06-20 03:23 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-06-08 09:55 - 2021-06-08 09:57 - 000000000 ____D C:\Users\Ryan\AppData\Local\slack
2021-06-07 16:20 - 2021-06-19 12:00 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Slack
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\fltk.org
2021-06-07 12:47 - 2021-06-07 12:47 - 000000000 ____D C:\ProgramData\fltk.org
2021-06-07 12:46 - 2021-06-19 12:00 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Hubstaff
2021-06-07 12:41 - 2021-06-20 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hubstaff
2021-06-07 12:41 - 2021-06-07 12:41 - 000000000 ____D C:\Program Files\Hubstaff
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-20 19:11 - 2020-06-15 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBIRForms
2021-06-20 19:11 - 2019-12-07 17:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Registration
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-20 19:11 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-06-20 19:11 - 2019-05-11 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2021-06-20 19:11 - 2018-10-05 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-06-20 19:11 - 2018-07-23 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-06-20 19:11 - 2018-04-12 07:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-06-20 19:11 - 2017-11-10 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evaer
2021-06-20 19:11 - 2017-05-30 13:08 - 000000000 ____D C:\Program Files\AMD
2021-06-20 19:11 - 2017-05-30 13:07 - 000000000 ____D C:\Program Files\Intel
2021-06-20 19:11 - 2017-05-30 13:06 - 000000000 ____D C:\Program Files (x86)\Intel
2021-06-20 19:11 - 2017-05-24 14:43 - 000000000 ____D C:\Program Files\UNP
2021-06-20 19:11 - 2016-11-25 12:36 - 000000000 ____D C:\WINDOWS\en
2021-06-20 19:11 - 2016-10-08 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-06-20 19:11 - 2016-08-23 12:39 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-06-20 19:11 - 2016-07-21 13:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2021-06-20 19:11 - 2016-05-13 12:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-20 19:11 - 2016-02-27 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2021-06-20 19:11 - 2015-12-03 10:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-06-20 19:11 - 2015-12-03 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-06-20 19:11 - 2015-12-03 10:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2021-06-20 19:11 - 2015-12-03 10:24 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-06-20 19:11 - 2015-12-03 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-06-20 19:10 - 2019-12-07 17:18 - 000000000 ____D C:\WINDOWS\Setup
2021-06-20 19:10 - 2019-12-07 17:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-06-20 19:10 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-06-20 19:06 - 2017-05-30 13:07 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-06-20 19:06 - 2016-08-23 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2021-06-20 19:05 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Resources
2021-06-20 19:05 - 2017-07-13 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2021-06-20 19:05 - 2017-05-30 13:07 - 000000000 ____D C:\Program Files\Realtek
2021-06-20 18:56 - 2019-12-07 17:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-06-20 18:56 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-20 18:55 - 2019-12-07 17:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-06-20 18:32 - 2019-12-07 17:51 - 000000000 ____D C:\WINDOWS\OCR
2021-06-20 18:24 - 2021-04-09 21:49 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2021-06-20 18:24 - 2021-04-09 21:49 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2021-06-20 18:24 - 2021-04-09 21:49 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2021-06-20 18:24 - 2021-04-09 21:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2021-06-20 18:24 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-06-20 18:23 - 2021-04-09 21:49 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2021-06-20 18:23 - 2021-04-09 21:49 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2021-06-20 18:23 - 2021-04-09 21:49 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2021-06-20 04:29 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-20 04:19 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-20 04:19 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-20 04:08 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-20 04:03 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-20 04:02 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-20 04:01 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-20 04:01 - 2016-10-05 21:05 - 000000000 ___RD C:\Users\Ryan\3D Objects
2021-06-20 04:01 - 2016-04-27 13:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-06-20 04:00 - 2017-05-30 13:07 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-06-20 04:00 - 2016-02-27 04:57 - 000000000 __SHD C:\Users\Ryan\IntelGraphicsProfiles
2021-06-20 03:58 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-20 03:56 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-20 03:55 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-06-20 03:42 - 2019-12-07 17:14 - 000000000 __RSD C:\WINDOWS\Media
2021-06-20 03:34 - 2016-09-29 14:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-20 03:30 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-20 03:29 - 2020-10-04 21:36 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-20 03:29 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-20 03:28 - 2020-10-04 16:31 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-06-20 03:28 - 2020-07-04 00:58 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2021-06-20 03:28 - 2016-06-17 14:10 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2021-06-20 03:24 - 2020-04-13 18:39 - 000000000 ____D C:\Users\Jundril\AppData\Local\Packages
2021-06-20 03:22 - 2017-12-02 12:37 - 000000000 ____D C:\Users\Ryan\AppData\Local\Packages
2021-06-20 03:21 - 2018-07-31 12:28 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-NC9HVNJ\AppData\Local\Packages
2021-06-20 03:18 - 2017-05-30 13:08 - 000000000 ____D C:\Program Files\Elantech
2021-06-20 03:18 - 2017-05-30 13:07 - 000001863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk
2021-06-20 03:17 - 2020-07-15 21:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-20 03:17 - 2017-05-30 13:07 - 000184860 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2021-06-20 03:17 - 2017-05-30 13:07 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-06-20 03:17 - 2017-05-30 13:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-06-20 03:16 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-06-19 22:20 - 2018-11-09 17:32 - 000000000 ____D C:\Users\Ryan\AppData\Local\PlaceholderTileLogoFolder
2021-06-19 20:20 - 2016-08-23 11:11 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-06-18 10:26 - 2017-01-29 13:52 - 000000000 ____D C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
2021-06-18 10:23 - 2020-06-23 10:52 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-06-18 10:03 - 2016-06-17 14:10 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\ViberPC
2021-06-18 00:34 - 2020-06-23 10:53 - 000000000 ___RD C:\Users\defaultuser1.DESKTOP-NC9HVNJ\OneDrive
2021-06-18 00:34 - 2020-04-13 19:24 - 000000000 ___RD C:\Users\Jundril\OneDrive
2021-06-18 00:34 - 2016-02-27 05:01 - 000000000 ___RD C:\Users\Ryan\OneDrive
2021-06-18 00:33 - 2020-06-23 10:53 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-14 17:52 - 2020-08-23 14:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-13 16:05 - 2016-08-28 20:54 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\GameLauncher
2021-06-12 23:19 - 2016-10-06 17:41 - 000000000 ____D C:\Users\Ryan\AppData\LocalLow\Temp
2021-06-12 22:55 - 2016-08-23 01:14 - 000000000 ____D C:\ProgramData\Adobe
2021-06-12 22:52 - 2020-07-06 13:46 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2021-06-12 22:50 - 2020-04-13 18:39 - 000000000 ____D C:\Users\Jundril\AppData\Roaming\Adobe
2021-06-12 22:50 - 2016-02-27 04:57 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2021-06-12 22:49 - 2015-12-03 10:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-12 22:48 - 2016-08-28 20:01 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-06-12 22:48 - 2016-08-23 11:25 - 000000000 ____D C:\Program Files\Adobe
2021-06-12 22:34 - 2017-05-18 20:14 - 000000000 ____D C:\Program Files (x86)\Glyph
2021-06-12 22:27 - 2018-03-02 00:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 16:53 - 2015-12-03 10:24 - 000000000 ____D C:\ProgramData\Intel
2021-06-11 02:54 - 2015-12-03 10:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-09 15:50 - 2016-05-13 12:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 09:57 - 2016-07-08 16:27 - 000000000 ____D C:\Users\Ryan\AppData\Local\SquirrelTemp
2021-06-07 14:52 - 2017-04-22 13:11 - 000000000 ____D C:\Users\Ryan\Documents\Personal
2021-06-04 14:12 - 2016-10-08 17:28 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\vlc
2021-05-25 07:48 - 2020-08-23 14:04 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2020-08-23 14:04 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
 
==================== Files in the root of some directories ========
 
2016-08-28 20:39 - 2016-08-31 23:51 - 000000033 _____ () C:\Users\Ryan\AppData\Roaming\AdobeWLCMCache.dat
2016-02-27 04:58 - 2019-08-17 11:33 - 004863888 _____ () C:\Users\Ryan\AppData\Local\BTServer.log
2018-09-29 07:17 - 2021-06-12 22:57 - 000000205 _____ () C:\Users\Ryan\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2021
Ran by Ryan (20-06-2021 06:23:17)
Running from C:\Users\Ryan\Desktop
Windows 10 Home Single Language Version 21H1 19043.1052 (X64) (2021-06-19 19:58:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1211838656-3945196859-822910569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1211838656-3945196859-822910569-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-1211838656-3945196859-822910569-1004 - Limited - Enabled) => C:\Users\defaultuser1.DESKTOP-NC9HVNJ
Guest (S-1-5-21-1211838656-3945196859-822910569-501 - Limited - Disabled)
Ryan (S-1-5-21-1211838656-3945196859-822910569-1001 - Administrator - Enabled) => C:\Users\Ryan
WDAGUtilityAccount (S-1-5-21-1211838656-3945196859-822910569-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-f6a4a545-e534-4330-b288-de308fc7c365) (Version: 3.0.2.118 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
AMD Catalyst Install Manager (HKLM\...\{A14A2A00-D5CB-867E-8C03-8108DC2702D7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-c886034d-12e3-4236-bad2-5487e2d9e073) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-2eefcd8b-c074-4e0d-b5c2-6a42832c51c1) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloudApp for Windows (HKLM-x32\...\{95319D69-E9F4-42EA-B714-25F41D63DD51}) (Version: 5.7.0.77 - CloudPlus, Inc.)
Coyote The Outlander (HKLM-x32\...\WTA-4ff96c8e-d782-4348-a0b6-d895c0f9a91a) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-c8436530-3d00-43ea-bdc9-d6dcc44fe477) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company)
eBIRForms version v7.8.1 (HKLM-x32\...\eBIRForms_is1) (Version: v7.8.1 - )
ELAN Touchpad 15.2.5.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.2.5.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-e8b92b51-7c70-41c6-9aad-0e97c3c53587) (Version: 3.0.2.59 - WildTangent) Hidden
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-52610c72-9b4c-49b9-ae40-79039854aeba) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
Home Makeover (HKLM-x32\...\WTA-88c58a89-31b3-410c-ba91-29de1bc3ab93) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.8.34.31 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Hubstaff (HKLM-x32\...\Hubstaff) (Version: 1.5.19 - Netsoft Holdings, LLC.)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-d578daaa-ebb4-462a-87a7-c9b3299176d5) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-83516f4e-34e1-40d3-805c-9ec4d1645aef) (Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-32f6605e-28cf-4232-b252-4df6e8052886) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10604.207 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Jewel Match Snowscapes (HKLM-x32\...\WTA-e72af8c1-c6fe-4616-90d6-5075e78605b5) (Version: 3.0.2.118 - WildTangent) Hidden
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-7bd0f048-d01b-4982-901b-71b2c2ed446e) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-e9c0e3da-ea01-47cc-ba99-66d69694bdd4) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-4e0fb448-bdfa-40b8-bb43-5779539460e3) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-bef8ad43-22ab-4715-a4d0-1dda19c1ef40) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.14026.20270 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-e48022a6-15d1-4c65-a1fb-0baefbb66b50) (Version: 3.0.2.59 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Plagiarii (HKLM-x32\...\WTA-f80a7519-a55b-41db-94e4-26260516bfca) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-731d3fbc-1ca0-4c2b-b739-09a7a9b3a19b) (Version: 3.0.2.59 - WildTangent) Hidden
RagnarokOnline (HKLM-x32\...\{CEAD2132-9705-422C-9FAB-FD4360FBB8DA}) (Version: 14.20.0000 - Gravity)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.1021 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31219 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-4498b762-1be3-45fc-a497-3c145ff45d5b) (Version: 3.0.2.126 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.73 (HKLM-x32\...\Skype_is1) (Version: 8.73 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\slack) (Version: 4.17.1 - Slack Technologies Inc.)
Spotify (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{3D241290-3AB5-4D3E-9EA1-0CC741A98B11}) (Version: 6.1.0.1623 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)
Zoom (HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)
 
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-04-23] (Adobe Systems Incorporated)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-09] (Autodesk Inc.)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2021-06-13] (Flipboard)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-06-15] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-06-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-13] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-06-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2017-09-22] (Tiny Opener)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-06-13] (Random Salad Games LLC)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2021-06-13] (The Weather Channel.)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2021-06-13] (TripAdvisor LLC)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-03D691D89D5D} -> [Creative Cloud Files] => C:\Users\Ryan\Creative Cloud Files [2016-08-23 11:23]
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1211838656-3945196859-822910569-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.099.0516.0003\amd64\FileSyncShell64.dll [2021-06-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-13] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [236544 2011-12-19] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agoda.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.agoda.com/?cid=1649895&tag=square
 
==================== Loaded Modules (Whitelisted) =============
 
2015-08-07 13:35 - 2015-08-07 13:35 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2021-06-20 03:27 - 2021-06-20 03:27 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2021-06-20 03:27 - 2021-06-20 03:27 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131231413757170427&GUID=A8D2861F-B181-470C-B2F9-3C234A12F775
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ph/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1211838656-3945196859-822910569-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\sharepoint.com -> hxxps://omgww-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-05-27 23:19 - 2021-06-12 23:15 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-1211838656-3945196859-822910569-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.99.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1211838656-3945196859-822910569-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FBAF6479-1A7B-4197-AB09-342B22D69A56}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A91D7872-AB68-47F5-A70D-80824A65BFC3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{865A8134-203A-4035-A3D3-5A5349245758}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1C6CB81-B483-46CD-8CA4-95E362ED449E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{909C94D6-0F01-454F-9CF6-7838BB8BD836}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2941601-5F97-4A1A-8F9F-EFD9ED4FCDFE}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{67A0A61E-A4CF-4AF4-8810-DA056095690E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{14AFB7B8-7EF6-4C10-8B59-D5660F020D0F}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{B8B9428E-CB66-47BB-B007-C72ADD87F89A}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8B1E8E28-0515-4C6D-8641-70A36127DE4E}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{45B87E26-E83B-4AE6-AE12-396D2E6A15C5}] => (Allow) C:\Users\Ryan\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{83120D97-9AD3-4FEA-9A8A-B72BCA1F837F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{27A102E6-A5A8-4CF2-A64B-5982278053F2}] => (Allow) C:\Users\Ryan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{9138EA11-F9FB-4438-BD86-AD9BA0016728}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{32594A16-6F6F-487F-A57B-413F6349412E}C:\users\ryan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E978F50E-90F5-4454-9F31-2AF43FC1EC07}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83F5E9B5-F067-4CDD-AEFF-BF0F30116A13}] => (Block) C:\users\ryan\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{62E48C0F-0890-48E9-AD56-642060C96495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1F3BC61-F0FB-4391-9BCB-296D34DBF420}] => (Allow) LPort=2869
FirewallRules: [{F9598931-8452-4615-8C88-3A0012DA92D5}] => (Allow) LPort=1900
FirewallRules: [{CC4D6EDB-9545-4134-A114-03E23AD11601}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E0864A86-2694-4380-9B7F-06B72B727AA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C3E67DF5-E4DE-4029-AEBC-DEBADFC22236}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71E68AF6-F895-4C3C-9848-DBD60E4EE1DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D60956C6-2684-44A4-BF87-8FEFA2CF843B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8642CBB4-E860-488E-9416-3ACB2FFA34D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{CE3D09F2-00B2-45F3-8D71-CA8D17AB7A0A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{9F092B36-5ABE-47DD-BD28-7FEE7ECA1E3C}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{93D7DC47-37E6-471E-9592-C4AEA787E132}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{195E4B19-2D4F-40EF-9693-8C2543D0DA8F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:445.54 GB) (Free:262.37 GB) (59%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/20/2021 04:09:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 3.2105.19601.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1e78
 
Start Time: 01d76546b7ef41bf
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe
 
Report Id: 6b33dd1c-96aa-4830-a5f9-b00c07bc7ebd
 
Faulting package full name: Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Quiesce
 
Error: (06/20/2021 03:35:05 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2002) (User: NT AUTHORITY)
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (06/20/2021 03:35:03 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (06/20/2021 03:14:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.
 
 
System errors:
=============
Error: (06/20/2021 03:31:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTUOCDriverService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/20/2021 03:31:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTUOCDriverService service to connect.
 
Error: (06/20/2021 03:31:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/20/2021 03:31:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.
 
Error: (06/20/2021 03:28:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WPS Office Update Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/20/2021 03:28:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The HPWMISVC service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/20/2021 03:25:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (06/20/2021 03:25:32 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.31 05/06/2020
Motherboard: HP 80BC
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 87%
Total physical RAM: 4011.01 MB
Available physical RAM: 482.87 MB
Total Virtual: 9899.01 MB
Available Virtual: 6090.29 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:445.54 GB) (Free:262.37 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.12 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{68b8bcb9-b5a1-4cf9-ad61-2944d82b4720}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
Thank you so much! 

  • 0

Advertisements

#32
rybards
Posted 19 June 2021 - 11:39 PM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Also attaching the logs.

Attached Files


  • 0

#33
DR M
Posted 20 June 2021 - 04:33 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Hi, Ryan.
 
Good job with the in-place upgrade.
 
Although the logs are clean and we could stop here, I am concerned regarding some issues:
 
1. These lines in the log, usually appear when FRST is running with not Admin priviledges

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dasHost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
Failed to access process -> dwm.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WUDFHost.exe

 
2. The following enabled account. Are you aware of it? It seems to me as a temporary account and if so, we have to delete it.

defaultuser1.DESKTOP-NC9HVNJ

3. The AdwCleaner not running
 
 
Next steps:
 
1. Export profile list
 
Let's look further at the contents of the user profile list in the registry.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command line and press Enter.
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.

 

2. Users

  • Open File explorer (press the Windows logo key on the keyboard together with letter r, type Explorer and press Enter).
  • From the menu at the left choose My PC, then double click on C and then choose Users.
  • Please take a screenshot of what you see and attach it here.

  • 0

#34
rybards
Posted 20 June 2021 - 05:02 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

1. Export profile list

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
  76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
  00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
  00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
  00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
  61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
  00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
  6c,00,69,00,63,00,00,00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
  00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
  72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
  00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
  72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
  00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1211838656-3945196859-822910569-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
  00,52,00,79,00,61,00,6e,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,c0,30,3b,48,3b,ed,26,eb,69,9e,0c,\
  31,e9,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:b0,54,e1,27,40,65,d7,01
"LocalProfileLoadTimeLow"=dword:e100d381
"LocalProfileLoadTimeHigh"=dword:01d765b9
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:20f33023
"LocalProfileUnloadTimeHigh"=dword:01d7659f
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1211838656-3945196859-822910569-1004]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
  00,64,00,65,00,66,00,61,00,75,00,6c,00,74,00,75,00,73,00,65,00,72,00,31,00,\
  2e,00,44,00,45,00,53,00,4b,00,54,00,4f,00,50,00,2d,00,4e,00,43,00,39,00,48,\
  00,56,00,4e,00,4a,00,00,00
"Flags"=dword:00000000
"State"=dword:00000004
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,c0,30,3b,48,3b,ed,26,eb,69,9e,0c,\
  31,ec,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:50,be,d8,26,40,65,d7,01
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1211838656-3945196859-822910569-1005]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
  00,4a,00,75,00,6e,00,64,00,72,00,69,00,6c,00,00,00
"Flags"=dword:00000000
"State"=dword:00000004
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,c0,30,3b,48,3b,ed,26,eb,69,9e,0c,\
  31,ed,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:70,c0,2c,29,40,65,d7,01
 
2. Please see the attached file.

Attached Thumbnails

  • Capture.PNG

  • 0

#35
DR M
Posted 20 June 2021 - 05:11 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Check these accounts and let me know if they contain files you want. 

 

C:\Users\defaultuser1.DESKTOP-NC9HVNJ

 

C:\Users\Rya


  • 0

#36
rybards
Posted 20 June 2021 - 05:15 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi! Those two folders don't contain anything that I need. Same with the folder named "Jundril." I created that user account for a friend, but I wish to remove that, too. Thank you!


  • 0

#37
DR M
Posted 20 June 2021 - 05:25 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts
Can you please do this for me too?
  • In the Search area type Control Panel and select it.
  • View by Large Icons and find Users accounts. Select it.
  • Please take a screenshot of what you see.

  • 0

#38
rybards
Posted 20 June 2021 - 05:28 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Sure. Please see the attachment. Thank you! :)

Attached Thumbnails

  • user.PNG

  • 0

#39
DR M
Posted 20 June 2021 - 05:30 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Do you see something else when you choose Manage another account?


  • 0

#40
rybards
Posted 20 June 2021 - 05:34 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I don't see anything else. :)

Attached Thumbnails

  • Capture.PNG

  • 0

Advertisements

#41
DR M
Posted 20 June 2021 - 06:00 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

Thanks. I will be back to you in a while.


  • 0

#42
rybards
Posted 20 June 2021 - 06:00 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Okay. Thank you so much for your help.  :geek:


  • 0

#43
DR M
Posted 20 June 2021 - 06:53 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,113 posts

OK! Back to work!

 

Make sure that you log in as Ryan.

 
1. Delete accounts with Registry Editor

  • Copy the contents of the code below to Notepad (To open Notepad, type Notepad in the Search area and select it when the specific item appears).
  • Make sure to leave an empty line at the end of the script.
  • Name the file as fix.reg
  • Change the Save as Type to All Files and Save it on the desktop.
  • Once saved, double click on the fix.reg file and merge it into the Registry.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1211838656-3945196859-822910569-1004]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1211838656-3945196859-822910569-1005]

 
2. Delete accounts with FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
SystemRestore: On
CreateRestorePoint:
C:\Users\defaultuser1.DESKTOP-NC9HVNJ
C:\Users\Rya
C:\Users\Jundril 
reboot:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Fresh FRST logs

 

I would like to see fresh FRST logs, Addition and FRST.

 

 

In your next reply please post:

  1. The fixlog.txt
  2. The fresh FRST logs, Addition and FRST.

  • 0

#44
rybards
Posted 20 June 2021 - 06:57 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hi! Where can I get the Registry Editor? :)


  • 0

#45
rybards
Posted 20 June 2021 - 06:59 AM

rybards

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Oh, I got it now.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP