eset has been running for like 4 hours now. It hasn't detected anything but I worry that its hung up
Help please, think I'm infected [Solved]
#16
Posted 26 August 2021 - 09:17 AM
#17
Posted 26 August 2021 - 09:19 AM
Give it time. It's not something unusual.
#18
Posted 26 August 2021 - 09:30 AM
ok, thank you so very much for your help
#19
Posted 26 August 2021 - 01:30 PM
eset is complete
-----------------------
8/26/2021 14:28:56 PM
Files scanned: 947451
Detected files: 3
Cleaned files: 3
Total scan time 03:56:49
Scan status: Finished
H:\FileHistory\[email protected]\MPMM1 (2)\Data\C\Users\mikem\Downloads\advanced-systemcare-setup (2020_10_29 23_13_50 UTC).exe a variant of Win32/IObit.AY potentially unwanted application cleaned by deleting
H:\FileHistory\[email protected]\MPMM1 (2)\Data\C\Users\mikem\Downloads\iobituninstaller (2020_10_29 23_13_50 UTC).exe a variant of Win32/IObit.AY potentially unwanted application cleaned by deleting
H:\FileHistory\[email protected]\MPMM1 (2)\Data\C\Users\mikem\Downloads\smart-defrag-setup (2020_10_29 20_29_23 UTC).exe a variant of Win32/IObit.AX potentially unwanted application,a variant of Win32/IObit.AY potentially unwanted application cleaned by deleting
#20
Posted 26 August 2021 - 01:52 PM
Hello, mpmm.
The deleted files are in drive H and concern File History. Since you have IOBit Uninstaller installed, you can check if the program works properly, and if not and you want to keep it, restore it from quarantine (see here how: %5BKB2915%5D Restore files quarantined by the ESET Online Scanner version 3)
Now, I would like to see fresh FRST logs, Addition and FRST.
Also, please let me know how is the computer running now. Any issues/questions/concerns.
For fresh FRST logs:
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
#21
Posted 26 August 2021 - 02:51 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021
Ran by mike (administrator) on MPMM1 (Dell Inc. Inspiron 3847) (26-08-2021 15:44:01)
Running from C:\Users\mikem\Desktop
Loaded Profiles: mike
Platform: Windows 10 Pro Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\50.0.11.0\crashpad_handler.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [827200 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel® USB eXtensible Host Controller Drivers -> Intel Corporation)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81379600 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4905832 2020-11-20] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [443424 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [CiscoMeetingDaemon] => C:\Users\mikem\AppData\Local\WebEx\ciscowebexstart.exe [2356544 2020-10-23] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\HP2030PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP2030PP.DLL [65024 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [219648 2018-05-06] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\HP2030LM: C:\Windows\system32\HP2030LM.DLL [246784 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor India Private Limited.)
HKLM\...\Print\Monitors\PaperCut TCP/IP Port: C:\Windows\system32\pcprintportmon.dll [152000 2019-06-04] (PaperCut Software International Pty. Ltd. -> PaperCut Software International Pty Ltd)
HKLM\...\Print\Monitors\rica4Ulm: C:\Windows\system32\rica4Ulm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-17] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04C7871B-E64E-490C-AC89-AD96520F2E34} - System32\Tasks\WD Discovery Service Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [78608 2021-08-21] (Western Digital Technologies, Inc. -> )
Task: {16FC9E2F-C638-4535-9255-865DB818CDCB} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {226D9043-91B6-46CA-98D9-5610851CCFE8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {2A5762AB-FD2A-4D15-809A-6746E87AD479} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3200273941-2670340362-4195434088-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {2CEBCADB-560B-465F-A79C-6791D275433B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2FFAE513-2B47-4AFC-8D3C-D055BD739DEF} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Health Definition Update => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:UpdateDefinitionPlugInTaskAction /task:"Health Definition Update"
Task: {433E5798-4D14-4E7C-8147-51DB65ADF375} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4DF0FE37-A3DC-46DC-8D12-6F5CC28079C8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4E5E053F-244D-47DC-A624-244F388F50C5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {500DE81E-2736-41AE-A32F-BE53815B3D90} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\RDP Group Configuration => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\RemoteDesktopClientConfigLibrary.dll" /class:Microsoft.WindowsServerSolutions.RemoteDesktop.ClientConfigLibrary.RemoteDesktopClientConfig /method:AddDomainUserGroupToRDPGroup /task:"RDP Group Configuration"
Task: {5132C16D-3D87-446C-B4F3-E8F658E09C80} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledBackup /task:"Client Computer Backup"
Task: {52375E6B-4E99-4A72-8E6E-2B72F7BEDD40} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {57EF97F7-F445-41BB-8666-DA0F6B6D50FD} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {59F36483-263F-402F-962D-613A2DF98DF1} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {5AD733A0-C234-4E74-B055-AD07E8534B84} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B2A00C-D092-44BF-BE04-FB6A0A8EBEC0} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6B0AAABF-6C5C-4317-A41A-2351ED9E380F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E08D0DD-87D9-4127-B02D-02A149963506} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\mikem\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-26] (ESET, spol. s r.o. -> ESET)
Task: {76E6B2CD-3262-4DA9-A1D7-C88EE549CBF0} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup on Idle => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledOnIdleBackup /task:"Client Computer Backup on Idle"
Task: {7A85113A-31AA-466B-B0E9-E832A99DAB29} - System32\Tasks\WD Device Agent Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [723728 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {7E411FB2-67FE-4E9A-B943-F7B258C638DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7EEA6817-AFB0-46F3-8840-157E41F8D104} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {8A48CCB7-151C-47B2-8F1D-B994C204E399} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {979F0FF0-C0BC-4132-854F-0AD98A8AB2EF} - System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => C:\Windows\system32\pcalua.exe -a C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe -d C:\Users\mikem\Downloads
Task: {A184750E-2895-4828-931F-766CD34AA3A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5A2598A-0669-4BA5-A9AE-9D4E0C703648} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [834856 2020-04-11] (Intel® Trust Services -> Intel® Corporation)
Task: {A883502B-F499-4BC6-9C6B-F29A99F45A57} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B3A49E27-A226-4F11-8193-47DFEA367935} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {B58EB6B7-3E21-4A81-A8BF-26570C38283D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF63275E-F5CC-4A56-80B0-942D3F1B4BE2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {BFFA17E8-CDCE-4FD0-BCA6-39A2CCF2580E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C0DE3EFA-664B-4E1F-82FD-7FE80C503DAA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\mikem\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-26] (ESET, spol. s r.o. -> ESET)
Task: {C8237496-BA8E-46BB-B9AD-A34F86540F27} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Add-in Management => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\ClientSetupCommon.dll" /class:Microsoft.WindowsServerSolutions.ClientSetup.ClientTasks /method:AddInPerformInstallationsTask /task:"Add-in Management"
Task: {CBB5F33B-9761-4325-8625-F8C47F042802} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:EvaluateAlertsByTriggerTaskAction /task:"Alert Evaluations"
Task: {DEBA64A5-5F84-469F-97DD-2B592E018E41} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EBC6D266-3D7C-452B-AB95-4210B47C5CAF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ED98D965-F8C7-4359-95A0-BAA1839C633D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1C1C2CA-418B-4AA8-B396-D238AD9DFF8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F444DB58-E302-4AC5-8345-040A2CBA1887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4BF2215-A67D-4BBE-9373-6A4B97DD0B2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {F75F6115-3B7B-4225-8955-AECFD601DA10} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD29A9EF-2AE0-436F-8E95-D36034922A5C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-413578968-4127535815-2662069183-1116] => 45.175.238.8:999
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{43fe1a28-ff97-4cee-995c-2bf4c751a028}: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{6dd5eafc-63c3-4785-8771-379fdb967eff}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Profile: C:\Users\mikem\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\mikem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-25]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: hi4lo88b.default-1543873865624
FF ProfilePath: C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 [2021-08-26]
FF user.js: detected! => C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js [2020-12-31]
FF DownloadDir: C:\Users\mikem\Downloads
FF Notifications: Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 -> hxxps://app.practicepanther.com; hxxps://3unlocker.com; hxxps://mail.google.com
FF Extension: (Malwarebytes Browser Guard) - C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-08-25]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default [2021-08-26]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-23]
CHR Extension: (Docs) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Facebook) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb [2020-07-20]
CHR Extension: (Sheets) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-30]
CHR Extension: (Gmail) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-21]
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-24]
CHR HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10353056 2020-11-20] (Acronis International GmbH -> )
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1264400 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-13] (Adobe Systems) [File not signed]
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6383744 2020-12-23] (Acronis International GmbH -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209448 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3373600 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218144 2019-05-21] (Dell Inc -> Dell Inc.)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-25] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [48600 2019-09-10] (Dell Inc. -> Dell Inc.)
R3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5832096 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [668808 2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-03-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-12-10] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.243\WsAppService.exe [495392 2019-06-13] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]
S3 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [687768 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-07-30] (Google LLC -> Google, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-25] (Martin Malik - REALiX -> REALiX)
S3 libusbK; C:\WINDOWS\System32\DRIVERS\libusbK.sys [47200 2018-12-02] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-25] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslf26d0c17; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0D62871-17A0-44A3-BD53-C5F9FA834B7F}\MpKslDrv.sys [123112 2021-08-26] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175752 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [330176 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Windows Central Build Account - X -> Microsoft Corporation)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-26 14:29 - 2021-08-26 14:29 - 000003832 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-08-26 14:29 - 2021-08-26 14:29 - 000003390 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-08-26 14:29 - 2021-08-26 14:29 - 000001610 _____ C:\Users\mikem\Documents\eset.txt
2021-08-26 07:57 - 2021-08-26 07:57 - 000000810 _____ C:\Users\mikem\Desktop\microsoft office exploit.txt
2021-08-26 06:51 - 2021-08-26 10:27 - 000001433 _____ C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-08-26 06:51 - 2021-08-26 10:27 - 000001327 _____ C:\Users\mikem\Desktop\ESET Online Scanner.lnk
2021-08-26 06:51 - 2021-08-26 06:51 - 000000000 ____D C:\Users\mikem\AppData\Local\ESET
2021-08-26 06:48 - 2021-08-26 06:48 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2021-08-26 06:36 - 2021-08-26 06:36 - 011697056 _____ (ESET) C:\Users\mikem\Desktop\esetonlinescanner.exe
2021-08-26 05:27 - 2021-08-26 05:27 - 000002027 _____ C:\Users\mikem\Desktop\malwarebygtes.txt
2021-08-26 05:26 - 2021-08-26 05:26 - 000000000 ____D C:\Users\mikem\Documents\FeedbackHub
2021-08-26 02:12 - 2021-08-26 09:52 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IGDump
2021-08-25 14:08 - 2021-08-25 14:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-25 14:08 - 2021-08-25 14:08 - 000002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-25 14:08 - 2021-08-25 14:08 - 000001991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-25 14:07 - 2021-08-25 14:07 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-25 14:07 - 2021-08-25 14:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-25 14:06 - 2021-08-25 14:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-25 13:56 - 2021-08-25 13:57 - 002120496 _____ (Malwarebytes) C:\Users\mikem\Desktop\MBSetup-119967.119967-consumer.exe
2021-08-25 13:56 - 2021-08-25 13:56 - 008553680 _____ (Malwarebytes) C:\Users\mikem\Desktop\AdwCleaner.exe
2021-08-25 03:51 - 2021-08-25 03:51 - 000001280 _____ C:\Users\Public\Desktop\Madden NFL 22.lnk
2021-08-25 03:51 - 2021-08-25 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Madden NFL 22
2021-08-24 22:02 - 2021-08-24 22:02 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-05 16:12 - 002838384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-08-24 21:48 - 2021-08-24 21:53 - 756085256 _____ (NVIDIA Corporation) C:\Users\mikem\Desktop\471.68-desktop-win10-win11-64bit-international-dch-whql.exe
2021-08-24 20:29 - 2021-08-24 20:29 - 000001650 _____ C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
2021-08-24 20:29 - 2021-08-24 20:29 - 000000000 ____D C:\Program Files (x86)\MonitorDriver
2021-08-24 20:26 - 2021-08-24 20:26 - 008503296 _____ C:\Users\mikem\Desktop\C32F391FW.exe
2021-08-24 19:21 - 2021-08-24 19:31 - 000017601 _____ C:\Users\mikem\Desktop\Fixlog.txt
2021-08-24 15:30 - 2021-08-24 15:30 - 000000661 _____ C:\Users\mikem\Downloads\audio10.diagcab
2021-08-24 15:28 - 2021-08-24 15:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-08-24 15:26 - 2021-08-05 16:12 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-08-24 15:26 - 2021-08-05 16:12 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-08-24 15:10 - 2021-08-24 15:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Event Viewer Tasks
2021-08-24 14:57 - 2021-08-06 03:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001474672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000716928 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000645248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000577152 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 002112144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001171088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000750200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-08-24 14:57 - 2021-08-06 03:41 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000564352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 008854136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 005680768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-08-24 14:57 - 2021-08-06 03:39 - 000849024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-08-24 14:57 - 2021-08-06 03:38 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-24 14:57 - 2021-08-06 03:38 - 006215808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-24 14:57 - 2021-08-05 16:12 - 000083062 _____ C:\WINDOWS\system32\nvinfo.pb
2021-08-24 13:36 - 2021-08-24 13:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-08-24 08:37 - 2021-08-24 16:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-24 05:29 - 2021-08-26 06:46 - 000065536 _____ C:\WINDOWS\system32\Ikeext.etl
2021-08-22 11:59 - 2021-08-22 12:01 - 000056091 _____ C:\Users\mikem\Desktop\Addition.txt
2021-08-22 11:55 - 2021-08-26 15:46 - 000036707 _____ C:\Users\mikem\Desktop\FRST.txt
2021-08-22 11:45 - 2021-08-22 11:45 - 002300928 _____ (Farbar) C:\Users\mikem\Desktop\FRST64English.exe
2021-08-22 07:13 - 2021-08-22 10:19 - 000129418 _____ C:\Users\mikem\Desktop\fixlist-old.txt
2021-08-22 06:08 - 2021-08-22 06:10 - 000061739 _____ C:\Users\mikem\Desktop\Addition-old.txt
2021-08-22 06:03 - 2021-08-26 15:45 - 000000000 ____D C:\FRST
2021-08-22 03:54 - 2021-08-22 03:54 - 061496008 _____ C:\Users\mikem\Downloads\xvideos.com_dcfbbe233222f91eec075edc6fd05c56-1.mp4
2021-08-22 03:20 - 2021-08-22 03:36 - 292357446 _____ C:\Users\mikem\Downloads\720(3).mp4
2021-08-22 02:19 - 2021-08-22 02:33 - 213749924 _____ C:\Users\mikem\Downloads\720.mp4
2021-08-21 23:40 - 2021-08-21 23:40 - 000001257 _____ C:\Users\Public\Desktop\WD Security.lnk
2021-08-21 23:05 - 2021-08-21 23:05 - 000003208 _____ C:\WINDOWS\system32\Tasks\WD Discovery Service Task mike
2021-08-21 23:05 - 2021-08-21 23:05 - 000003144 _____ C:\WINDOWS\system32\Tasks\WD Device Agent Task mike
2021-08-21 18:26 - 2021-08-21 18:26 - 022611179 _____ C:\Users\mikem\Downloads\xvideos.com_86f4cbb9f72fe567818e04cf06d68c0b.mp4
2021-08-21 03:01 - 2021-08-21 03:05 - 100314912 _____ C:\Users\mikem\Downloads\720(1).mp4
2021-08-20 10:22 - 2021-08-26 06:46 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-18 12:45 - 2021-08-20 10:23 - 2042389024 _____ C:\WINDOWS\MEMORY.DMP
2021-08-18 12:45 - 2021-08-18 12:56 - 004645372 _____ C:\WINDOWS\Minidump\081821-42906-01.dmp
2021-08-17 23:17 - 2021-08-17 23:17 - 000000000 ____D C:\Users\mikem\Documents\GG
2021-08-17 22:31 - 2021-08-17 22:38 - 1416473092 _____ C:\Users\mikem\Downloads\403224HD.mp4
2021-08-17 20:22 - 2021-08-17 20:23 - 003455835 _____ C:\Users\mikem\Downloads\sox-state-of-market-report-2020.pdf
2021-08-12 14:59 - 2021-08-12 14:59 - 001151992 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-08-11 22:32 - 2021-08-11 22:32 - 000010246 _____ C:\Users\mikem\Documents\List of Items from Dads.xlsx
2021-08-11 06:37 - 2021-08-11 06:37 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2021-08-11 02:25 - 2021-08-11 02:25 - 076512537 _____ C:\Users\mikem\Downloads\xvideos.com_0c68c95f4d9e4eb74b649195872234fc.mp4
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 00:41 - 2021-08-11 00:41 - 000000000 ___HD C:\$WinREAgent
2021-08-09 10:45 - 2021-07-30 18:52 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys
2021-08-09 05:11 - 2021-08-09 05:13 - 466315432 _____ C:\Users\mikem\Downloads\SpankBang.com_ann+harlow+bangs+hot+young+bud_720p.mp4
2021-08-09 05:10 - 2021-08-09 05:11 - 193405067 _____ C:\Users\mikem\Downloads\EPORNER.COM - [AlFtkK2QySL] Ann Harlow threesome (240).mp4
2021-08-08 23:38 - 2021-08-08 23:39 - 173967575 _____ C:\Users\mikem\Downloads\SpankBang.com_jennifer+leroy_480p.mp4
2021-08-07 09:31 - 2021-08-07 09:31 - 107831296 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000679936 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000102400 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-08-07 08:50 - 2021-08-07 09:12 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\vlc
2021-08-07 08:41 - 2021-08-07 08:41 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-07 08:41 - 2021-08-07 08:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-07 08:33 - 2021-08-07 08:47 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 08:01 - 2021-08-07 08:01 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PeerDistRepub
2021-08-07 07:45 - 2021-08-07 07:46 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Comms
2021-08-07 07:39 - 2021-08-07 07:39 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\OneDrive
2021-08-07 07:31 - 2021-08-07 13:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3200273941-2670340362-4195434088-1014
2021-08-07 07:31 - 2021-08-07 07:49 - 000000000 ___RD C:\Users\mpmm_a21rhkv\OneDrive
2021-08-07 07:31 - 2021-08-07 07:31 - 000002427 _____ C:\Users\mpmm_a21rhkv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-07 07:30 - 2021-08-07 07:30 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\Apple Computer
2021-08-07 07:29 - 2021-08-07 07:29 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Publishers
2021-08-07 07:28 - 2021-08-26 06:18 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit
2021-08-07 07:28 - 2021-08-07 08:34 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Packages
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ___RD C:\Users\mpmm_a21rhkv\3D Objects
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\VirtualStore
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Google
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\D3DSCache
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\ConnectedDevicesPlatform
2021-08-07 07:27 - 2021-08-24 19:38 - 000000000 ____D C:\Users\mpmm_a21rhkv
2021-08-07 07:27 - 2021-08-07 07:27 - 000000020 ___SH C:\Users\mpmm_a21rhkv\ntuser.ini
2021-08-07 07:27 - 2017-08-16 02:02 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Microsoft Help
2021-08-07 00:43 - 2021-08-07 00:43 - 000000000 ____D C:\Users\mikem\AppData\Local\mymonero-updater
2021-08-06 07:28 - 2021-08-06 07:28 - 002298102 _____ C:\Users\mikem\Downloads\VID 00003-20100522-1051.3GP
2021-08-05 12:10 - 2021-08-05 12:10 - 000301763 _____ C:\Users\mikem\Documents\amy emails 04.pdf
2021-08-05 12:09 - 2021-08-05 12:09 - 000295712 _____ C:\Users\mikem\Documents\amy emails 03.pdf
2021-08-05 12:03 - 2021-08-05 12:03 - 000384666 _____ C:\Users\mikem\Documents\amy emails 02.pdf
2021-08-05 12:01 - 2021-08-05 12:01 - 000443060 _____ C:\Users\mikem\Documents\amy emails 01.pdf
2021-08-04 10:08 - 2021-08-04 10:18 - 000164950 _____ C:\TDSSKiller.3.1.0.28_04.08.2021_11.08.34_log.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-26 15:46 - 2019-02-05 03:57 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-26 15:45 - 2017-08-12 18:20 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\Mozilla
2021-08-26 15:43 - 2017-08-12 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-26 14:58 - 2019-06-09 02:56 - 000000000 ____D C:\Users\mikem\AppData\Roaming\vlc
2021-08-26 14:27 - 2020-12-18 12:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-26 14:26 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-26 12:25 - 2019-01-22 13:06 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-26 11:48 - 2018-03-21 12:01 - 000007600 _____ C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2021-08-26 10:16 - 2018-11-27 13:45 - 000000000 ____D C:\Users\mikem\AppData\Local\Apple Computer
2021-08-26 08:09 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-26 08:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-26 07:14 - 2020-05-14 03:46 - 000000000 ____D C:\Users\mikem\log
2021-08-26 06:53 - 2020-12-18 12:45 - 000941870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-26 06:53 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-26 06:48 - 2020-05-04 19:44 - 000000495 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-08-26 06:46 - 2020-12-18 12:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-26 06:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-26 06:46 - 2018-02-13 10:39 - 000000000 ____D C:\Program Files (x86)\Xvid
2021-08-26 06:45 - 2020-12-18 12:26 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-08-26 06:19 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-26 06:18 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\Roaming\IObit
2021-08-26 06:18 - 2018-01-20 15:59 - 000000000 ____D C:\Program Files (x86)\Dell
2021-08-26 06:18 - 2017-08-12 20:47 - 000000000 ____D C:\ProgramData\Dell
2021-08-26 06:15 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Origin
2021-08-25 14:07 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-25 14:07 - 2019-07-25 05:09 - 000000000 ____D C:\Program Files (x86)\IObit
2021-08-25 14:07 - 2018-05-20 12:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-25 03:51 - 2019-01-01 21:45 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-08-25 02:32 - 2019-01-01 21:19 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-08-25 02:30 - 2018-06-27 23:29 - 000000000 ____D C:\ProgramData\Origin
2021-08-25 02:29 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Local\Origin
2021-08-24 22:47 - 2020-12-18 12:26 - 000915360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-24 22:04 - 2019-01-27 17:13 - 000000000 ____D C:\Users\mikem\AppData\Local\NVIDIA
2021-08-24 22:04 - 2019-01-22 13:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-24 22:04 - 2019-01-22 13:04 - 000000000 ____D C:\NVIDIA
2021-08-24 22:03 - 2020-11-09 22:57 - 000001437 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-08-24 22:02 - 2019-01-22 13:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-08-24 22:02 - 2019-01-22 13:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-24 20:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\tracing
2021-08-24 20:29 - 2017-08-12 20:48 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-08-24 19:38 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mpmm
2021-08-24 19:38 - 2020-12-18 12:33 - 000000000 ____D C:\Users\admin
2021-08-24 19:25 - 2020-10-30 05:03 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\Temp
2021-08-24 19:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-08-24 19:22 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-08-24 16:44 - 2017-08-12 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-24 16:42 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mikem
2021-08-24 16:41 - 2019-06-27 10:27 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Wondershare
2021-08-24 16:41 - 2019-02-13 03:24 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-08-24 16:39 - 2020-04-28 07:28 - 000000000 ____D C:\Users\mikem\AppData\Roaming\AVG
2021-08-24 16:39 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\ProductData
2021-08-24 15:26 - 2019-01-22 13:12 - 000000000 ____D C:\Users\mikem\AppData\Local\NVIDIA Corporation
2021-08-24 15:22 - 2020-04-23 22:44 - 000000000 ____D C:\Users\mikem\.cache
2021-08-24 15:21 - 2017-08-13 11:02 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Adobe
2021-08-24 15:00 - 2018-05-10 11:42 - 000000000 ____D C:\Program Files (x86)\Brother
2021-08-24 15:00 - 2017-08-13 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-24 14:59 - 2018-05-10 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-08-24 13:36 - 2017-08-12 18:20 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-24 10:41 - 2021-07-20 11:44 - 000307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-08-24 10:41 - 2021-07-20 11:44 - 000213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 002163152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000188856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-08-23 19:25 - 2021-06-23 04:26 - 000000000 ____D C:\Lauren
2021-08-21 23:56 - 2018-05-10 11:44 - 000000000 ____D C:\Users\mikem\AppData\Local\CrashDumps
2021-08-21 23:40 - 2019-11-26 03:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\WD Discovery
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\.wdc
2021-08-21 23:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-21 23:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-21 23:13 - 2019-06-16 16:52 - 000000000 ____D C:\Cache
2021-08-21 23:06 - 2020-12-23 17:22 - 000000000 ____D C:\Program Files\WD Desktop App
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IObit
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\IObit
2021-08-21 22:05 - 2019-02-13 03:25 - 000000000 ____D C:\ProgramData\Wondershare
2021-08-21 22:04 - 2020-11-30 01:38 - 000000000 ____D C:\adb
2021-08-21 22:03 - 2020-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\4MeKey
2021-08-21 22:03 - 2020-11-29 07:37 - 000000000 ____D C:\Users\mikem\AppData\Roaming\LG Electronics
2021-08-21 22:03 - 2020-11-29 07:36 - 000000000 ____D C:\Users\mikem\AppData\Local\LG Electronics
2021-08-21 22:03 - 2019-07-30 14:01 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2021-08-21 22:02 - 2019-12-10 17:17 - 000000000 ____D C:\Users\mikem\AppData\Local\Packages
2021-08-21 22:02 - 2018-01-21 10:35 - 000000000 ____D C:\Program Files\Android
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Exodus
2021-08-21 22:01 - 2021-07-13 23:18 - 000000000 ____D C:\Users\mikem\AppData\Local\exodus
2021-08-21 21:58 - 2021-07-13 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-08-21 10:25 - 2020-12-18 12:32 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-20 10:25 - 2020-12-31 13:26 - 000000000 ____D C:\WINDOWS\Minidump
2021-08-17 23:45 - 2017-08-12 18:27 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-17 23:45 - 2017-08-12 18:27 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-17 15:55 - 2019-12-10 20:24 - 000000000 ____D C:\Users\mikem\AppData\Local\D3DSCache
2021-08-15 20:19 - 2020-12-18 22:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-15 20:19 - 2020-12-18 22:56 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6d563b3b6d726
2021-08-12 00:31 - 2020-12-18 14:59 - 000000000 ____D C:\Program Files\Hyper-V
2021-08-12 00:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 00:32 - 2017-08-12 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 00:25 - 2017-08-12 19:12 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-10 12:45 - 2021-02-01 13:27 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-08-07 13:14 - 2020-12-22 22:13 - 000003174 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-08-07 13:14 - 2020-12-18 12:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-07 13:14 - 2020-12-18 12:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-07 09:13 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-07 09:13 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-07 07:49 - 2020-01-07 11:50 - 000000000 ___HD C:\OneDriveTemp
2021-08-07 07:45 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-07 07:28 - 2019-12-10 17:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-07 07:15 - 2021-07-13 19:41 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Electrum
2021-08-06 06:33 - 2021-07-13 19:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\com.liberty.jaxx
2021-08-05 16:12 - 2020-11-12 23:15 - 000078192 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-08-05 16:12 - 2020-11-12 23:15 - 000067952 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 002186608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-08-05 16:12 - 2020-11-09 22:55 - 000168304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-08-05 16:12 - 2020-11-09 22:55 - 000144240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-08-04 12:05 - 2020-09-30 23:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-04 10:25 - 2020-02-03 01:39 - 000000000 ____D C:\Program Files (x86)\Origin
2021-08-04 08:28 - 2019-12-10 17:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-27 12:06 - 2018-10-09 18:16 - 000000000 ____D C:\M19 Number Array Helper
==================== Files in the root of some directories ========
2018-03-21 09:15 - 2018-02-13 02:57 - 000131072 _____ () C:\Users\mikem\zcl-wallet.dat
2019-02-08 09:03 - 2015-12-18 23:41 - 000573952 _____ () C:\Program Files\DS4Updater.exe
2019-02-08 09:03 - 2016-10-08 22:17 - 003168256 _____ () C:\Program Files\DS4Windows.exe
2020-05-04 23:38 - 2020-05-05 00:10 - 000000128 _____ () C:\Users\mikem\AppData\Local\PUTTY.RND
2020-04-23 22:47 - 2020-04-23 22:47 - 000000792 _____ () C:\Users\mikem\AppData\Local\recently-used.xbel
2018-03-21 12:01 - 2021-08-26 11:48 - 000007600 _____ () C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2019-04-03 13:57 - 2019-06-24 00:26 - 164937728 _____ () C:\Users\mikem\AppData\Local\SageThumbs.db3
2020-11-28 22:58 - 2020-11-28 22:58 - 000000076 _____ () C:\Users\mikem\AppData\Local\uts.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
Ran by mike (26-08-2021 15:48:06)
Running from C:\Users\mikem\Desktop
Windows 10 Pro Version 21H1 19043.1165 (X64) (2020-12-18 17:56:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
admin (S-1-5-21-3200273941-2670340362-4195434088-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3200273941-2670340362-4195434088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3200273941-2670340362-4195434088-503 - Limited - Disabled)
Guest (S-1-5-21-3200273941-2670340362-4195434088-501 - Limited - Disabled)
Kerstin (S-1-5-21-3200273941-2670340362-4195434088-1013 - Limited - Enabled)
mikem (S-1-5-21-3200273941-2670340362-4195434088-1000 - Administrator - Enabled)
mpmm (S-1-5-21-3200273941-2670340362-4195434088-1005 - Administrator - Enabled) => C:\Users\mpmm
mpmm_a21rhkv (S-1-5-21-3200273941-2670340362-4195434088-1014 - Administrator - Enabled) => C:\Users\mpmm_a21rhkv
WDAGUtilityAccount (S-1-5-21-3200273941-2670340362-4195434088-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis True Image for Western Digital (HKLM-x32\...\{1E085CBE-D1B4-48E2-BCDE-7DB45886E7B1}) (Version: 24.0.34190 - Acronis)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AO Tennis 2 (HKLM-x32\...\{DDCF1227-1C1A-4931-B467-E62E3078A091}) (Version: 1.0.0.31 - Bigben Interactive)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Bode Miller Alpine Skiing (HKLM-x32\...\{94FC1D16-0D5D-4FA6-A3D8-61B503F67A7A}) (Version: 1.0.0.0 - Masque Publishing)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{36DAA671-6347-495C-B816-6FB782430D8A}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{6D33FF09-043C-45A6-A3E5-5DDBF686AC4E}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Bullzip PDF Printer 11.7.0.2716 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.7.0.2716 - Bullzip)
Cisco Webex Meetings (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ActiveTouchMeetingClient) (Version: 40.10.3 - Cisco Webex LLC)
Client Connector for Windows Server Essentials (HKLM\...\{563CB0AF-E0B5-42B1-AB42-8E6964349900}) (Version: 6.2.9805.10 - Microsoft Corporation)
Convertilla 0.7 (HKLM-x32\...\Convertilla_is1) (Version: 0.7.1.37 - Convertilla)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Converter (HKLM-x32\...\{5F5E193F-D7E8-4BC5-9B23-DE46BE1014DF}_is1) (Version: - ddsconverter.com)
Dell Direct Key (HKLM-x32\...\{71A234EA-4CBA-46E7-B81D-4C2AF8BCD6E2}) (Version: 1.6.3 - Dell)
Dell OS Recovery Tool (HKLM-x32\...\{1d0f6ac3-7e12-43a6-9e10-42f0104b36fb}) (Version: 2.3.6056 - Dell Inc.)
Dell OS Recovery Tool (HKLM-x32\...\{683CBC26-004C-41FA-ADBC-81C3FDD2E0F2}) (Version: 2.3.6056.0 - Dell) Hidden
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Electrum (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Electrum) (Version: 4.1.4 - Electrum Technologies GmbH)
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts)
FIFA 20 (HKLM-x32\...\{9EC414D8-8C49-4310-BCC7-C72AB0776F4C}) (Version: 1.0.66.8249 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 50.0.11.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Icecream Screen Recorder version 6.21 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 6.21 - Icecream Apps)
iCloud Outlook (HKLM\...\{696A65CA-2720-4D0D-A255-78123E9AC856}) (Version: 11.2.0.18 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{3fa11c9d-9f7f-4020-bcef-dbf9c9fe309f}) (Version: 20.7.26.7 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{41112465-3c4f-42bb-9a61-39f7f509f8f8}) (Version: 20.4.17.5 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{6f8c45f4-0319-451f-a65b-8efccc93e4db}) (Version: 20.8.30.5 - Intel)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts)
Madden NFL 20 (HKLM-x32\...\{1f42e79a-26a2-4462-9254-fdc0b56f1443}) (Version: 1.0.53.61468 - Electronic Arts)
Madden NFL 21 (HKLM-x32\...\{01022C15-AD1D-4808-8137-16CB9ADB6530}) (Version: 1.0.56.40921 - Electronic Arts)
Madden NFL 22 (HKLM-x32\...\{02CDEE4B-868F-429E-80F8-48C204727DF4}) (Version: 1.0.59.14349 - Electronic Arts)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Power Query for Excel (HKLM-x32\...\{188A72BC-39E4-4FFE-923A-31C5A7647350}) (Version: 2.50.4859.281 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Virtual Machine Converter (HKLM\...\{332C1E78-1D2F-4A64-B718-68095DC6254B}) (Version: 3.1.0.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
Neon 2.2.1 (only current user) (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.2.1 - Ethan Fast)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
STAR WARS Jedi - Fallen Order™ (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}) (Version: 1.0.9.0 - Electronic Arts, Inc.)
STAR WARS Jedi: Fallen Order™ Deluxe Upgrade (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}_SWJFODeluxe) (Version: 1.0.0.0 - Electronic Arts, Inc.)
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Virtualdub FFMpeg Input Plugin (HKLM-x32\...\{F26A7CD7-C187-45DB-A790-C1C103A03C2F}_is1) (Version: 1.9.0.4 - Karl Pritchett)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{4EA8640B-DEB6-478F-BDAC-F4BCBEEFAFAB}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
WD SmartWare (HKLM\...\{798354C0-D5F2-4A43-ADEE-3DA9B1725ECC}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{5be946d0-7ba1-41b6-808a-0e7f2b7cb4a8}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Packages:
=========
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-08-03] (Dropbox Inc.)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.41531.0_x64__8wekyb3d8bbwe [2021-06-30] (Microsoft Corporation)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-19] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-24] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-16] (Microsoft Corporation)
Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2107.16004.0_x64__8wekyb3d8bbwe [2021-08-13] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-413578968-4127535815-2662069183-1116_Classes\CLSID\{6E880369-27C7-43B7-BF91-C9F9E18A2870} -> [iCloud Drive] => C:\Users\mikem\iCloudDrive [2020-07-23 04:29]
SSODL: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-09-29] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb
ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2011-01-11 20:00 - 2011-01-11 20:00 - 000254976 _____ () [File not signed] C:\Program Files (x86)\Xiph.Org\Open Codecs\x64\dsfOggDemux2.dll
2018-05-29 05:38 - 2018-05-06 14:20 - 000219648 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2009-07-13 20:20 - 2009-07-13 20:40 - 000267776 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNBLM4.DLL
2018-10-29 17:33 - 2009-07-13 20:40 - 000084992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNBPP4.DLL
2011-01-11 20:00 - 2011-01-11 20:00 - 000216064 _____ (Google) [File not signed] C:\Program Files (x86)\Xiph.Org\Open Codecs\x64\webmsplit.dll
2018-05-23 11:02 - 2018-05-23 11:02 - 001006080 ____R (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\Western Digital\WD SmartWare\System.Data.SQLite.dll
2021-08-04 10:25 - 2020-05-06 14:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-08-04 10:25 - 2020-05-06 14:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-08-04 10:25 - 2020-05-06 14:54 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-12-10 17:33 - 2019-09-23 22:51 - 000255488 _____ (www.startisback.com) [File not signed] C:\OldNewExplorer\OldNewExplorer32.dll
2019-12-10 17:33 - 2019-09-23 22:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\OldNewExplorer\OldNewExplorer64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3200273941-2670340362-4195434088-1005 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed]
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\wustat.windows.com -> hxxp://wustat.windows.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2019-07-25 12:00 - 000000048 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2020-05-04 19:44 - 2021-08-26 06:48 - 000000495 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.23.16.1 MPMM1.mshome.net # 2026 8 2 25 11 48 6 722
10.125 unbuntu.mshome.net # 2020 5 2 12 4 14 44 897
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\RogueKiller;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Users\mikem\AppData\Roaming\npm;C:\adb;C:\android-studio;C:\platform-tools;C:\Program Files (x86)\NVIDIA Corporation\DDS Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Control Panel\Desktop\\Wallpaper -> H:\H Seagate\Dell\Win7 Chrome 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CVPND => 2
MSCONFIG\Services: Dell Hardware Support => 3
MSCONFIG\Services: DellClientManagementService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PCPrintProvider => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ss_conn_service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WsAppService => 3
MSCONFIG\Services: WsAppService3 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Chromium =>
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: Wargaming.net Game Center =>
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Onboard"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "WDDiscovery"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\StartupFolder: => "DS4Windows.lnk"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "CiscoMeetingDaemon"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{5308DA21-B75C-4450-A3A8-5E0994881650}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D0F3E27C-90FE-44DA-B440-43A0DBB8468C}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DFA8F676-33C9-4CB2-9119-E7FFDD4B09F0}C:\program files (x86)\origin games\madden nfl 20\madden20.exe] => (Allow) C:\program files (x86)\origin games\madden nfl 20\madden20.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [UDP Query User{D0B8D286-52B9-424F-8619-8D5618980EC2}C:\program files (x86)\origin games\madden nfl 20\madden20.exe] => (Allow) C:\program files (x86)\origin games\madden nfl 20\madden20.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{A28D971D-E460-48F4-9A71-E7AFCF3EB6FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6596C3A0-A012-4F30-ACEB-2A7D51B01EBD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CD18A480-EDF9-43CE-8AF3-A50E852BC1F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8C38607-A1AB-4506-BAA9-C52B5ADDD171}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F947D846-17E1-4040-888D-DC6E658FD068}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{692565E6-A923-468A-8399-CBD595BEEE66}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A56E44C-83E9-4CDC-9702-FDE69746BBF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0C3420DD-7925-4ABF-8567-663F100B328C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F1B9B7E-0A71-4590-B801-BEE6BC528381}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C7F12FFE-BE31-46C7-BC9A-509C18933C3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6677A167-7EF9-4EA6-AD85-0E9A0190FC7E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F4F92CEE-662C-4485-A79D-DE7B50BD41D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{684812AB-734B-4028-B06D-64CE1275C721}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AC034271-00C6-4070-A984-902A8DE6138A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C3BF0C8-F178-4B6B-982E-82360BAE6720}] => (Allow) C:\Program Files (x86)\Origin Games\Madden NFL 22\Madden22_Trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{74A1F8DA-D0F6-462F-BDE8-B75B4F17DC12}] => (Allow) C:\Program Files (x86)\Origin Games\Madden NFL 22\Madden22_Trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{218C14C0-74E3-4751-A23C-1B73DEED5349}] => (Allow) C:\Program Files (x86)\Origin Games\Madden NFL 22\Madden22.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{FF4F1FF9-B356-498E-A44C-1F4261778530}] => (Allow) C:\Program Files (x86)\Origin Games\Madden NFL 22\Madden22.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{712A2263-9372-4477-9122-F4DE56E8035E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{FFD95D09-A259-4324-B55A-ED7848B008E8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
==================== Restore Points =========================
11-08-2021 00:33:03 Windows Modules Installer
11-08-2021 00:39:34 Windows Modules Installer
11-08-2021 00:41:25 Windows Modules Installer
12-08-2021 14:56:09 Driver Booster : NVIDIA GeForce GTX 1050 Ti
21-08-2021 13:12:18 Scheduled Checkpoint
21-08-2021 21:55:41 Removed Wasabi Wallet
21-08-2021 21:58:52 Removed MuseScore 3
24-08-2021 05:42:52 Removed Windows Live ID Sign-in Assistant
26-08-2021 06:17:40 AdwCleaner_BeforeCleaning_26/08/2021_06:17:21
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MPMM1.local already in use; will try MPMM1-2.local instead
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 MPMM1.local. Addr 192.168.1.90
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.90:5353 16 MPMM1.local. AAAA 2600:1700:4050:DEA0:0000:0000:0000:0049
Error: (08/26/2021 06:23:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: bd4
Start Time: 01d79a6cb9ba757b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: b70289f4-78bb-4e35-afc7-3811dc1c316f
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (08/26/2021 06:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MPMM1.local already in use; will try MPMM1-2.local instead
Error: (08/26/2021 06:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 MPMM1.local. Addr 192.168.1.90
Error: (08/26/2021 06:20:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.90:5353 16 MPMM1.local. AAAA 2600:1700:4050:DEA0:0000:0000:0000:0049
Error: (08/26/2021 06:18:48 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
System errors:
=============
Error: (08/26/2021 02:46:22 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MCL due to the following:
We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (08/26/2021 02:26:17 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (08/26/2021 02:16:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: MCL)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (08/26/2021 12:56:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (08/26/2021 12:26:17 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: MCL)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (08/26/2021 11:26:18 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (08/26/2021 11:06:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gaming Services service terminated unexpectedly. It has done this 1 time(s).
Error: (08/26/2021 11:06:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gaming Services service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2021-08-26 15:13:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 15:07:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 14:28:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 04:05:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-25 23:07:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-08-26 06:43:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-26 06:34:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A11 05/07/2019
Motherboard: Dell Inc. 088DT1
Processor: Intel® Core i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 41%
Total physical RAM: 16334.93 MB
Available physical RAM: 9518.26 MB
Total Virtual: 32718.93 MB
Available Virtual: 23119.76 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:911.69 GB) (Free:318.07 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:19.78 GB) (Free:8.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (MPMM SDD Drive 1TB) (Fixed) (Total:931.51 GB) (Free:498.8 GB) NTFS
Drive j: (MPMM SDD Drive 2TB) (Fixed) (Total:1862.98 GB) (Free:1860.84 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 90CAB908)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=27)
Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 184C4081)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 7140C96E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
#22
Posted 26 August 2021 - 08:13 PM
I booted into safe mode and FRST and got this:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021
Ran by mike (administrator) on MPMM1 (Dell Inc. Inspiron 3847) (26-08-2021 21:02:23)
Running from C:\Users\mikem\Desktop
Loaded Profiles: mike
Platform: Windows 10 Pro Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\50.0.11.0\crashpad_handler.exe <2>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [827200 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617784 2021-07-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-06-20] (Intel® USB eXtensible Host Controller Drivers -> Intel Corporation)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81379600 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4905832 2020-11-20] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [443424 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Run: [CiscoMeetingDaemon] => C:\Users\mikem\AppData\Local\WebEx\ciscowebexstart.exe [2356544 2020-10-23] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\50.0.11.0\GoogleDriveFS.exe [53381464 2021-08-09] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\HP2030PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP2030PP.DLL [65024 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\Windows\system32\CNBLM4.DLL [267776 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\HP2030LM: C:\Windows\system32\HP2030LM.DLL [246784 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor India Private Limited.)
HKLM\...\Print\Monitors\PaperCut TCP/IP Port: C:\Windows\system32\pcprintportmon.dll [152000 2019-06-04] (PaperCut Software International Pty. Ltd. -> PaperCut Software International Pty Ltd)
HKLM\...\Print\Monitors\rica4Ulm: C:\Windows\system32\rica4Ulm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-17] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04C7871B-E64E-490C-AC89-AD96520F2E34} - System32\Tasks\WD Discovery Service Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [78608 2021-08-21] (Western Digital Technologies, Inc. -> )
Task: {16FC9E2F-C638-4535-9255-865DB818CDCB} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {226D9043-91B6-46CA-98D9-5610851CCFE8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {2A5762AB-FD2A-4D15-809A-6746E87AD479} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3200273941-2670340362-4195434088-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {2CEBCADB-560B-465F-A79C-6791D275433B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2FFAE513-2B47-4AFC-8D3C-D055BD739DEF} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Health Definition Update => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:UpdateDefinitionPlugInTaskAction /task:"Health Definition Update"
Task: {433E5798-4D14-4E7C-8147-51DB65ADF375} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4DF0FE37-A3DC-46DC-8D12-6F5CC28079C8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4E5E053F-244D-47DC-A624-244F388F50C5} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {500DE81E-2736-41AE-A32F-BE53815B3D90} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\RDP Group Configuration => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\RemoteDesktopClientConfigLibrary.dll" /class:Microsoft.WindowsServerSolutions.RemoteDesktop.ClientConfigLibrary.RemoteDesktopClientConfig /method:AddDomainUserGroupToRDPGroup /task:"RDP Group Configuration"
Task: {5132C16D-3D87-446C-B4F3-E8F658E09C80} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledBackup /task:"Client Computer Backup"
Task: {52375E6B-4E99-4A72-8E6E-2B72F7BEDD40} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {57EF97F7-F445-41BB-8666-DA0F6B6D50FD} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {59F36483-263F-402F-962D-613A2DF98DF1} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {5AD733A0-C234-4E74-B055-AD07E8534B84} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61B2A00C-D092-44BF-BE04-FB6A0A8EBEC0} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6B0AAABF-6C5C-4317-A41A-2351ED9E380F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E08D0DD-87D9-4127-B02D-02A149963506} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\mikem\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-26] (ESET, spol. s r.o. -> ESET)
Task: {76E6B2CD-3262-4DA9-A1D7-C88EE549CBF0} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup on Idle => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\BackupClientProvider.dll" /class:Microsoft.WindowsServerSolutions.DataProtection.PCBackup.ObjectModel.PCBackupClientManager /method:DoScheduledOnIdleBackup /task:"Client Computer Backup on Idle"
Task: {7A85113A-31AA-466B-B0E9-E832A99DAB29} - System32\Tasks\WD Device Agent Task mike => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [723728 2021-08-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {7E411FB2-67FE-4E9A-B943-F7B258C638DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7EEA6817-AFB0-46F3-8840-157E41F8D104} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [File not signed]
Task: {8A48CCB7-151C-47B2-8F1D-B994C204E399} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [673720 2021-08-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {979F0FF0-C0BC-4132-854F-0AD98A8AB2EF} - System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => C:\Windows\system32\pcalua.exe -a C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe -d C:\Users\mikem\Downloads
Task: {A184750E-2895-4828-931F-766CD34AA3A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5A2598A-0669-4BA5-A9AE-9D4E0C703648} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [834856 2020-04-11] (Intel® Trust Services -> Intel® Corporation)
Task: {A883502B-F499-4BC6-9C6B-F29A99F45A57} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [30720 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B3A49E27-A226-4F11-8193-47DFEA367935} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {B58EB6B7-3E21-4A81-A8BF-26570C38283D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF63275E-F5CC-4A56-80B0-942D3F1B4BE2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {BFFA17E8-CDCE-4FD0-BCA6-39A2CCF2580E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C0DE3EFA-664B-4E1F-82FD-7FE80C503DAA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\mikem\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-26] (ESET, spol. s r.o. -> ESET)
Task: {C8237496-BA8E-46BB-B9AD-A34F86540F27} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Add-in Management => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\ClientSetupCommon.dll" /class:Microsoft.WindowsServerSolutions.ClientSetup.ClientTasks /method:AddInPerformInstallationsTask /task:"Add-in Management"
Task: {CBB5F33B-9761-4325-8625-F8C47F042802} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [18864 2016-09-23] (Microsoft Corporation -> Microsoft Corporation) -> /asm:"C:\Program Files\Windows Server\Bin\AlertFramework.dll" /class:Microsoft.WindowsServerSolutions.NetworkHealth.AlertFramework.HealthScheduledTask /method:EvaluateAlertsByTriggerTaskAction /task:"Alert Evaluations"
Task: {DEBA64A5-5F84-469F-97DD-2B592E018E41} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EBC6D266-3D7C-452B-AB95-4210B47C5CAF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ED98D965-F8C7-4359-95A0-BAA1839C633D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1C1C2CA-418B-4AA8-B396-D238AD9DFF8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F444DB58-E302-4AC5-8345-040A2CBA1887} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4BF2215-A67D-4BBE-9373-6A4B97DD0B2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-12] (Google Inc -> Google Inc.)
Task: {F75F6115-3B7B-4225-8955-AECFD601DA10} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD29A9EF-2AE0-436F-8E95-D36034922A5C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-413578968-4127535815-2662069183-1116] => 45.175.238.8:999
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{43fe1a28-ff97-4cee-995c-2bf4c751a028}: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{6dd5eafc-63c3-4785-8771-379fdb967eff}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Profile: C:\Users\mikem\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\mikem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-25]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: hi4lo88b.default-1543873865624
FF ProfilePath: C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 [2021-08-26]
FF user.js: detected! => C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js [2020-12-31]
FF DownloadDir: C:\Users\mikem\Downloads
FF Notifications: Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624 -> hxxps://app.practicepanther.com; hxxps://3unlocker.com; hxxps://mail.google.com
FF Extension: (Malwarebytes Browser Guard) - C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-08-25]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default [2021-08-26]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-23]
CHR Extension: (Docs) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Facebook) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb [2020-07-20]
CHR Extension: (Sheets) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-30]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-30]
CHR Extension: (Gmail) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Extension: (Chrome Media Router) - C:\Users\mikem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-21]
CHR Profile: C:\Users\mikem\AppData\Local\Google\Chrome\User Data\System Profile [2021-08-24]
CHR HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10353056 2020-11-20] (Acronis International GmbH -> )
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1264400 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-13] (Adobe Systems) [File not signed]
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6383744 2020-12-23] (Acronis International GmbH -> )
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209448 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3373600 2019-05-21] (Dell Inc -> Dell Inc.)
S3 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218144 2019-05-21] (Dell Inc -> Dell Inc.)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7497336 2021-08-25] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-08-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5832096 2020-11-20] (Acronis International GmbH -> Acronis International GmbH)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [668808 2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-03-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-12-10] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.243\WsAppService.exe [495392 2019-06-13] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]
S3 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [687768 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-07-30] (Google LLC -> Google, Inc.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-07-25] (Martin Malik - REALiX -> REALiX)
S3 libusbK; C:\WINDOWS\System32\DRIVERS\libusbK.sys [47200 2018-12-02] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [68528 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-26] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175752 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2019-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [330176 2020-12-23] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2020-12-23] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
S1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Windows Central Build Account - X -> Microsoft Corporation)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-26 20:44 - 2021-08-26 20:44 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-08-26 20:43 - 2021-08-26 20:43 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-26 20:43 - 2021-08-26 20:43 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-26 20:42 - 2021-08-26 20:46 - 000216690 _____ C:\WINDOWS\ntbtlog.txt
2021-08-26 20:34 - 2021-08-26 20:34 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2021-08-26 20:33 - 2021-08-26 20:33 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-26 20:33 - 2021-08-26 20:33 - 000068528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-26 20:32 - 2021-08-26 20:32 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-26 14:29 - 2021-08-26 14:29 - 000003832 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-08-26 14:29 - 2021-08-26 14:29 - 000003390 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-08-26 14:29 - 2021-08-26 14:29 - 000001610 _____ C:\Users\mikem\Documents\eset.txt
2021-08-26 07:57 - 2021-08-26 07:57 - 000000810 _____ C:\Users\mikem\Desktop\microsoft office exploit.txt
2021-08-26 06:51 - 2021-08-26 10:27 - 000001433 _____ C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-08-26 06:51 - 2021-08-26 10:27 - 000001327 _____ C:\Users\mikem\Desktop\ESET Online Scanner.lnk
2021-08-26 06:51 - 2021-08-26 06:51 - 000000000 ____D C:\Users\mikem\AppData\Local\ESET
2021-08-26 06:36 - 2021-08-26 06:36 - 011697056 _____ (ESET) C:\Users\mikem\Desktop\esetonlinescanner.exe
2021-08-26 05:27 - 2021-08-26 05:27 - 000002027 _____ C:\Users\mikem\Desktop\malwarebygtes.txt
2021-08-26 05:26 - 2021-08-26 05:26 - 000000000 ____D C:\Users\mikem\Documents\FeedbackHub
2021-08-26 02:12 - 2021-08-26 20:49 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IGDump
2021-08-25 14:08 - 2021-08-25 14:08 - 000002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-25 14:08 - 2021-08-25 14:08 - 000001991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-25 14:07 - 2021-08-25 14:07 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-08-25 14:07 - 2021-08-25 14:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-08-25 14:06 - 2021-08-25 14:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-25 13:56 - 2021-08-25 13:57 - 002120496 _____ (Malwarebytes) C:\Users\mikem\Desktop\MBSetup-119967.119967-consumer.exe
2021-08-25 13:56 - 2021-08-25 13:56 - 008553680 _____ (Malwarebytes) C:\Users\mikem\Desktop\AdwCleaner.exe
2021-08-25 03:51 - 2021-08-25 03:51 - 000001280 _____ C:\Users\Public\Desktop\Madden NFL 22.lnk
2021-08-25 03:51 - 2021-08-25 03:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Madden NFL 22
2021-08-24 22:02 - 2021-08-24 22:02 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-24 22:02 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-24 22:02 - 2021-08-05 16:12 - 002838384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-08-24 21:48 - 2021-08-24 21:53 - 756085256 _____ (NVIDIA Corporation) C:\Users\mikem\Desktop\471.68-desktop-win10-win11-64bit-international-dch-whql.exe
2021-08-24 20:29 - 2021-08-24 20:29 - 000001650 _____ C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
2021-08-24 20:29 - 2021-08-24 20:29 - 000000000 ____D C:\Program Files (x86)\MonitorDriver
2021-08-24 20:26 - 2021-08-24 20:26 - 008503296 _____ C:\Users\mikem\Desktop\C32F391FW.exe
2021-08-24 19:21 - 2021-08-24 19:31 - 000017601 _____ C:\Users\mikem\Desktop\Fixlog.txt
2021-08-24 15:30 - 2021-08-24 15:30 - 000000661 _____ C:\Users\mikem\Downloads\audio10.diagcab
2021-08-24 15:28 - 2021-08-24 15:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-08-24 15:26 - 2021-08-05 16:12 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-08-24 15:26 - 2021-08-05 16:12 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-08-24 15:10 - 2021-08-24 15:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Event Viewer Tasks
2021-08-24 14:57 - 2021-08-06 03:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001474672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001438840 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-08-24 14:57 - 2021-08-06 03:45 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-24 14:57 - 2021-08-06 03:45 - 000951928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000716928 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000645248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-08-24 14:57 - 2021-08-06 03:42 - 000577152 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 002112144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 001171088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000750200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-08-24 14:57 - 2021-08-06 03:41 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-08-24 14:57 - 2021-08-06 03:41 - 000564352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 008854136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 005680768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-08-24 14:57 - 2021-08-06 03:40 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-08-24 14:57 - 2021-08-06 03:39 - 000849024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-08-24 14:57 - 2021-08-06 03:38 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-24 14:57 - 2021-08-06 03:38 - 006215808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-24 14:57 - 2021-08-05 16:12 - 000083062 _____ C:\WINDOWS\system32\nvinfo.pb
2021-08-24 13:36 - 2021-08-24 13:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-08-24 08:37 - 2021-08-24 16:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-24 05:29 - 2021-08-26 20:42 - 000065536 _____ C:\WINDOWS\system32\Ikeext.etl
2021-08-22 11:59 - 2021-08-26 15:50 - 000056986 _____ C:\Users\mikem\Desktop\Addition.txt
2021-08-22 11:55 - 2021-08-26 21:03 - 000034495 _____ C:\Users\mikem\Desktop\FRST.txt
2021-08-22 11:45 - 2021-08-22 11:45 - 002300928 _____ (Farbar) C:\Users\mikem\Desktop\FRST64English.exe
2021-08-22 07:13 - 2021-08-22 10:19 - 000129418 _____ C:\Users\mikem\Desktop\fixlist-old.txt
2021-08-22 06:08 - 2021-08-22 06:10 - 000061739 _____ C:\Users\mikem\Desktop\Addition-old.txt
2021-08-22 06:03 - 2021-08-26 21:03 - 000000000 ____D C:\FRST
2021-08-22 03:54 - 2021-08-22 03:54 - 061496008 _____ C:\Users\mikem\Downloads\xvideos.com_dcfbbe233222f91eec075edc6fd05c56-1.mp4
2021-08-22 03:20 - 2021-08-22 03:36 - 292357446 _____ C:\Users\mikem\Downloads\720(3).mp4
2021-08-22 02:19 - 2021-08-22 02:33 - 213749924 _____ C:\Users\mikem\Downloads\720.mp4
2021-08-21 23:40 - 2021-08-21 23:40 - 000001257 _____ C:\Users\Public\Desktop\WD Security.lnk
2021-08-21 23:05 - 2021-08-21 23:05 - 000003208 _____ C:\WINDOWS\system32\Tasks\WD Discovery Service Task mike
2021-08-21 23:05 - 2021-08-21 23:05 - 000003144 _____ C:\WINDOWS\system32\Tasks\WD Device Agent Task mike
2021-08-21 18:26 - 2021-08-21 18:26 - 022611179 _____ C:\Users\mikem\Downloads\xvideos.com_86f4cbb9f72fe567818e04cf06d68c0b.mp4
2021-08-21 03:01 - 2021-08-21 03:05 - 100314912 _____ C:\Users\mikem\Downloads\720(1).mp4
2021-08-20 10:22 - 2021-08-26 20:42 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-18 12:45 - 2021-08-20 10:23 - 2042389024 _____ C:\WINDOWS\MEMORY.DMP
2021-08-18 12:45 - 2021-08-18 12:56 - 004645372 _____ C:\WINDOWS\Minidump\081821-42906-01.dmp
2021-08-17 23:17 - 2021-08-17 23:17 - 000000000 ____D C:\Users\mikem\Documents\GG
2021-08-17 22:31 - 2021-08-17 22:38 - 1416473092 _____ C:\Users\mikem\Downloads\403224HD.mp4
2021-08-17 20:22 - 2021-08-17 20:23 - 003455835 _____ C:\Users\mikem\Downloads\sox-state-of-market-report-2020.pdf
2021-08-12 14:59 - 2021-08-12 14:59 - 001151992 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-08-11 22:32 - 2021-08-11 22:32 - 000010246 _____ C:\Users\mikem\Documents\List of Items from Dads.xlsx
2021-08-11 06:37 - 2021-08-11 06:37 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2021-08-11 02:25 - 2021-08-11 02:25 - 076512537 _____ C:\Users\mikem\Downloads\xvideos.com_0c68c95f4d9e4eb74b649195872234fc.mp4
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 01:09 - 2021-08-11 01:09 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 00:41 - 2021-08-11 00:41 - 000000000 ___HD C:\$WinREAgent
2021-08-09 10:45 - 2021-07-30 18:52 - 000389640 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3525.sys
2021-08-09 05:11 - 2021-08-09 05:13 - 466315432 _____ C:\Users\mikem\Downloads\SpankBang.com_ann+harlow+bangs+hot+young+bud_720p.mp4
2021-08-09 05:10 - 2021-08-09 05:11 - 193405067 _____ C:\Users\mikem\Downloads\EPORNER.COM - [AlFtkK2QySL] Ann Harlow threesome (240).mp4
2021-08-08 23:38 - 2021-08-08 23:39 - 173967575 _____ C:\Users\mikem\Downloads\SpankBang.com_jennifer+leroy_480p.mp4
2021-08-07 09:31 - 2021-08-07 09:31 - 107831296 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000679936 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000102400 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-08-07 08:50 - 2021-08-07 09:12 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\vlc
2021-08-07 08:41 - 2021-08-07 08:41 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-07 08:41 - 2021-08-07 08:41 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-07 08:41 - 2021-08-07 08:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-07 08:33 - 2021-08-07 08:47 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 08:01 - 2021-08-07 08:01 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\PeerDistRepub
2021-08-07 07:45 - 2021-08-07 07:46 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Comms
2021-08-07 07:39 - 2021-08-07 07:39 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\OneDrive
2021-08-07 07:31 - 2021-08-07 13:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3200273941-2670340362-4195434088-1014
2021-08-07 07:31 - 2021-08-07 07:49 - 000000000 __RDL C:\Users\mpmm_a21rhkv\OneDrive
2021-08-07 07:31 - 2021-08-07 07:31 - 000002427 _____ C:\Users\mpmm_a21rhkv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-07 07:30 - 2021-08-07 07:30 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\Apple Computer
2021-08-07 07:29 - 2021-08-07 07:29 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Publishers
2021-08-07 07:28 - 2021-08-26 06:18 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit
2021-08-07 07:28 - 2021-08-07 08:34 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Packages
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ___RD C:\Users\mpmm_a21rhkv\3D Objects
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\VirtualStore
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Google
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\D3DSCache
2021-08-07 07:28 - 2021-08-07 07:28 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\ConnectedDevicesPlatform
2021-08-07 07:27 - 2021-08-26 19:40 - 000000000 ____D C:\Users\mpmm_a21rhkv
2021-08-07 07:27 - 2021-08-07 07:27 - 000000020 ___SH C:\Users\mpmm_a21rhkv\ntuser.ini
2021-08-07 07:27 - 2017-08-16 02:02 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Local\Microsoft Help
2021-08-07 00:43 - 2021-08-07 00:43 - 000000000 ____D C:\Users\mikem\AppData\Local\mymonero-updater
2021-08-06 07:28 - 2021-08-06 07:28 - 002298102 _____ C:\Users\mikem\Downloads\VID 00003-20100522-1051.3GP
2021-08-05 12:10 - 2021-08-05 12:10 - 000301763 _____ C:\Users\mikem\Documents\amy emails 04.pdf
2021-08-05 12:09 - 2021-08-05 12:09 - 000295712 _____ C:\Users\mikem\Documents\amy emails 03.pdf
2021-08-05 12:03 - 2021-08-05 12:03 - 000384666 _____ C:\Users\mikem\Documents\amy emails 02.pdf
2021-08-05 12:01 - 2021-08-05 12:01 - 000443060 _____ C:\Users\mikem\Documents\amy emails 01.pdf
2021-08-04 10:08 - 2021-08-04 10:18 - 000164950 _____ C:\TDSSKiller.3.1.0.28_04.08.2021_11.08.34_log.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-26 23:40 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-26 20:46 - 2018-05-29 05:38 - 000000000 ____D C:\Program Files\Common Files\Bullzip
2021-08-26 20:45 - 2019-06-29 07:33 - 000000000 ____D C:\Program Files\Dell
2021-08-26 20:44 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mikem
2021-08-26 20:42 - 2020-12-18 12:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-26 20:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-26 20:38 - 2019-01-22 13:06 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-26 20:34 - 2020-05-04 19:44 - 000000495 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-08-26 20:34 - 2017-08-12 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-26 20:32 - 2020-12-18 12:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-26 20:32 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-26 20:31 - 2020-12-18 12:26 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-08-26 20:31 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-08-26 20:29 - 2018-03-21 12:01 - 000007600 _____ C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2021-08-26 20:28 - 2014-05-18 20:22 - 000000000 ____D C:\AdwCleaner
2021-08-26 20:26 - 2017-08-12 18:20 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\Mozilla
2021-08-26 19:53 - 2020-12-18 12:45 - 000941870 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-26 19:53 - 2019-01-06 21:09 - 000000000 ____D C:\ASM LAW
2021-08-26 19:52 - 2019-02-05 03:57 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-26 14:58 - 2019-06-09 02:56 - 000000000 ____D C:\Users\mikem\AppData\Roaming\vlc
2021-08-26 10:16 - 2018-11-27 13:45 - 000000000 ____D C:\Users\mikem\AppData\Local\Apple Computer
2021-08-26 08:09 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-26 08:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-26 07:14 - 2020-05-14 03:46 - 000000000 ____D C:\Users\mikem\log
2021-08-26 06:46 - 2018-02-13 10:39 - 000000000 ____D C:\Program Files (x86)\Xvid
2021-08-26 06:18 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\Roaming\IObit
2021-08-26 06:18 - 2018-01-20 15:59 - 000000000 ____D C:\Program Files (x86)\Dell
2021-08-26 06:18 - 2017-08-12 20:47 - 000000000 ____D C:\ProgramData\Dell
2021-08-26 06:15 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Origin
2021-08-25 14:07 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-25 14:07 - 2019-07-25 05:09 - 000000000 ____D C:\Program Files (x86)\IObit
2021-08-25 14:07 - 2018-05-20 12:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-25 03:51 - 2019-01-01 21:45 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-08-25 02:32 - 2019-01-01 21:19 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-08-25 02:30 - 2018-06-27 23:29 - 000000000 ____D C:\ProgramData\Origin
2021-08-25 02:29 - 2020-07-15 16:25 - 000000000 ____D C:\Users\mikem\AppData\Local\Origin
2021-08-24 22:47 - 2020-12-18 12:26 - 000915360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-24 22:04 - 2019-01-27 17:13 - 000000000 ____D C:\Users\mikem\AppData\Local\NVIDIA
2021-08-24 22:04 - 2019-01-22 13:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-24 22:04 - 2019-01-22 13:04 - 000000000 ____D C:\NVIDIA
2021-08-24 22:03 - 2020-11-09 22:57 - 000001437 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2021-08-24 22:02 - 2019-01-22 13:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-08-24 22:02 - 2019-01-22 13:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-24 20:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\tracing
2021-08-24 20:29 - 2017-08-12 20:48 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-08-24 19:38 - 2020-12-18 12:33 - 000000000 ____D C:\Users\mpmm
2021-08-24 19:38 - 2020-12-18 12:33 - 000000000 ____D C:\Users\admin
2021-08-24 19:25 - 2020-10-30 05:03 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\Temp
2021-08-24 19:22 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-08-24 19:22 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-08-24 16:44 - 2017-08-12 18:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-24 16:41 - 2019-06-27 10:27 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Wondershare
2021-08-24 16:41 - 2019-02-13 03:24 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-08-24 16:39 - 2020-04-28 07:28 - 000000000 ____D C:\Users\mikem\AppData\Roaming\AVG
2021-08-24 16:39 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\ProductData
2021-08-24 15:26 - 2019-01-22 13:12 - 000000000 ____D C:\Users\mikem\AppData\Local\NVIDIA Corporation
2021-08-24 15:22 - 2020-04-23 22:44 - 000000000 ____D C:\Users\mikem\.cache
2021-08-24 15:21 - 2017-08-13 11:02 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Adobe
2021-08-24 15:00 - 2018-05-10 11:42 - 000000000 ____D C:\Program Files (x86)\Brother
2021-08-24 15:00 - 2017-08-13 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-24 14:59 - 2018-05-10 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-08-24 13:36 - 2017-08-12 18:20 - 000000898 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-24 10:41 - 2021-07-20 11:44 - 000307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-08-24 10:41 - 2021-07-20 11:44 - 000213456 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 002163152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000188856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-08-24 10:41 - 2021-07-13 21:14 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-08-21 23:56 - 2018-05-10 11:44 - 000000000 ____D C:\Users\mikem\AppData\Local\CrashDumps
2021-08-21 23:40 - 2019-11-26 03:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\WD Discovery
2021-08-21 23:39 - 2020-05-04 17:33 - 000000000 ____D C:\Users\mikem\.wdc
2021-08-21 23:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-21 23:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-21 23:13 - 2019-06-16 16:52 - 000000000 ____D C:\Cache
2021-08-21 23:06 - 2020-12-23 17:22 - 000000000 ____D C:\Program Files\WD Desktop App
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IObit
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\IObit
2021-08-21 22:05 - 2019-02-13 03:25 - 000000000 ____D C:\ProgramData\Wondershare
2021-08-21 22:03 - 2020-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\4MeKey
2021-08-21 22:03 - 2020-11-29 07:37 - 000000000 ____D C:\Users\mikem\AppData\Roaming\LG Electronics
2021-08-21 22:03 - 2020-11-29 07:36 - 000000000 ____D C:\Users\mikem\AppData\Local\LG Electronics
2021-08-21 22:03 - 2019-07-30 14:01 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2021-08-21 22:02 - 2019-12-10 17:17 - 000000000 ____D C:\Users\mikem\AppData\Local\Packages
2021-08-21 22:02 - 2018-01-21 10:35 - 000000000 ____D C:\Program Files\Android
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Exodus
2021-08-21 22:01 - 2021-07-13 23:18 - 000000000 ____D C:\Users\mikem\AppData\Local\exodus
2021-08-21 21:58 - 2021-07-13 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-08-21 10:25 - 2020-12-18 12:32 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-20 10:25 - 2020-12-31 13:26 - 000000000 ____D C:\WINDOWS\Minidump
2021-08-17 23:45 - 2017-08-12 18:27 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-17 23:45 - 2017-08-12 18:27 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-17 15:55 - 2019-12-10 20:24 - 000000000 ____D C:\Users\mikem\AppData\Local\D3DSCache
2021-08-15 20:19 - 2020-12-18 22:56 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-15 20:19 - 2020-12-18 22:56 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6d563b3b6d726
2021-08-12 00:31 - 2020-12-18 14:59 - 000000000 ____D C:\Program Files\Hyper-V
2021-08-12 00:31 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 00:32 - 2017-08-12 19:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 00:25 - 2017-08-12 19:12 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-10 12:45 - 2021-02-01 13:27 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-08-07 13:14 - 2020-12-22 22:13 - 000003174 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-08-07 13:14 - 2020-12-18 12:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-07 13:14 - 2020-12-18 12:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-07 09:13 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-07 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-07 09:13 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-07 07:49 - 2020-01-07 11:50 - 000000000 ___HD C:\OneDriveTemp
2021-08-07 07:45 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-07 07:28 - 2019-12-10 17:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-07 07:15 - 2021-07-13 19:41 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Electrum
2021-08-06 06:33 - 2021-07-13 19:33 - 000000000 ____D C:\Users\mikem\AppData\Roaming\com.liberty.jaxx
2021-08-05 16:12 - 2020-11-12 23:15 - 000078192 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-08-05 16:12 - 2020-11-12 23:15 - 000067952 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 002186608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-08-05 16:12 - 2020-11-09 22:56 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-08-05 16:12 - 2020-11-09 22:55 - 000168304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-08-05 16:12 - 2020-11-09 22:55 - 000144240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-08-04 12:05 - 2020-09-30 23:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-04 10:25 - 2020-02-03 01:39 - 000000000 ____D C:\Program Files (x86)\Origin
2021-08-04 08:28 - 2019-12-10 17:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-27 12:06 - 2018-10-09 18:16 - 000000000 ____D C:\M19 Number Array Helper
==================== Files in the root of some directories ========
2018-03-21 09:15 - 2018-02-13 02:57 - 000131072 _____ () C:\Users\mikem\zcl-wallet.dat
2019-02-08 09:03 - 2015-12-18 23:41 - 000573952 _____ () C:\Program Files\DS4Updater.exe
2019-02-08 09:03 - 2016-10-08 22:17 - 003168256 _____ () C:\Program Files\DS4Windows.exe
2020-05-04 23:38 - 2020-05-05 00:10 - 000000128 _____ () C:\Users\mikem\AppData\Local\PUTTY.RND
2020-04-23 22:47 - 2020-04-23 22:47 - 000000792 _____ () C:\Users\mikem\AppData\Local\recently-used.xbel
2018-03-21 12:01 - 2021-08-26 20:29 - 000007600 _____ () C:\Users\mikem\AppData\Local\Resmon.ResmonCfg
2019-04-03 13:57 - 2019-06-24 00:26 - 164937728 _____ () C:\Users\mikem\AppData\Local\SageThumbs.db3
2020-11-28 22:58 - 2020-11-28 22:58 - 000000076 _____ () C:\Users\mikem\AppData\Local\uts.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
Ran by mike (26-08-2021 21:04:10)
Running from C:\Users\mikem\Desktop
Windows 10 Pro Version 21H1 19043.1165 (X64) (2020-12-18 17:56:15)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
admin (S-1-5-21-3200273941-2670340362-4195434088-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3200273941-2670340362-4195434088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3200273941-2670340362-4195434088-503 - Limited - Disabled)
Guest (S-1-5-21-3200273941-2670340362-4195434088-501 - Limited - Disabled)
Kerstin (S-1-5-21-3200273941-2670340362-4195434088-1013 - Limited - Enabled)
mikem (S-1-5-21-3200273941-2670340362-4195434088-1000 - Administrator - Enabled)
mpmm (S-1-5-21-3200273941-2670340362-4195434088-1005 - Administrator - Enabled) => C:\Users\mpmm
mpmm_a21rhkv (S-1-5-21-3200273941-2670340362-4195434088-1014 - Administrator - Enabled) => C:\Users\mpmm_a21rhkv
WDAGUtilityAccount (S-1-5-21-3200273941-2670340362-4195434088-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis True Image for Western Digital (HKLM-x32\...\{1E085CBE-D1B4-48E2-BCDE-7DB45886E7B1}) (Version: 24.0.34190 - Acronis)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AO Tennis 2 (HKLM-x32\...\{DDCF1227-1C1A-4931-B467-E62E3078A091}) (Version: 1.0.0.31 - Bigben Interactive)
Apple Application Support (32-bit) (HKLM-x32\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Bode Miller Alpine Skiing (HKLM-x32\...\{94FC1D16-0D5D-4FA6-A3D8-61B503F67A7A}) (Version: 1.0.0.0 - Masque Publishing)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{36DAA671-6347-495C-B816-6FB782430D8A}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{6D33FF09-043C-45A6-A3E5-5DDBF686AC4E}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ActiveTouchMeetingClient) (Version: 40.10.3 - Cisco Webex LLC)
Client Connector for Windows Server Essentials (HKLM\...\{563CB0AF-E0B5-42B1-AB42-8E6964349900}) (Version: 6.2.9805.10 - Microsoft Corporation)
Convertilla 0.7 (HKLM-x32\...\Convertilla_is1) (Version: 0.7.1.37 - Convertilla)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DDS Converter (HKLM-x32\...\{5F5E193F-D7E8-4BC5-9B23-DE46BE1014DF}_is1) (Version: - ddsconverter.com)
Dell Direct Key (HKLM-x32\...\{71A234EA-4CBA-46E7-B81D-4C2AF8BCD6E2}) (Version: 1.6.3 - Dell)
Dell OS Recovery Tool (HKLM-x32\...\{1d0f6ac3-7e12-43a6-9e10-42f0104b36fb}) (Version: 2.3.6056 - Dell Inc.)
Dell OS Recovery Tool (HKLM-x32\...\{683CBC26-004C-41FA-ADBC-81C3FDD2E0F2}) (Version: 2.3.6056.0 - Dell) Hidden
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Electrum (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\Electrum) (Version: 4.1.4 - Electrum Technologies GmbH)
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts)
FIFA 20 (HKLM-x32\...\{9EC414D8-8C49-4310-BCC7-C72AB0776F4C}) (Version: 1.0.66.8249 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 50.0.11.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Icecream Screen Recorder version 6.21 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 6.21 - Icecream Apps)
iCloud Outlook (HKLM\...\{696A65CA-2720-4D0D-A255-78123E9AC856}) (Version: 11.2.0.18 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{85B6BF0F-EF1B-4F0F-892D-E68BD798950C}) (Version: 2.4.04669 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.6.60 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{3fa11c9d-9f7f-4020-bcef-dbf9c9fe309f}) (Version: 20.7.26.7 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{41112465-3c4f-42bb-9a61-39f7f509f8f8}) (Version: 20.4.17.5 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{6f8c45f4-0319-451f-a65b-8efccc93e4db}) (Version: 20.8.30.5 - Intel)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version: - Electronic Arts)
Madden NFL 20 (HKLM-x32\...\{1f42e79a-26a2-4462-9254-fdc0b56f1443}) (Version: 1.0.53.61468 - Electronic Arts)
Madden NFL 21 (HKLM-x32\...\{01022C15-AD1D-4808-8137-16CB9ADB6530}) (Version: 1.0.56.40921 - Electronic Arts)
Madden NFL 22 (HKLM-x32\...\{02CDEE4B-868F-429E-80F8-48C204727DF4}) (Version: 1.0.59.14349 - Electronic Arts)
Malwarebytes version 4.4.5.130 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.5.130 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Power Query for Excel (HKLM-x32\...\{188A72BC-39E4-4FFE-923A-31C5A7647350}) (Version: 2.50.4859.281 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
Microsoft Virtual Machine Converter (HKLM\...\{332C1E78-1D2F-4A64-B718-68095DC6254B}) (Version: 3.1.0.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{85317F07-8719-36EF-B19E-B196F383D0F3}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.2 (x64 en-US)) (Version: 91.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
Neon 2.2.1 (only current user) (HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.2.1 - Ethan Fast)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.68 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
STAR WARS Jedi - Fallen Order™ (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}) (Version: 1.0.9.0 - Electronic Arts, Inc.)
STAR WARS Jedi: Fallen Order™ Deluxe Upgrade (HKLM-x32\...\{D00A89F1-2D8C-4589-B1D1-73A6544E3B1F}_SWJFODeluxe) (Version: 1.0.0.0 - Electronic Arts, Inc.)
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Virtualdub FFMpeg Input Plugin (HKLM-x32\...\{F26A7CD7-C187-45DB-A790-C1C103A03C2F}_is1) (Version: 1.9.0.4 - Karl Pritchett)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{4EA8640B-DEB6-478F-BDAC-F4BCBEEFAFAB}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
WD SmartWare (HKLM\...\{798354C0-D5F2-4A43-ADEE-3DA9B1725ECC}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{5be946d0-7ba1-41b6-808a-0e7f2b7cb4a8}) (Version: 2.4.21.1 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Packages:
=========
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-08-03] (Dropbox Inc.)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.41531.0_x64__8wekyb3d8bbwe [2021-06-30] (Microsoft Corporation)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-08-19] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-24] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-16] (Microsoft Corporation)
Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2107.16004.0_x64__8wekyb3d8bbwe [2021-08-13] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-08-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-413578968-4127535815-2662069183-1116_Classes\CLSID\{6E880369-27C7-43B7-BF91-C9F9E18A2870} -> [iCloud Drive] => C:\Users\mikem\iCloudDrive [2020-07-23 04:29]
SSODL: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {F624FB69-FC91-4FC7-91FD-F7F78364CA8B} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_0_34190.dll [2020-11-20] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\50.0.11.0\drivefsext.dll [2021-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_253e24b785ea60ca\nvshext.dll [2021-08-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2018-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [127488 2014-09-29] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb
ShortcutWithArgument: C:\Users\mikem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2019-12-10 17:33 - 2019-09-23 22:51 - 000261632 _____ (www.startisback.com) [File not signed] C:\OldNewExplorer\OldNewExplorer64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3200273941-2670340362-4195434088-1005 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer64.dll [2019-09-23] (www.startisback.com) [File not signed]
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer32.dll [2019-09-23] (www.startisback.com) [File not signed]
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\wustat.windows.com -> hxxp://wustat.windows.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2021-08-26 20:30 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-05-04 19:44 - 2021-08-26 20:34 - 000000495 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.23.208.1 MPMM1.mshome.net # 2026 8 3 26 1 34 26 23
10.125 unbuntu.mshome.net # 2020 5 2 12 4 14 44 897
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\RogueKiller;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Users\mikem\AppData\Roaming\npm;C:\adb;C:\android-studio;C:\platform-tools;C:\Program Files (x86)\NVIDIA Corporation\DDS Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Control Panel\Desktop\\Wallpaper -> H:\H Seagate\Dell\Win7 Chrome 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CVPND => 2
MSCONFIG\Services: Dell Hardware Support => 3
MSCONFIG\Services: DellClientManagementService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PCPrintProvider => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ss_conn_service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WsAppService => 3
MSCONFIG\Services: WsAppService3 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 7.0 =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Chromium =>
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: iTunesHelper =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: Wargaming.net Game Center =>
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Onboard"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "WDDiscovery"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\StartupFolder: => "DS4Windows.lnk"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\...\StartupApproved\Run: => "CiscoMeetingDaemon"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
11-08-2021 00:41:25 Windows Modules Installer
12-08-2021 14:56:09 Driver Booster : NVIDIA GeForce GTX 1050 Ti
21-08-2021 13:12:18 Scheduled Checkpoint
21-08-2021 21:55:41 Removed Wasabi Wallet
21-08-2021 21:58:52 Removed MuseScore 3
24-08-2021 05:42:52 Removed Windows Live ID Sign-in Assistant
26-08-2021 06:17:40 AdwCleaner_BeforeCleaning_26/08/2021_06:17:21
26-08-2021 19:42:57 AdwCleaner_BeforeCleaning_26/08/2021_19:42:56
26-08-2021 20:29:26 AdwCleaner_BeforeCleaning_26/08/2021_20:29:18
==================== Faulty Device Manager Devices ============
Name: Microsoft Hyper-V Virtual Machine Bus Provider
Description: Microsoft Hyper-V Virtual Machine Bus Provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vmbusr
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Realtek Audio
Description: Realtek Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft Hyper-V Virtual Disk Server
Description: Microsoft Hyper-V Virtual Disk Server
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: storvsp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: ========================
Application errors:
==================
Error: (08/26/2021 09:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.19041.746, time stamp: 0x52055893
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1151, time stamp: 0x891df6d3
Exception code: 0x00000000
Fault offset: 0x0000000000034ed9
Faulting process id: 0x6f4
Faulting application start time: 0x01d79ae742224e92
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3e088c83-33e6-4833-b9d9-9b35a45a404d
Faulting package full name:
Faulting package-relative application ID:
Error: (08/26/2021 07:46:18 PM) (Source: MSMQ) (EventID: 2199) (User: )
Description: Message Queuing Service failed to listen on both IPv4 and IPv6 protocol. Messages will not be accepted from the network through TCP/IP protocols. Messages addressed to this machine using TCP/IP protocols will not arrive but will accumulate in sender's outgoing queues. Please fix the TCP/IP protocols issue and restart the computer.
Error: (08/26/2021 07:46:18 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.
Error: (08/26/2021 07:46:18 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MPMM1.local already in use; will try MPMM1-2.local instead
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 MPMM1.local. Addr 192.168.1.90
Error: (08/26/2021 06:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.90:5353 16 MPMM1.local. AAAA 2600:1700:4050:DEA0:0000:0000:0000:0049
Error: (08/26/2021 06:23:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: bd4
Start Time: 01d79a6cb9ba757b
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: b70289f4-78bb-4e35-afc7-3811dc1c316f
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
System errors:
=============
Error: (08/26/2021 09:05:42 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{F99A566C-42AE-4DE2-AD4D-D297A04C5433}
Error: (08/26/2021 09:05:40 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (08/26/2021 09:05:17 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (08/26/2021 09:05:17 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/26/2021 09:05:17 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (08/26/2021 09:05:17 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/26/2021 09:05:17 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service wisvc with arguments "Unavailable" in order to run the server:
{3185A766-B338-11E4-A71E-12E3F512A338}
Error: (08/26/2021 09:05:14 PM) (Source: DCOM) (EventID: 10005) (User: MCL)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Windows Defender:
================
Date: 2021-08-26 15:13:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 15:07:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 14:28:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 04:05:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-25 23:07:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-26 20:53:11
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.347.484.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18400.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2021-08-26 20:42:52
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2021-08-26 21:02:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-08-26 19:36:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\OldNewExplorer\OldNewExplorer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A11 05/07/2019
Motherboard: Dell Inc. 088DT1
Processor: Intel® Core i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 17%
Total physical RAM: 16334.93 MB
Available physical RAM: 13539.85 MB
Total Virtual: 32718.93 MB
Available Virtual: 30306.59 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:911.69 GB) (Free:318.39 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:19.78 GB) (Free:8.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (MPMM SDD Drive 1TB) (Fixed) (Total:931.51 GB) (Free:498.8 GB) NTFS
Drive j: (MPMM SDD Drive 2TB) (Fixed) (Total:1862.98 GB) (Free:1860.8 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 90CAB908)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.8 GB) - (Type=27)
Partition 3: (Not Active) - (Size=911.7 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 184C4081)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 7140C96E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
#23
Posted 27 August 2021 - 12:37 AM
A couple of questions:
1. Why did you run FRST in Safe mode?
2. Any reason why you posted the fresh FRST logs here too? I am infected, having a heck of a time getting my PC clean. Please help - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)
Something else:
I asked you repeatedly how is the computer running now, and you didn't respond.
Also, please let me know how is the computer running now. Any issues/questions/concerns.
#24
Posted 27 August 2021 - 01:42 AM
I ran it in safe mode because I was trying to answer your question. It just didnt seem to be running right.
#25
Posted 27 August 2021 - 01:50 AM
I ran it in safe mode because I was trying to answer your question. It just didnt seem to be running right.
And again, you don't seem to answer to my questions, mpmm.
How is the computer running now? In details please.
#26
Posted 27 August 2021 - 02:27 AM
Let's continue:
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start:: CreateRestorePoint: CloseProcesses: RemoveProxy: Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden Task: {979F0FF0-C0BC-4132-854F-0AD98A8AB2EF} - System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => C:\Windows\system32\pcalua.exe -a C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe -d C:\Users\mikem\Downloads FF user.js: detected! => C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js [2020-12-31] FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File] FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File] S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-12-10] (Wondershare Technology Co.,Ltd -> Wondershare) S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.243\WsAppService.exe [495392 2019-06-13] (Wondershare Technology Co.,Ltd -> Wondershare) S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare) S4 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X] S3 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X] S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X] C:\Program Files (x86)\Wondershare C:\ProgramData\Wondershare C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe 2021-08-07 09:31 - 2021-08-07 09:31 - 107831296 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2021-08-07 09:31 - 2021-08-07 09:31 - 000679936 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2021-08-07 09:31 - 2021-08-07 09:31 - 000102400 _____ C:\WINDOWS\system32\config\SAM.iobit 2021-08-07 09:31 - 2021-08-07 09:31 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2021-08-07 07:28 - 2021-08-26 06:18 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit 2021-08-25 14:07 - 2019-07-25 05:09 - 000000000 ____D C:\Program Files (x86)\IObit 2021-08-24 16:41 - 2019-06-27 10:27 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Wondershare 2021-08-24 16:41 - 2019-02-13 03:24 - 000000000 ____D C:\Program Files (x86)\Wondershare 2021-08-24 16:39 - 2020-04-28 07:28 - 000000000 ____D C:\Users\mikem\AppData\Roaming\AVG 2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IObit 2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\IObit 2021-08-21 22:04 - 2020-11-30 01:38 - 000000000 ____D C:\adb 2021-08-21 22:03 - 2020-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\4MeKey 2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc 2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Exodus 2021-08-21 22:01 - 2021-07-13 23:18 - 000000000 ____D C:\Users\mikem\AppData\Local\exodus HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) MSCONFIG\startupreg: Chromium => EmptyTemp: End::
- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
2. Uninstall programs
- Press the Windows Key + R.
- Type appwiz.cpl in the Run box and click OK.
- The Add/Remove Programs list will open. Locate the following programs in the list:
Avast Update Helper Dell SupportAssist
- Select the above programs, one by one, and click Uninstall.
- Restart the computer.
3. Fresh FRST logs
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
In your next reply please post:
- The fixlog
- The fresh FRST logs, FRST and Addition
- FEEDBACK: How is the computer doing now. Any issues/questions/concerns
#27
Posted 27 August 2021 - 03:58 AM
the network connection seems to be slow. compromised. it will lose connection and then reconnect. the screen quality is degraded. i cant increase the color depth past 8bits. I have a good video card and nice monitor, and it just isn't right. lots of extra processes running. overall the system is sluggish. I hope that helps. Sorry if I didn't answer before. I wasn't sure exactly what you wanted
#28
Posted 27 August 2021 - 04:00 AM
also when FRST first launches it has an error message, saying that it can't update itself
#29
Posted 27 August 2021 - 04:06 AM
The FRST can't update itself because of network issues.
Follow all the instructions in my previous post and we will continue from there.
#30
Posted 27 August 2021 - 04:23 AM
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
Ran by mike (27-08-2021 05:00:36) Run:3
Running from C:\Users\mikem\Desktop
Loaded Profiles: admin & mpmm & mpmm_a21rhkv & mike
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Task: {979F0FF0-C0BC-4132-854F-0AD98A8AB2EF} - System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => C:\Windows\system32\pcalua.exe -a C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe -d C:\Users\mikem\Downloads
FF user.js: detected! => C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js [2020-12-31]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [No File]
S3 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [269200 2020-12-10] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.243\WsAppService.exe [495392 2019-06-13] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 DellClientManagementService; "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" [X]
S3 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
C:\Program Files (x86)\Wondershare
C:\ProgramData\Wondershare
C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe
2021-08-07 09:31 - 2021-08-07 09:31 - 107831296 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000679936 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000102400 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-08-07 09:31 - 2021-08-07 09:31 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-08-07 07:28 - 2021-08-26 06:18 - 000000000 ____D C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit
2021-08-25 14:07 - 2019-07-25 05:09 - 000000000 ____D C:\Program Files (x86)\IObit
2021-08-24 16:41 - 2019-06-27 10:27 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Wondershare
2021-08-24 16:41 - 2019-02-13 03:24 - 000000000 ____D C:\Program Files (x86)\Wondershare
2021-08-24 16:39 - 2020-04-28 07:28 - 000000000 ____D C:\Users\mikem\AppData\Roaming\AVG
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\Users\mikem\AppData\LocalLow\IObit
2021-08-21 22:26 - 2019-07-25 05:09 - 000000000 ____D C:\ProgramData\IObit
2021-08-21 22:04 - 2020-11-30 01:38 - 000000000 ____D C:\adb
2021-08-21 22:03 - 2020-12-30 14:33 - 000000000 ____D C:\Program Files (x86)\4MeKey
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-08-21 22:01 - 2021-07-13 23:19 - 000000000 ____D C:\Users\mikem\AppData\Roaming\Exodus
2021-08-21 22:01 - 2021-07-13 23:18 - 000000000 ____D C:\Users\mikem\AppData\Local\exodus
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\startupreg: Chromium =>
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3200273941-2670340362-4195434088-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-413578968-4127535815-2662069183-1116\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-413578968-4127535815-2662069183-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\SystemComponent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{979F0FF0-C0BC-4132-854F-0AD98A8AB2EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{979F0FF0-C0BC-4132-854F-0AD98A8AB2EF}" => removed successfully
C:\WINDOWS\System32\Tasks\{FC04A7EF-B25F-4923-A1F3-D16E259300F9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC04A7EF-B25F-4923-A1F3-D16E259300F9}" => removed successfully
C:\Users\mikem\AppData\Roaming\Mozilla\Firefox\Profiles\hi4lo88b.default-1543873865624\user.js => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\Wondershare InstallAssist => removed successfully
Wondershare InstallAssist => service removed successfully
HKLM\System\CurrentControlSet\Services\WsAppService => removed successfully
WsAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsAppService3 => removed successfully
WsAppService3 => service removed successfully
HKLM\System\CurrentControlSet\Services\DellClientManagementService => removed successfully
DellClientManagementService => service removed successfully
HKLM\System\CurrentControlSet\Services\DellDigitalDelivery => removed successfully
DellDigitalDelivery => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz145 => removed successfully
cpuz145 => service removed successfully
C:\Program Files (x86)\Wondershare => moved successfully
C:\ProgramData\Wondershare => moved successfully
"C:\Users\mikem\Downloads\jre-8u221-windows-i586-iftw.exe" => not found
C:\WINDOWS\system32\config\SOFTWARE.iobit => moved successfully
C:\WINDOWS\system32\config\DEFAULT.iobit => moved successfully
C:\WINDOWS\system32\config\SAM.iobit => moved successfully
C:\WINDOWS\system32\config\SECURITY.iobit => moved successfully
C:\Users\mpmm_a21rhkv\AppData\Roaming\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\mikem\AppData\Roaming\Wondershare => moved successfully
"C:\Program Files (x86)\Wondershare" => not found
C:\Users\mikem\AppData\Roaming\AVG => moved successfully
C:\Users\mikem\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
"C:\adb" => not found
C:\Program Files (x86)\4MeKey => moved successfully
C:\Users\mikem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc => moved successfully
C:\Users\mikem\AppData\Roaming\Exodus => moved successfully
C:\Users\mikem\AppData\Local\exodus => moved successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: Chromium =>" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 267419448 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 208868 B
Edge => 0 B
Chrome => 6566195 B
Firefox => 1199664085 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7344 B
NetworkService => 31706 B
admin => 31706 B
mpmm => 31706 B
mpmm_a21rhkv => 31706 B
mikem => 37328186 B
RecycleBin => 227223001 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 05:03:31 ====
The system rebooted and I moved on to your next steps.
NOTES:
1) I am uninstalling specified software now - it completed
2) Avast uninstalled successfully
3) Dell Support Assist errors out when trying to uninstall. Message text: "Error 1316. The specified account already exists."
4) system still seems sluggish. If I click inside a window then I usually see it quickly flash like a negative image of the screen
5) the disk activity graph and network activity graphs on the performace tab in task manager look like a failed polygraph, they bounce all over the place, showing way too much activity
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users