Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mykiger browser infection [Solved]


  • This topic is locked This topic is locked

#1
dale1234

dale1234

    Member

  • Member
  • PipPip
  • 24 posts

Greetings-

 

The last couple of days I've noticed a rare occurrence of a suspicious browser hijack popping up a graphic page asking me to click to prove "I'm not a robot."  I searched and it's apparently something called "mykiger".  I know I have seen it on the PC I'm sitting at now (Win 10 Desktop) and I *think* I've seen it on my Win10 laptop too.  This particular incident is for the desktop.

 

So far I've been able to "escape" it by just closing the tab and moving on, but I have no idea how deep its hooks have gotten.  I hunted around for my last logs from a PC several builds ago and found I still had a login for GeekstoGo, from 2012. So here I am again at last. :)

 

(additional probably unrelated info: I discovered I had some sort of "hiccup" back on 10/15/2021 that moved some files from a directory in my D: to some "found" directories.  Probably corrupt, I probably need a new drive.  But it's the only other blip I've experienced recently.)

 

Thanks!

 

-dale

---------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by dalem (administrator) on DESKTOP-OQ73F3L (11-11-2021 22:06:41)
Running from C:\Users\dalem\Desktop
Loaded Profiles: dalem
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareService.exe
(Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareTray.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotification.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\dalem\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareTray.exe [4882168 2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-22] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] () [File not signed]
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Discord] => C:\Users\dalem\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\dalem\AppData\Local\WebEx\ciscowebexstart.exe [4934984 2021-10-29] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [43520 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [22528 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-28] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011F71FA-0437-411B-A5BC-56E6FEC69F83} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (No File)
Task: {13D904CB-937C-4C33-AA26-A59E79D94E1D} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {2DFB9BB0-3F66-4E56-ABE4-9FB2F7779AFA} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {32F7EBBB-2048-4417-97E5-1428F2A7E4F8} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {4B659983-D679-40BD-95FA-AB98C706CC31} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695104 2021-10-01] (McAfee, LLC -> McAfee, LLC)
Task: {5C43EB5C-A64D-4D32-A167-2E5493836295} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (No File)
Task: {5D06F9B1-7928-4924-9F2F-F4C3FDD60529} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {6D6A7DFC-2EA5-4E00-B56B-7312DC518E62} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {71A42A9C-4873-4454-B3D7-4B92BF07427F} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {8BF25168-2659-42B5-973A-79B526A0E582} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {9221330E-5538-415D-B37C-CA52DF4E7758} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {9D85908A-AD18-4FD3-A327-B9D638699AB4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9D8E9D60-D599-4F3B-BC57-F7CF740A72BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB9CF8CC-E324-4D33-AD02-3802999DA56C} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [752200 2018-05-20] (HP Inc. -> )
Task: {D31CE78D-B65F-438F-8F82-7ABDA3284064} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
Task: {E20D8F6C-C4FB-45EA-8D91-B21FACC1C304} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {E94CD4E2-878D-4AA2-B81A-A1DABD016E2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
Task: {F4B14C95-DA58-40AA-B871-A55C0DA8DAB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a3ecad54-bb73-4810-b02c-3e8cac2386fa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
DownloadDir: C:\Users\dalem\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> hxxps://pjmedia.com/instapundit/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-11]
Edge DownloadDir: Default -> C:\Users\dalem\Downloads
Edge HomePage: Default -> hxxps://pjmedia.com/instapundit/
Edge StartupUrls: Default -> "hxxps://pjmedia.com/instapundit/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Session Restore: Default -> is enabled.
Edge Extension: (Cisco Webex Extension) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2021-08-13]
Edge Extension: (Scener – Virtual Movie Theater) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc [2021-09-25]
 
FireFox:
========
FF DefaultProfile: wbr9n80g.default-1521393837949
FF ProfilePath: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 [2021-11-11]
FF Homepage: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://www.scabard.com/pbs/
FF NewTab: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2019-02-01 03:35:20&bName=
FF HomepageOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF NewTabOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF Extension: (YouTube™ Flash® Player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\[email protected] [2018-10-06]
FF Extension: (TV) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\[email protected] [2019-06-15] [UpdateUrl:hxxps://dadrz7o8a3etj.cloudfront.net/WebExtensions/all-exts/update.json]
FF Extension: (Open in VLC™ media player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2019-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\searchplugins\Search Now.xml [2020-12-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-10-29] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dalem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-06-25]
 
Chrome: 
=======
CHR Profile: C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default [2020-11-29]
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D020119-N0630A2D586A4510&form=CONMHP&conlogo=CT3335800
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Slides) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-01]
CHR Extension: (Docs) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-01]
CHR Extension: (Google Drive) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-01]
CHR Extension: (YouTube) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-01]
CHR Extension: (Sheets) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Search Manager) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmgebopaejnjlncllgmcenbbflikfjd [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-01]
CHR Extension: (Gmail) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareService.exe [587104 2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-05-22] (AMD) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe [797576 2021-10-22] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\\McCSPServiceHost.exe [2845608 2021-10-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1677024 2021-10-23] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2019-02-17] (Samsung Electronics CO., LTD. -> )
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-22] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [74752 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [574464 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390656 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [90048 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526336 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1088512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [638464 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110080 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118784 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [256512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [641736 2021-08-27] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-11 22:06 - 2021-11-11 22:07 - 000026933 _____ C:\Users\dalem\Desktop\FRST.txt
2021-11-11 22:05 - 2021-11-11 22:05 - 000000000 ____D C:\Users\dalem\Desktop\FRST-OlderVersion
2021-11-11 22:04 - 2021-11-11 22:07 - 000000000 ____D C:\FRST
2021-11-11 22:03 - 2021-11-11 22:05 - 002312192 _____ (Farbar) C:\Users\dalem\Desktop\FRST64.exe
2021-11-11 22:01 - 2021-11-11 22:01 - 002299904 _____ (Farbar) C:\Users\dalem\Downloads\FRST64.exe
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Roaming\adaware
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Local\AdAwareDesktop
2021-11-11 21:39 - 2021-11-11 21:39 - 000002399 _____ C:\Users\Public\Desktop\Adaware Antivirus.lnk
2021-11-11 21:39 - 2021-11-11 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2021-11-11 21:39 - 2021-11-11 21:39 - 000000000 ____D C:\Program Files\adaware
2021-11-11 21:38 - 2021-11-11 21:38 - 017663736 _____ C:\Users\dalem\Downloads\Adaware_Installer_UM.exe
2021-11-11 21:38 - 2021-11-11 21:38 - 000000000 ____D C:\ProgramData\adaware
2021-11-11 01:45 - 2021-11-11 01:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-10 20:44 - 2021-11-10 20:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 20:39 - 2021-11-10 20:39 - 000000000 ___HD C:\$WinREAgent
2021-11-10 13:44 - 2021-11-10 13:44 - 007570553 _____ C:\Users\dalem\Downloads\bb.zip
2021-11-10 13:43 - 2021-11-10 13:43 - 024789008 _____ C:\Users\dalem\Downloads\cccc.zip
2021-11-04 12:25 - 2021-11-11 01:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-04 00:21 - 2021-11-04 00:21 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 00:21 - 2021-11-04 00:21 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 20:35 - 2021-11-05 20:40 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-31 10:47 - 2021-10-31 10:48 - 275218658 _____ C:\Users\dalem\Downloads\TheWolfWorldsStenSeriesBook2_ep6.aax
2021-10-29 22:38 - 2021-11-11 01:44 - 000000000 ____D C:\ProgramData\McInstTemp0262821635568702
2021-10-25 19:47 - 2021-10-25 19:47 - 006580877 _____ C:\Users\dalem\Downloads\Calculating character sheet - NBA v1_13.pdf
2021-10-24 19:04 - 2021-10-24 19:05 - 130894753 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_linked.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004711904 _____ C:\Users\dalem\Downloads\Zalozhniy_Quartet_Sampler.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004183454 _____ C:\Users\dalem\Downloads\Double_Tap_Sample.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 002303634 _____ C:\Users\dalem\Downloads\The_Dracula_Dossier_Directors_Handbook_preview.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 001429934 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.epub
2021-10-24 19:04 - 2021-10-24 19:04 - 001153956 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.mobi
2021-10-22 15:49 - 2021-10-22 15:49 - 006409918 _____ C:\Users\dalem\Downloads\Time_Sensitive_Onboarding_Documents_for_Signa.pdf
2021-10-21 07:13 - 2021-10-21 07:13 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (2).exe
2021-10-15 09:22 - 2021-10-15 09:22 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-12 08:30 - 2021-10-12 08:30 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (1).exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-11 22:06 - 2018-01-22 14:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-11-11 22:02 - 2020-04-01 10:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-11 22:01 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-11 21:46 - 2018-12-30 00:09 - 000000000 ____D C:\Users\dalem\AppData\Roaming\discord
2021-11-11 21:45 - 2020-09-19 15:47 - 000000000 ____D C:\Users\dalem\AppData\Local\Discord
2021-11-11 21:40 - 2018-06-10 11:51 - 000000000 ____D C:\Users\dalem\AppData\Local\D3DSCache
2021-11-11 21:05 - 2020-09-15 02:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-11 18:00 - 2018-01-21 19:36 - 000000000 ____D C:\Users\dalem\AppData\Roaming\.minecraft
2021-11-11 13:14 - 2020-09-15 02:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-11 01:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-11 01:48 - 2020-09-15 02:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-11 01:48 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-11 01:45 - 2020-11-29 11:00 - 000000000 __RSD C:\Users\dalem\Documents\McAfee Vaults
2021-11-11 01:45 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-11 01:45 - 2018-01-21 19:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 01:45 - 2018-01-21 19:06 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\Mozilla
2021-11-11 01:45 - 2018-01-21 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-11 01:44 - 2020-09-15 02:59 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-11-11 01:44 - 2020-09-15 02:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-11 01:44 - 2020-09-15 02:52 - 000450984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 01:44 - 2020-09-15 02:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-11 01:44 - 2018-01-21 17:40 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-11 01:43 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-11 01:43 - 2019-02-17 19:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 01:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 00:33 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\Local\WebEx
2021-11-11 00:21 - 2018-01-21 18:58 - 000000000 ____D C:\Users\dalem\AppData\Roaming\vlc
2021-11-10 20:46 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 20:39 - 2018-01-22 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 20:37 - 2018-01-22 22:15 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 23:08 - 2021-08-24 12:23 - 000000000 ____D C:\Program Files\dotnet
2021-11-08 23:08 - 2018-03-17 20:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-07 16:11 - 2020-09-15 02:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3599443798-625604178-375638978-1001
2021-11-07 16:11 - 2020-09-15 00:50 - 000002379 _____ C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-06 15:42 - 2021-06-22 06:24 - 000000000 ____D C:\Users\dalem\valorandvictory
2021-11-04 14:59 - 2019-12-07 03:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-11-02 22:11 - 2018-02-05 18:27 - 000000000 ____D C:\Users\dalem\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 20:41 - 2018-01-21 18:33 - 000000000 ____D C:\Users\dalem\AppData\Local\Packages
2021-11-02 20:35 - 2018-06-20 15:02 - 000000000 ____D C:\ProgramData\Packages
2021-10-29 22:39 - 2020-09-15 02:59 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-10-29 22:39 - 2018-01-21 22:12 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-10-28 17:03 - 2020-04-01 10:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-28 17:03 - 2020-04-01 10:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-28 09:29 - 2020-09-15 02:59 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-10-25 19:17 - 2020-10-28 00:33 - 000000000 ____D C:\Users\dalem\Calibre Library
2021-10-24 14:25 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\WebEx
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-19 08:14 - 2018-08-23 08:52 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-10-18 14:09 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-16 01:24 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 17:18 - 2019-08-12 19:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-02-28 13:18 - 2021-02-28 13:18 - 000004903 _____ () C:\Users\dalem\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by dalem (11-11-2021 22:07:47)
Running from C:\Users\dalem\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-09-15 08:59:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3599443798-625604178-375638978-500 - Administrator - Disabled)
dalem (S-1-5-21-3599443798-625604178-375638978-1001 - Administrator - Enabled) => C:\Users\dalem
DefaultAccount (S-1-5-21-3599443798-625604178-375638978-503 - Limited - Disabled)
Guest (S-1-5-21-3599443798-625604178-375638978-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3599443798-625604178-375638978-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\uTorrent) (Version: 3.5.5.45291 - BitTorrent Inc.)
adaware antivirus (HKLM-x32\...\{6C5EEACE-A287-4510-93EF-4AD407892429}_AdAwareInstaller) (Version: 12.10.181.0 - adaware)
AdAwareInstaller (HKLM\...\{6C5EEACE-A287-4510-93EF-4AD407892429}) (Version: 12.10.181.0 - adaware) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Amazon Amazon Music) (Version: 7.6.0.1902 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
AntimalwareEngine (HKLM\...\{7045914E-E799-4061-A4FE-E58FB40CB0C1}) (Version: 3.1.280.0 - adaware) Hidden
Armored Brigade (HKLM-x32\...\Armored Brigade) (Version: 1.000 - Matrix Games)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BrLauncher (HKLM-x32\...\{C332FFD4-D911-4429-B071-DE2D2F2A9040}) (Version: 2.0.13.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{59079CC5-EF18-4F31-B6CC-8276EB4053AE}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{055AD757-30D5-4689-B378-FAE12E7D28F0}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
calibre 64bit (HKLM\...\{E3517FE8-B504-4D1D-94DE-EF326AEF314F}) (Version: 5.3.0 - Kovid Goyal)
Cisco Webex Meetings (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Field of Glory (HKLM-x32\...\Field of Glory) (Version: 2.5.02.1042 - Slitherine)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Slots (HKLM-x32\...\{FF82A507-7891-4A7E-90D1-79AB5969840E}) (Version: 1.00.0000 - Encore Software, Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R40 - McAfee, LLC)
Microsoft .NET Runtime - 5.0.12 (x64) (HKLM-x32\...\{5bd6ae15-bcab-4509-86af-c5dfc54b60d7}) (Version: 5.0.12.30622 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minutor (HKLM-x32\...\{4F34B0A4-1E8A-436E-9616-B1F715583A74}) (Version: 2.1.0 - Sean Kasun)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{96CEE8C3-B934-48A4-ADA6-91B7CE8A5002}) (Version: 1.2.17.0 - Brother Industries, Ltd.) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OneUpdater (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneUpdater) (Version: 1.0.0.0 - VOMPT Limited)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.28 - Samsung Electronics Co., Ltd.) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{D42470A0-E4C3-41C9-9A92-B1B23FD13F8C}) (Version: 1.21.6.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TextPad 8 (HKLM\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)
VideoSolo Blu-ray Player 1.0.32 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.0.32 - VideoSolo Studio)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{4da205e4-46cd-4e62-abeb-cb8f39d4e4eb}) (Version: 7.0.2417.4248 - Lavasoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
 
Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2021-10-09] (AccuWeather) [MS Ad]
Add Music To Videos -> C:\Program Files\WindowsApps\39691Videopix.AddMusicToVideos_1.1.15.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2021-10-09] (Plex)
Quarrel -> C:\Program Files\WindowsApps\38062AvishaiDernis.DiscordUWP_20.7.5.0_x64__q72k3wbnqqnj6 [2021-10-09] (Adam Dernis) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-03-29] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-29] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareShellExtension.dll [2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareShellExtension.dll [2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3599443798-625604178-375638978-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2017-03-07] (Helios Software Solutions Ltd -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-08-04 10:55 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2014-09-08 13:38 - 2014-09-08 13:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2019-08-16 11:37 - 2019-08-16 11:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-05-12 14:41 - 2017-10-27 10:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-11-08 00:35 - 2017-11-08 00:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A4C9CA3E-1CEC-4773-8865-31510CA92A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{82E19896-E698-4329-9CCC-08E06A605A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{0BD47CD0-53C6-468B-AD34-FA30AFB4C47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{4961841F-AAD7-461B-ACBF-5BBC12AC8412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{E50A75BF-1018-464B-B1CF-1FBF8AAA0179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{49E77D7A-42F8-4279-BF72-DD3E5181D78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{091563F7-B347-4947-AB2A-0AFB3E13E71C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{637D6DC0-1D97-4C36-A66B-06D0A444841D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{717080A2-E3D6-4DF5-B700-2EDC1FA48138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{EF2286F6-DEDF-43A6-A7DF-5E539F0B1E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{50DE897F-F4DC-4E04-9099-DCD11F04ACF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{2425B39F-D4F2-477F-AFBB-D794038667C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{E724D557-1D0E-4754-9DB3-85856BE82854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{3326BB17-F98C-4D92-8F42-9CAF5198591B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{1E15B93F-81EE-4D61-A9CB-C82E70B33241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{F6FF3AAB-F2EF-4445-8E5B-DEA86DD163C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{2FCB2CDE-FEA6-4E22-80A6-D30449F4FF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{65C191ED-70B7-4731-9AE5-8D3CD30F725F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{2F78CA3C-2B0C-407B-AB3A-DDBD00D36836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{9F1D7A1F-F967-46BA-9B74-0896630D3026}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{82570A68-5C3A-4B5C-9F60-37382E7369D2}] => (Allow) LPort=54955
FirewallRules: [{A60A3585-8E79-4553-89C3-EFE51F3F3DFA}] => (Allow) LPort=54950
FirewallRules: [{85730F1A-1CB0-4EB6-90FD-1251B963569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{2AD96524-1A61-4945-94DB-D17DF31EDD39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{A8FF0EAD-41DA-46EC-AF1A-63D0C924ABDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{8DD92079-9EFD-45E6-9D8A-7ED81C80477F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E42CB51A-17C7-4CD2-A1FD-8E70F89C53E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{CB38BEF0-C51E-451F-AE13-955ADBF8B119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{EAED4AF9-FB81-4B37-B373-3D078735F7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{40384A16-867A-4F5A-8B48-3BCD4244A9BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{1F2C2545-4E97-4E51-81F9-C849381A787A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{67E485AE-0EAF-431B-B0AF-504A62B0A263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{39C2EFF7-4FA7-4D92-8D0F-D4FAA720CF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{6A2F5372-AF1D-42FF-BE16-83FF99FF4B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{7BD7C20D-B389-493F-AF0D-5DE3F60D03E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{0FC01B86-AC75-4429-8DAE-54DDBC75B330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{3950B385-0F0A-4436-8D54-23746221D5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{12AAF236-4504-47B7-8CD4-F3033ABABB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{6B05BD90-8918-4CFD-B125-6ADB71463E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{B4F39558-70B1-48E0-B84A-86F698E891A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{33109564-9D32-4684-A161-3691FE4C3478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{89A25041-9676-4D00-909B-0B8259867919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{900A83F0-983C-4573-A1FD-7CA0CA498E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{05D7FBB3-DA71-4028-8607-278D0BB2CADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{E2897A40-2881-421A-9838-0A7AC0FE53CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{0E55C94F-942A-40E3-8C62-9083580C4187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{DF48AAD2-A023-462A-A404-F4EF919347CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{088D10E2-DABF-4111-8349-726B8F1AABE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{948B648B-B323-4F3C-83C2-CED43A62A1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1FF46CD6-57E2-43AF-AAEB-CD88D00ECF22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBAE541E-FCEE-4F6E-835B-F1B37797C110}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DA2064EA-9E39-4B0F-B48F-605F9FE53402}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{310D2F4F-BEA7-46C5-998C-FB6B96C795B8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{970447B1-219D-4CC8-A6EE-33E7AB85A3D4}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{3C75B2D2-5273-4CAE-822E-86B2B11320D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6AA9459-B0D4-44D7-B55D-E5F7E5AA623A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2FC2F3F0-A38E-4DBB-85B0-FFCFD1DA6D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{9DAECDA0-CCB4-484A-8DE8-A7CBDA675A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{72AEC3A7-4F36-4A7B-8BAD-4282072BFB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{4C1DEA1C-0D90-404E-AA89-0381F78CF2E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{119E2071-795A-4065-888D-E9D9AABDBC8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{D80EA7A6-F395-4C4E-9AA4-5D25EB87733E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{F2B600F2-823B-4834-8E18-13B2E7B5C666}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7700F605-CCE0-4401-8977-01428544FBAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47C06BE2-7101-416C-973C-5F2F72318A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{F8663787-374C-4625-9C22-D459B0B63C92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E5E5AC8E-4442-4074-845A-481ACB76F665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{9E2AE1FD-F827-4B07-A996-1BB0FE58D3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{5CD1CBE2-DDB5-44F8-9ED1-6C70674EFCD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{BF41656D-1812-490D-BD26-CD4FF3D493CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{8DAD25DA-13A6-441B-B4E8-C762F05BCCAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{4CBBD028-26E2-40D7-AB7B-F871563B7634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{89AF9E33-3229-4CE9-875A-D340EA43CC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{ECFDB7DB-7583-45C3-8030-F1D8D53C0628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{E1342BFF-2526-44CE-9EE1-EDD4A009D0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{B91F188B-CD9B-4EAA-A726-FCFB32CAFC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{4F6130E7-62F4-432A-9998-FBE92FA59276}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{516AB0E8-2240-4404-A163-9A633630DD1B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{BFF2C298-2455-4502-BC5F-0E75786B1DB3}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0FC1E2B9-C0F2-43F9-8F0C-6FC45EC07058}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{45D9D03D-6DBF-4D98-8179-BDC532D95431}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4AD0DA7B-41B9-482E-86C3-66A1D8182778}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0428C9E6-DCBC-438E-81A6-850E2DBA9F88}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4D31C5DF-228D-4F44-A52C-F2631E5C9F28}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{5977B9E0-C55B-42D3-B4AD-FE73764046C3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{C03B41D3-6DF1-4599-BD12-67F6C98A8C81}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{A5905CDA-489A-4069-9F42-F53427E766CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{9B647C46-4D7D-4C4E-A6B4-1EF40EFC0389}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{80916E14-1953-4697-9074-FF041BA6EA49}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{08C70099-0FB4-4300-9239-90D2F07EECA9}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{ECEE5C6A-5B84-41E3-8CD3-1F0F3B70F962}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4474B7F-76DD-4A48-959D-BBE05535D43B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{4314CAB6-60A5-4042-BFCB-D757232AB093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{6FF64FB1-699C-4966-BF89-76E8B6E05A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{30D6F85B-31D5-4F0A-906E-24785B16E82E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{17A4207B-2090-4DA5-A89B-EEA4E9ADF5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{9804197B-8DC3-42FD-8D65-C80C4628906A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{D599A3BC-C738-4868-A061-647AA00A6F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{3E8C78CA-2C4A-459B-9FE8-6904C9166143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{720B4A8A-786E-48B4-8BD6-7D09032B7B58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{F4211D51-DC0A-424F-8901-A75E371A4B00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{E042D7FF-F6BD-467C-A29E-068A3EF0C3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{F71AC68D-C110-45F2-9BE1-B0332037E79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{C7D5396A-591F-4733-A179-5D3E5CC2D7AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{3988456F-B38B-45DC-820D-65C8290D27A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{83F3CE13-62D9-4185-90C8-D5B47E5F779C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{19BB8468-6A7D-47B7-8A33-D2F9805C35A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{2EC1EBAA-8806-4F80-9FFE-719671B9B73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{C99A6F24-7B0C-4337-8F24-A06DECCD11DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{17E75E5B-9111-493E-A85E-6E6504159167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{ED6833FB-8979-46B7-AFAB-8AB92585F82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{BEABA52E-C74B-4B94-B4ED-2E003A72341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{316A38B2-49BB-493B-8263-E4553D795583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{82F81DA8-2453-487E-948D-26FDACA8DD15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{094488BB-290B-430C-AB35-21ECA9E6B5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{8325BDA7-B635-4E2A-AC1B-17D4BB84DC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{0288E1AE-CF15-4968-8099-82818A741FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{315156DE-07BE-4453-B722-7DA2662391CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{B2D84E78-2196-4C24-B14A-95F5FD2704E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{C8C9FB74-22ED-4B5E-A365-253E32A7D1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{AB4250E0-F0CA-43A1-8D41-9E3D91CEE1B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{F5059D73-2819-4472-897F-7E6178D6D029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{27C1BBA2-1C02-4B6A-AAC6-378C04E8F323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{5D570449-71E7-47E8-869D-1AFC59E67270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{15B89EFF-C1CE-4B74-9811-D5F8BAE9DBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{097EC5D7-0517-47A2-B136-8929FE05F795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{F260384B-8CD4-4270-BAF3-691D38506C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{406E230E-BB64-4685-BC0B-8A34BD8BF828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{5DBBFDD8-501A-40A7-9EF2-0028218A9256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{0F0B8933-C93B-491F-B08C-6F7C19132597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{35664D0A-B671-43EB-9E31-3F05E06EAF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{F139791B-4EA9-4402-B2F0-1E08A509006A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{EDBC52B2-8484-4B7A-BD7D-856A823D05B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{560CD5AF-0605-4F98-BA96-C89F439EAA91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C4A58B91-4FA4-464E-A96C-720296C74D0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{34BD72EC-AEAD-4497-9C0F-3253CE9F7179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{6931784C-B430-401F-B0B1-C9E48B14239C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{236DC0DE-0ACB-4F2A-B40F-34AADF07FA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{EB5100C6-5C15-487E-B174-1C9E64507BA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4A353A3E-5334-4878-BE0D-26FCD0ED8DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A1ED21C3-EE2F-499F-946C-2D6172D164A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{BF846BB0-DDBC-4B6D-8602-03B5F5A18BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{71C146F0-E372-45DA-898D-9A77B88CECBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{C7E588DA-FB08-4040-BD64-AAF888D38883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{B6818CD8-6EDE-4670-9E82-5D5BE73B4D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{8E70E6AE-0E40-4F09-A6D3-09CAEAE3D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{3A0C7294-3036-49EB-8F3E-489A1BC9AE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{B835739F-B2FB-4886-8865-44442B8B1F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{E0201CB1-DD2B-4A3C-995E-384324BD5AE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{478F2866-EDDB-4B2D-AB90-92F19513EAF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{E01A6333-8D84-4A70-904D-4CDCE17C1CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{D2D77DF2-4B09-4592-BD4F-8428F81C9BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{5EB05C02-8589-4C4D-8FD1-4D60AF9DC2C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{A8AC9023-BF1D-4F35-AFD4-2826F9AEB89F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{2BC02A41-8472-40A9-8FC8-766482D9494B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6A2760AC-C808-4476-81A2-159A6CF09CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{2E26ED2F-6B5F-41A8-A548-ED7898A65FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{F4B5C197-216F-4FBA-B777-4DF79585B08A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{A7D84937-0C46-4F79-8931-D7D3FB2AD324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{4DBF6A60-D6CD-41B2-8F95-23C97B535F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{31F284FE-CB65-48AF-87EF-0F22E32E94C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C8A32E50-67E5-4046-8EF6-51F3467BD915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C6E471D5-DA64-4E26-8C06-36FB6422F28D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{038FC860-81BB-421D-87AF-DDF6AFD759C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{C8E95729-1379-4CDE-AD97-3DB085D90499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{6279C4E2-ABF1-41EE-B4A1-90E2E5C25D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{F91F1408-4E86-4800-83A5-18F8FF36998C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{1C27F52F-8C66-4F64-8716-44F90F12DAEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{C1BDC899-9060-4B7A-B887-AE22F44BBFDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51D15B7E-6141-4A12-8B4B-9A0DCCAACD0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D989036-2827-4832-9417-5587E8776545}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D44128C5-4137-44BF-BF56-2225AD7B9D29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B2A37D3-AB56-4068-AE52-609C3B518673}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{86CA54E0-BF68-43E8-A3DB-E426F7C03235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47ED3AF8-D72B-461B-831D-FCDE35349291}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA87B7EC-9791-43FF-8D3C-7CB7FB432D39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{883B3EC1-6A66-44DB-AD76-D8ED648F5F70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F23BA3D-B3AC-4012-AA53-A4F122FC9947}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AFECC72E-B166-449B-A0E1-FA740096A1AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7188B239-8F07-425A-8E57-F492FEB8FE73}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{973DC6F6-D506-4168-8701-81718833C1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89B6C70A-53D5-4069-859D-FAFA5D162A97}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD63EA97-C16A-41F4-89C1-7422D5CA285B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{246F4DE5-B0AD-4264-AC67-BA54AD3DE093}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{954057B6-318D-4CFE-A983-43858129CB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{652B73A4-6631-485E-8005-63C42267E5AB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B2F3B25-4566-4027-B5E0-28E3D4A60DFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCCDF852-4AAC-4C25-B794-02BB16E42FA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51B0CB12-E1DF-4430-A6E2-A4A8CC607376}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0894DDC2-19AA-4241-8D33-4F4B02314961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
28-10-2021 06:57:41 Scheduled Checkpoint
06-11-2021 04:27:13 Scheduled Checkpoint
08-11-2021 00:36:42 Windows Modules Installer
10-11-2021 20:39:15 Windows Modules Installer
11-11-2021 21:39:24 AA11
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/11/2021 09:13:40 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/11/2021 02:14:02 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/11/2021 01:46:22 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/11/2021 01:44:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TouchBasedUI.dll, version: 1.1.74.0, time stamp: 0x54d8a958
Faulting module name: V4PrinterDesktopUINative.dll, version: 1.2.56.0, time stamp: 0x54cfc0e1
Exception code: 0xc0000005
Fault offset: 0x0000000000003ef4
Faulting process id: 0x1354
Faulting application start time: 0x01d7d6d004d47025
Faulting application path: C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.dll
Faulting module path: C:\Program Files\Samsung\Stylish UI Pack\V4PrinterDesktopUINative.dll
Report Id: 9af3d0ae-47d8-44ed-a328-05be6925844d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/11/2021 01:44:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TouchBasedUI.dll
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at TouchBasedUI.Common.FeatureHandlerService..ctor(StartupContext, TouchBasedUI.Common.CConfigurationFilePath)
   at TouchBasedUI.Common.AggregatorBuilder..ctor(StartupContext, TouchBasedUI.Common.CConfigurationFilePath)
   at TouchBasedUI.MainWindow..ctor(StartupContext)
   at TouchBasedUI.App.OnCreateWindow(StartupContext)
   at TouchBasedUI.Common.BaseApplication.CreateMainWindowCommon(StartupContext)
   at TouchBasedUI.Common.BaseApplication.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at TouchBasedUI.Program.RunApp(System.String[])
   at TouchBasedUI.Program.Main(System.String[])
 
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
 
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
 
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
 
 
System errors:
=============
Error: (11/11/2021 08:41:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Samsung - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.
 
Error: (11/11/2021 01:43:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/10/2021 09:03:41 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (11/10/2021 08:39:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Samsung - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.
 
Error: (11/09/2021 02:00:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: ApplicationSet-9PB2MZ1ZMB1S-AppleInc.iTunes.
 
 
CodeIntegrity:
===============
Date: 2021-11-11 21:13:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-11-11 21:13:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-11-11 21:13:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1203 12/25/2017
Motherboard: ASUSTeK COMPUTER INC. TUF Z270 MARK 2
Processor: Intel® Core™ i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 92%
Total physical RAM: 8133.76 MB
Available physical RAM: 582.96 MB
Total Virtual: 27589.76 MB
Available Virtual: 16511.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.03 GB) (Free:103.8 GB) NTFS
Drive d: (Data) (Fixed) (Total:1397.26 GB) (Free:548.32 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:571.65 GB) NTFS
 
\\?\Volume{30748c3d-54a7-42cd-932e-0104cd4b876e}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{de9868d4-1430-4cfb-8747-81db6d6babb5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0D1C6D57)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=06)
 
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, dale1234.

Welcome to TSG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

================================

 

I will review your logs and be back to you as soon as I am ready.

 

Please, confirm that you have read the above and you are ready to start the procedure. :)


  • 0

#3
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Confirmed! Thanks!

 

-dale


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Dale.
 
Here I am. :)
 
These are my first comments/instructions regarding your logs:
 
1. P2P program

You have µTorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 3 below.

 

2. Programs in question
 
Did you intentionally install the following?
 
adaware antivirus
Web Companion
 
If not, please uninstall them in Step 3 below. They are supposed to be a legitimate programs, but they also may have been bundled with a third party software, and have to be uninstalled.
 
 
3. Uninstall a program

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
OneUpdater
  • Select the above program and click Uninstall.
  • Restart the computer.

* In this step you can also uninstall μTorrent, adware antivirus and Web Companion. 
 
 
4. Uninstall a Chrome extension

 

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Search Manager, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

5. Browsers question

 

Did you intentionally set the following pages as your Home Page in Edge and Firefox respectively? 

 

hxxps://pjmedia.com/instapundit/
hxxps://www.scabard.com/pbs/
 
 
In your next reply please include answers about the following:
  1. What programs did you uninstall
  2. If you successfully uninstalled the extension
  3. The browsers' Home Page
  4. Fresh FRST logs, Addition and FRST. I would like you to do this after you go through all the steps above.

Ga4J8Te.gif


  • 0

#5
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

 

  1. Forgot I had that in there.  That'll have to go.
  2. I grabbed adaware yesterday when I was still fumbling around trying to remember how to deal with malware.  It'll go.  Web companion, I have no idea.  Also on the block.
  3. OneUpdate, torrent, adaware, web companion all uninstalled. Rebooted.
  4. Chrome extension removed.
  5. Edge home: https://pjmedia.com/instapundit/ ... firefox home: https://www.scabard.com/pbs/ 
    1. These are fine unless clearing them helps this process.
  6. FRST logs below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by dalem (administrator) on DESKTOP-OQ73F3L (12-11-2021 11:37:28)
Running from C:\Users\dalem\Desktop
Loaded Profiles: dalem
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\dalem\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.44\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <28>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (No File)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] () [File not signed]
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Discord] => C:\Users\dalem\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\dalem\AppData\Local\WebEx\ciscowebexstart.exe [4934984 2021-10-29] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [43520 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [22528 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-28] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011F71FA-0437-411B-A5BC-56E6FEC69F83} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (No File)
Task: {2DFB9BB0-3F66-4E56-ABE4-9FB2F7779AFA} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {32F7EBBB-2048-4417-97E5-1428F2A7E4F8} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {4B659983-D679-40BD-95FA-AB98C706CC31} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695104 2021-10-01] (McAfee, LLC -> McAfee, LLC)
Task: {5C43EB5C-A64D-4D32-A167-2E5493836295} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (No File)
Task: {5D06F9B1-7928-4924-9F2F-F4C3FDD60529} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {6D6A7DFC-2EA5-4E00-B56B-7312DC518E62} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {71A42A9C-4873-4454-B3D7-4B92BF07427F} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {8BF25168-2659-42B5-973A-79B526A0E582} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {91B0C79F-B31B-4710-A2E2-D454CAD147FE} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {95A21D35-D8CF-44AC-9734-D6F34305AC1E} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {9D85908A-AD18-4FD3-A327-B9D638699AB4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9D8E9D60-D599-4F3B-BC57-F7CF740A72BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB9CF8CC-E324-4D33-AD02-3802999DA56C} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [752200 2018-05-20] (HP Inc. -> )
Task: {D31CE78D-B65F-438F-8F82-7ABDA3284064} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
Task: {E20D8F6C-C4FB-45EA-8D91-B21FACC1C304} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {E94CD4E2-878D-4AA2-B81A-A1DABD016E2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
Task: {F4B14C95-DA58-40AA-B871-A55C0DA8DAB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a3ecad54-bb73-4810-b02c-3e8cac2386fa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
DownloadDir: C:\Users\dalem\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> hxxps://pjmedia.com/instapundit/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-12]
Edge DownloadDir: Default -> C:\Users\dalem\Downloads
Edge HomePage: Default -> hxxps://pjmedia.com/instapundit/
Edge StartupUrls: Default -> "hxxps://pjmedia.com/instapundit/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Session Restore: Default -> is enabled.
Edge Extension: (Cisco Webex Extension) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2021-08-13]
Edge Extension: (Scener – Virtual Movie Theater) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc [2021-09-25]
 
FireFox:
========
FF DefaultProfile: wbr9n80g.default-1521393837949
FF ProfilePath: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 [2021-11-12]
FF Homepage: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://www.scabard.com/pbs/
FF NewTab: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2019-02-01 03:35:20&bName=
FF HomepageOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF NewTabOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF Extension: (YouTube™ Flash® Player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\[email protected] [2018-10-06]
FF Extension: (TV) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\[email protected] [2019-06-15] [UpdateUrl:hxxps://dadrz7o8a3etj.cloudfront.net/WebExtensions/all-exts/update.json]
FF Extension: (Open in VLC™ media player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2019-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\searchplugins\Search Now.xml [2020-12-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-10-29] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dalem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-06-25]
 
Chrome: 
=======
CHR Profile: C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default [2021-11-12]
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&pc=COS2&ptag=D020119-N0640A2D586A4510&form=CONBDF&conlogo=CT3335800
CHR DefaultSearchKeyword: Default -> bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D020119-N0630A2D586A4510&form=CONMHP&conlogo=CT3335800
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Slides) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-01]
CHR Extension: (Docs) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-01]
CHR Extension: (Google Drive) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-12]
CHR Extension: (YouTube) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-01]
CHR Extension: (Sheets) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-12]
CHR Extension: (Gmail) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-05-22] (AMD) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe [797576 2021-10-22] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\\McCSPServiceHost.exe [2845608 2021-10-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1677024 2021-10-23] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2019-02-17] (Samsung Electronics CO., LTD. -> )
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [74752 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [574464 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390656 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [90048 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526336 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1088512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [638464 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110080 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118784 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [256512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-12 11:33 - 2021-11-12 11:33 - 000000220 _____ C:\Users\dalem\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
2021-11-11 22:07 - 2021-11-12 11:30 - 000065071 _____ C:\Users\dalem\Desktop\Addition.txt
2021-11-11 22:06 - 2021-11-12 11:38 - 000024909 _____ C:\Users\dalem\Desktop\FRST.txt
2021-11-11 22:05 - 2021-11-11 22:05 - 000000000 ____D C:\Users\dalem\Desktop\FRST-OlderVersion
2021-11-11 22:04 - 2021-11-12 11:37 - 000000000 ____D C:\FRST
2021-11-11 22:03 - 2021-11-11 22:05 - 002312192 _____ (Farbar) C:\Users\dalem\Desktop\FRST64.exe
2021-11-11 22:01 - 2021-11-11 22:01 - 002299904 _____ (Farbar) C:\Users\dalem\Downloads\FRST64.exe
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Local\AdAwareDesktop
2021-11-11 21:38 - 2021-11-11 21:38 - 017663736 _____ C:\Users\dalem\Downloads\Adaware_Installer_UM.exe
2021-11-11 01:45 - 2021-11-11 01:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-10 20:44 - 2021-11-10 20:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 20:39 - 2021-11-10 20:39 - 000000000 ___HD C:\$WinREAgent
2021-11-10 13:44 - 2021-11-10 13:44 - 007570553 _____ C:\Users\dalem\Downloads\bb.zip
2021-11-10 13:43 - 2021-11-10 13:43 - 024789008 _____ C:\Users\dalem\Downloads\cccc.zip
2021-11-04 12:25 - 2021-11-12 11:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-04 00:21 - 2021-11-04 00:21 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 00:21 - 2021-11-04 00:21 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 20:35 - 2021-11-05 20:40 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-31 10:47 - 2021-10-31 10:48 - 275218658 _____ C:\Users\dalem\Downloads\TheWolfWorldsStenSeriesBook2_ep6.aax
2021-10-25 19:47 - 2021-10-25 19:47 - 006580877 _____ C:\Users\dalem\Downloads\Calculating character sheet - NBA v1_13.pdf
2021-10-24 19:04 - 2021-10-24 19:05 - 130894753 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_linked.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004711904 _____ C:\Users\dalem\Downloads\Zalozhniy_Quartet_Sampler.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004183454 _____ C:\Users\dalem\Downloads\Double_Tap_Sample.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 002303634 _____ C:\Users\dalem\Downloads\The_Dracula_Dossier_Directors_Handbook_preview.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 001429934 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.epub
2021-10-24 19:04 - 2021-10-24 19:04 - 001153956 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.mobi
2021-10-22 15:49 - 2021-10-22 15:49 - 006409918 _____ C:\Users\dalem\Downloads\Time_Sensitive_Onboarding_Documents_for_Signa.pdf
2021-10-21 07:13 - 2021-10-21 07:13 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (2).exe
2021-10-15 09:22 - 2021-10-15 09:22 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-12 11:37 - 2020-04-01 10:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-12 11:36 - 2020-11-29 11:00 - 000000000 __RSD C:\Users\dalem\Documents\McAfee Vaults
2021-11-12 11:36 - 2018-12-30 00:09 - 000000000 ____D C:\Users\dalem\AppData\Roaming\discord
2021-11-12 11:35 - 2020-09-19 15:47 - 000000000 ____D C:\Users\dalem\AppData\Local\Discord
2021-11-12 11:35 - 2020-09-15 02:59 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-11-12 11:35 - 2020-09-15 02:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-12 11:35 - 2020-09-15 02:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-12 11:35 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-12 11:35 - 2018-01-22 14:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-11-12 11:35 - 2018-01-21 17:40 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-12 11:34 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-12 11:34 - 2019-02-17 19:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-12 11:29 - 2020-09-15 02:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-12 11:29 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-12 11:24 - 2018-01-21 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-12 11:23 - 2018-01-21 18:58 - 000000000 ____D C:\Users\dalem\AppData\Roaming\vlc
2021-11-12 11:20 - 2018-06-10 11:51 - 000000000 ____D C:\Users\dalem\AppData\Local\D3DSCache
2021-11-12 10:54 - 2020-09-15 02:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-12 10:54 - 2019-12-07 03:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-11-12 09:43 - 2021-08-04 15:21 - 000000000 ____D C:\Users\dalem\AppData\Roaming\ImgBurn
2021-11-12 08:49 - 2020-09-15 02:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-11 23:24 - 2018-01-21 19:36 - 000000000 ____D C:\Users\dalem\AppData\Roaming\.minecraft
2021-11-11 01:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-11 01:45 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-11 01:45 - 2018-01-21 19:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 01:45 - 2018-01-21 19:06 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\Mozilla
2021-11-11 01:44 - 2020-09-15 02:52 - 000450984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 01:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 00:33 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\Local\WebEx
2021-11-10 20:46 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 20:39 - 2018-01-22 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 20:37 - 2018-01-22 22:15 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 23:08 - 2021-08-24 12:23 - 000000000 ____D C:\Program Files\dotnet
2021-11-08 23:08 - 2018-03-17 20:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-07 16:11 - 2020-09-15 02:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3599443798-625604178-375638978-1001
2021-11-07 16:11 - 2020-09-15 00:50 - 000002379 _____ C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-06 15:42 - 2021-06-22 06:24 - 000000000 ____D C:\Users\dalem\valorandvictory
2021-11-02 22:11 - 2018-02-05 18:27 - 000000000 ____D C:\Users\dalem\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 20:41 - 2018-01-21 18:33 - 000000000 ____D C:\Users\dalem\AppData\Local\Packages
2021-11-02 20:35 - 2018-06-20 15:02 - 000000000 ____D C:\ProgramData\Packages
2021-10-29 22:39 - 2020-09-15 02:59 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-10-29 22:39 - 2018-01-21 22:12 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-10-28 17:03 - 2020-04-01 10:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-28 17:03 - 2020-04-01 10:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-28 09:29 - 2020-09-15 02:59 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-10-25 19:17 - 2020-10-28 00:33 - 000000000 ____D C:\Users\dalem\Calibre Library
2021-10-24 14:25 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\WebEx
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-19 08:14 - 2018-08-23 08:52 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-10-18 14:09 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-16 01:24 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 17:18 - 2019-08-12 19:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-02-28 13:18 - 2021-02-28 13:18 - 000004903 _____ () C:\Users\dalem\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by dalem (12-11-2021 11:38:38)
Running from C:\Users\dalem\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-09-15 08:59:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3599443798-625604178-375638978-500 - Administrator - Disabled)
dalem (S-1-5-21-3599443798-625604178-375638978-1001 - Administrator - Enabled) => C:\Users\dalem
DefaultAccount (S-1-5-21-3599443798-625604178-375638978-503 - Limited - Disabled)
Guest (S-1-5-21-3599443798-625604178-375638978-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3599443798-625604178-375638978-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Amazon Amazon Music) (Version: 7.6.0.1902 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Armored Brigade (HKLM-x32\...\Armored Brigade) (Version: 1.000 - Matrix Games)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BrLauncher (HKLM-x32\...\{C332FFD4-D911-4429-B071-DE2D2F2A9040}) (Version: 2.0.13.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{59079CC5-EF18-4F31-B6CC-8276EB4053AE}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{055AD757-30D5-4689-B378-FAE12E7D28F0}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
calibre 64bit (HKLM\...\{E3517FE8-B504-4D1D-94DE-EF326AEF314F}) (Version: 5.3.0 - Kovid Goyal)
Cisco Webex Meetings (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Field of Glory (HKLM-x32\...\Field of Glory) (Version: 2.5.02.1042 - Slitherine)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Slots (HKLM-x32\...\{FF82A507-7891-4A7E-90D1-79AB5969840E}) (Version: 1.00.0000 - Encore Software, Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R40 - McAfee, LLC)
Microsoft .NET Runtime - 5.0.12 (x64) (HKLM-x32\...\{5bd6ae15-bcab-4509-86af-c5dfc54b60d7}) (Version: 5.0.12.30622 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minutor (HKLM-x32\...\{4F34B0A4-1E8A-436E-9616-B1F715583A74}) (Version: 2.1.0 - Sean Kasun)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{96CEE8C3-B934-48A4-ADA6-91B7CE8A5002}) (Version: 1.2.17.0 - Brother Industries, Ltd.) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.28 - Samsung Electronics Co., Ltd.) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{D42470A0-E4C3-41C9-9A92-B1B23FD13F8C}) (Version: 1.21.6.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TextPad 8 (HKLM\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)
VideoSolo Blu-ray Player 1.0.32 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.0.32 - VideoSolo Studio)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
 
Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2021-10-09] (AccuWeather) [MS Ad]
Add Music To Videos -> C:\Program Files\WindowsApps\39691Videopix.AddMusicToVideos_1.1.15.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2021-10-09] (Plex)
Quarrel -> C:\Program Files\WindowsApps\38062AvishaiDernis.DiscordUWP_20.7.5.0_x64__q72k3wbnqqnj6 [2021-10-09] (Adam Dernis) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-03-29] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-29] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3599443798-625604178-375638978-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2017-03-07] (Helios Software Solutions Ltd -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-08-04 10:55 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2014-09-08 13:38 - 2014-09-08 13:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2019-08-16 11:37 - 2019-08-16 11:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-05-12 14:41 - 2017-10-27 10:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-11-08 00:35 - 2017-11-08 00:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A4C9CA3E-1CEC-4773-8865-31510CA92A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{82E19896-E698-4329-9CCC-08E06A605A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{0BD47CD0-53C6-468B-AD34-FA30AFB4C47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{4961841F-AAD7-461B-ACBF-5BBC12AC8412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{E50A75BF-1018-464B-B1CF-1FBF8AAA0179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{49E77D7A-42F8-4279-BF72-DD3E5181D78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{091563F7-B347-4947-AB2A-0AFB3E13E71C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{637D6DC0-1D97-4C36-A66B-06D0A444841D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{717080A2-E3D6-4DF5-B700-2EDC1FA48138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{EF2286F6-DEDF-43A6-A7DF-5E539F0B1E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{50DE897F-F4DC-4E04-9099-DCD11F04ACF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{2425B39F-D4F2-477F-AFBB-D794038667C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{E724D557-1D0E-4754-9DB3-85856BE82854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{3326BB17-F98C-4D92-8F42-9CAF5198591B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{1E15B93F-81EE-4D61-A9CB-C82E70B33241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{F6FF3AAB-F2EF-4445-8E5B-DEA86DD163C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{2FCB2CDE-FEA6-4E22-80A6-D30449F4FF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{65C191ED-70B7-4731-9AE5-8D3CD30F725F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{2F78CA3C-2B0C-407B-AB3A-DDBD00D36836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{9F1D7A1F-F967-46BA-9B74-0896630D3026}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{82570A68-5C3A-4B5C-9F60-37382E7369D2}] => (Allow) LPort=54955
FirewallRules: [{A60A3585-8E79-4553-89C3-EFE51F3F3DFA}] => (Allow) LPort=54950
FirewallRules: [{85730F1A-1CB0-4EB6-90FD-1251B963569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{2AD96524-1A61-4945-94DB-D17DF31EDD39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{A8FF0EAD-41DA-46EC-AF1A-63D0C924ABDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{8DD92079-9EFD-45E6-9D8A-7ED81C80477F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E42CB51A-17C7-4CD2-A1FD-8E70F89C53E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{CB38BEF0-C51E-451F-AE13-955ADBF8B119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{EAED4AF9-FB81-4B37-B373-3D078735F7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{40384A16-867A-4F5A-8B48-3BCD4244A9BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{1F2C2545-4E97-4E51-81F9-C849381A787A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{67E485AE-0EAF-431B-B0AF-504A62B0A263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{39C2EFF7-4FA7-4D92-8D0F-D4FAA720CF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{6A2F5372-AF1D-42FF-BE16-83FF99FF4B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{7BD7C20D-B389-493F-AF0D-5DE3F60D03E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{0FC01B86-AC75-4429-8DAE-54DDBC75B330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{3950B385-0F0A-4436-8D54-23746221D5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{12AAF236-4504-47B7-8CD4-F3033ABABB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{6B05BD90-8918-4CFD-B125-6ADB71463E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{B4F39558-70B1-48E0-B84A-86F698E891A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{33109564-9D32-4684-A161-3691FE4C3478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{89A25041-9676-4D00-909B-0B8259867919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{900A83F0-983C-4573-A1FD-7CA0CA498E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{05D7FBB3-DA71-4028-8607-278D0BB2CADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{E2897A40-2881-421A-9838-0A7AC0FE53CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{0E55C94F-942A-40E3-8C62-9083580C4187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{DF48AAD2-A023-462A-A404-F4EF919347CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{088D10E2-DABF-4111-8349-726B8F1AABE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{948B648B-B323-4F3C-83C2-CED43A62A1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1FF46CD6-57E2-43AF-AAEB-CD88D00ECF22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBAE541E-FCEE-4F6E-835B-F1B37797C110}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DA2064EA-9E39-4B0F-B48F-605F9FE53402}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{310D2F4F-BEA7-46C5-998C-FB6B96C795B8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{970447B1-219D-4CC8-A6EE-33E7AB85A3D4}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{3C75B2D2-5273-4CAE-822E-86B2B11320D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6AA9459-B0D4-44D7-B55D-E5F7E5AA623A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2FC2F3F0-A38E-4DBB-85B0-FFCFD1DA6D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{9DAECDA0-CCB4-484A-8DE8-A7CBDA675A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{72AEC3A7-4F36-4A7B-8BAD-4282072BFB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{4C1DEA1C-0D90-404E-AA89-0381F78CF2E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{119E2071-795A-4065-888D-E9D9AABDBC8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{D80EA7A6-F395-4C4E-9AA4-5D25EB87733E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{F2B600F2-823B-4834-8E18-13B2E7B5C666}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7700F605-CCE0-4401-8977-01428544FBAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47C06BE2-7101-416C-973C-5F2F72318A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{F8663787-374C-4625-9C22-D459B0B63C92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E5E5AC8E-4442-4074-845A-481ACB76F665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{9E2AE1FD-F827-4B07-A996-1BB0FE58D3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{5CD1CBE2-DDB5-44F8-9ED1-6C70674EFCD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{BF41656D-1812-490D-BD26-CD4FF3D493CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{8DAD25DA-13A6-441B-B4E8-C762F05BCCAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{4CBBD028-26E2-40D7-AB7B-F871563B7634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{89AF9E33-3229-4CE9-875A-D340EA43CC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{ECFDB7DB-7583-45C3-8030-F1D8D53C0628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{E1342BFF-2526-44CE-9EE1-EDD4A009D0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{B91F188B-CD9B-4EAA-A726-FCFB32CAFC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{4F6130E7-62F4-432A-9998-FBE92FA59276}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{516AB0E8-2240-4404-A163-9A633630DD1B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{4AD0DA7B-41B9-482E-86C3-66A1D8182778}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{4D31C5DF-228D-4F44-A52C-F2631E5C9F28}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{5977B9E0-C55B-42D3-B4AD-FE73764046C3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{C03B41D3-6DF1-4599-BD12-67F6C98A8C81}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{A5905CDA-489A-4069-9F42-F53427E766CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{9B647C46-4D7D-4C4E-A6B4-1EF40EFC0389}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{80916E14-1953-4697-9074-FF041BA6EA49}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{08C70099-0FB4-4300-9239-90D2F07EECA9}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{ECEE5C6A-5B84-41E3-8CD3-1F0F3B70F962}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4474B7F-76DD-4A48-959D-BBE05535D43B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{4314CAB6-60A5-4042-BFCB-D757232AB093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{6FF64FB1-699C-4966-BF89-76E8B6E05A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{30D6F85B-31D5-4F0A-906E-24785B16E82E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{17A4207B-2090-4DA5-A89B-EEA4E9ADF5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{9804197B-8DC3-42FD-8D65-C80C4628906A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{D599A3BC-C738-4868-A061-647AA00A6F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{3E8C78CA-2C4A-459B-9FE8-6904C9166143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{720B4A8A-786E-48B4-8BD6-7D09032B7B58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{F4211D51-DC0A-424F-8901-A75E371A4B00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{E042D7FF-F6BD-467C-A29E-068A3EF0C3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{F71AC68D-C110-45F2-9BE1-B0332037E79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{C7D5396A-591F-4733-A179-5D3E5CC2D7AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{3988456F-B38B-45DC-820D-65C8290D27A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{83F3CE13-62D9-4185-90C8-D5B47E5F779C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{19BB8468-6A7D-47B7-8A33-D2F9805C35A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{2EC1EBAA-8806-4F80-9FFE-719671B9B73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{C99A6F24-7B0C-4337-8F24-A06DECCD11DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{17E75E5B-9111-493E-A85E-6E6504159167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{ED6833FB-8979-46B7-AFAB-8AB92585F82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{BEABA52E-C74B-4B94-B4ED-2E003A72341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{316A38B2-49BB-493B-8263-E4553D795583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{82F81DA8-2453-487E-948D-26FDACA8DD15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{094488BB-290B-430C-AB35-21ECA9E6B5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{8325BDA7-B635-4E2A-AC1B-17D4BB84DC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{0288E1AE-CF15-4968-8099-82818A741FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{315156DE-07BE-4453-B722-7DA2662391CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{B2D84E78-2196-4C24-B14A-95F5FD2704E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{C8C9FB74-22ED-4B5E-A365-253E32A7D1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{AB4250E0-F0CA-43A1-8D41-9E3D91CEE1B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{F5059D73-2819-4472-897F-7E6178D6D029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{27C1BBA2-1C02-4B6A-AAC6-378C04E8F323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{5D570449-71E7-47E8-869D-1AFC59E67270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{15B89EFF-C1CE-4B74-9811-D5F8BAE9DBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{097EC5D7-0517-47A2-B136-8929FE05F795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{F260384B-8CD4-4270-BAF3-691D38506C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{406E230E-BB64-4685-BC0B-8A34BD8BF828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{5DBBFDD8-501A-40A7-9EF2-0028218A9256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{0F0B8933-C93B-491F-B08C-6F7C19132597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{35664D0A-B671-43EB-9E31-3F05E06EAF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{F139791B-4EA9-4402-B2F0-1E08A509006A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{EDBC52B2-8484-4B7A-BD7D-856A823D05B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{560CD5AF-0605-4F98-BA96-C89F439EAA91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C4A58B91-4FA4-464E-A96C-720296C74D0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{34BD72EC-AEAD-4497-9C0F-3253CE9F7179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{6931784C-B430-401F-B0B1-C9E48B14239C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{236DC0DE-0ACB-4F2A-B40F-34AADF07FA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{EB5100C6-5C15-487E-B174-1C9E64507BA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4A353A3E-5334-4878-BE0D-26FCD0ED8DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A1ED21C3-EE2F-499F-946C-2D6172D164A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{BF846BB0-DDBC-4B6D-8602-03B5F5A18BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{71C146F0-E372-45DA-898D-9A77B88CECBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{C7E588DA-FB08-4040-BD64-AAF888D38883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{B6818CD8-6EDE-4670-9E82-5D5BE73B4D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{8E70E6AE-0E40-4F09-A6D3-09CAEAE3D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{3A0C7294-3036-49EB-8F3E-489A1BC9AE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{B835739F-B2FB-4886-8865-44442B8B1F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{E0201CB1-DD2B-4A3C-995E-384324BD5AE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{478F2866-EDDB-4B2D-AB90-92F19513EAF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{E01A6333-8D84-4A70-904D-4CDCE17C1CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{D2D77DF2-4B09-4592-BD4F-8428F81C9BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{5EB05C02-8589-4C4D-8FD1-4D60AF9DC2C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{A8AC9023-BF1D-4F35-AFD4-2826F9AEB89F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{2BC02A41-8472-40A9-8FC8-766482D9494B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6A2760AC-C808-4476-81A2-159A6CF09CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{2E26ED2F-6B5F-41A8-A548-ED7898A65FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{F4B5C197-216F-4FBA-B777-4DF79585B08A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{A7D84937-0C46-4F79-8931-D7D3FB2AD324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{4DBF6A60-D6CD-41B2-8F95-23C97B535F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{31F284FE-CB65-48AF-87EF-0F22E32E94C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C8A32E50-67E5-4046-8EF6-51F3467BD915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C6E471D5-DA64-4E26-8C06-36FB6422F28D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{038FC860-81BB-421D-87AF-DDF6AFD759C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{C8E95729-1379-4CDE-AD97-3DB085D90499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{6279C4E2-ABF1-41EE-B4A1-90E2E5C25D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{F91F1408-4E86-4800-83A5-18F8FF36998C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{1C27F52F-8C66-4F64-8716-44F90F12DAEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{C1BDC899-9060-4B7A-B887-AE22F44BBFDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51D15B7E-6141-4A12-8B4B-9A0DCCAACD0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D989036-2827-4832-9417-5587E8776545}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D44128C5-4137-44BF-BF56-2225AD7B9D29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B2A37D3-AB56-4068-AE52-609C3B518673}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{86CA54E0-BF68-43E8-A3DB-E426F7C03235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47ED3AF8-D72B-461B-831D-FCDE35349291}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA87B7EC-9791-43FF-8D3C-7CB7FB432D39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{883B3EC1-6A66-44DB-AD76-D8ED648F5F70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F23BA3D-B3AC-4012-AA53-A4F122FC9947}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AFECC72E-B166-449B-A0E1-FA740096A1AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7188B239-8F07-425A-8E57-F492FEB8FE73}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{973DC6F6-D506-4168-8701-81718833C1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89B6C70A-53D5-4069-859D-FAFA5D162A97}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD63EA97-C16A-41F4-89C1-7422D5CA285B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{246F4DE5-B0AD-4264-AC67-BA54AD3DE093}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{954057B6-318D-4CFE-A983-43858129CB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{652B73A4-6631-485E-8005-63C42267E5AB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B2F3B25-4566-4027-B5E0-28E3D4A60DFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCCDF852-4AAC-4C25-B794-02BB16E42FA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51B0CB12-E1DF-4430-A6E2-A4A8CC607376}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0894DDC2-19AA-4241-8D33-4F4B02314961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
28-10-2021 06:57:41 Scheduled Checkpoint
06-11-2021 04:27:13 Scheduled Checkpoint
08-11-2021 00:36:42 Windows Modules Installer
10-11-2021 20:39:15 Windows Modules Installer
11-11-2021 21:39:24 AA11
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/12/2021 11:39:11 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:39:11.174]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:39:03 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:39:03.985]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:38:56 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:38:56.856]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:38:13 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:38:13.892]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:38:06 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:38:06.669]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:37:59 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:37:59.523]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 11:37:26 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (11/12/2021 11:36:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 11:36:45.928]: [00011904]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
 
System errors:
=============
Error: (11/12/2021 11:34:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 11:24:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/11/2021 08:41:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Samsung - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.
 
Error: (11/11/2021 01:43:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (11/10/2021 09:03:41 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
CodeIntegrity:
===============
Date: 2021-11-12 11:38:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2021-11-12 11:37:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-11-12 11:37:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-11-12 11:37:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1203 12/25/2017
Motherboard: ASUSTeK COMPUTER INC. TUF Z270 MARK 2
Processor: Intel® Core™ i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 63%
Total physical RAM: 8133.76 MB
Available physical RAM: 2986.32 MB
Total Virtual: 27589.76 MB
Available Virtual: 19718.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.03 GB) (Free:103.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:1397.26 GB) (Free:548.11 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:571.09 GB) NTFS
 
\\?\Volume{30748c3d-54a7-42cd-932e-0104cd4b876e}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{de9868d4-1430-4cfb-8747-81db6d6babb5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0D1C6D57)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=06)
 
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Dale.
 
Wise decision to uninstall all those programs.  :thumbsup:
 
Let's continue.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (No File)
Task: {011F71FA-0437-411B-A5BC-56E6FEC69F83} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (No File)
Task: {5C43EB5C-A64D-4D32-A167-2E5493836295} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (No File)
Task: {E20D8F6C-C4FB-45EA-8D91-B21FACC1C304} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF NewTab: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2019-02-01 03:35:20&bName=
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
CHR HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Local\AdAwareDesktop
2021-11-11 21:38 - 2021-11-11 21:38 - 017663736 _____ C:\Users\dalem\Downloads\Adaware_Installer_UM.exe
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\StartupApproved\Run: => "uTorrent"
FirewallRules: [{85730F1A-1CB0-4EB6-90FD-1251B963569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{2AD96524-1A61-4945-94DB-D17DF31EDD39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{EAED4AF9-FB81-4B37-B373-3D078735F7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{088D10E2-DABF-4111-8349-726B8F1AABE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{948B648B-B323-4F3C-83C2-CED43A62A1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DA2064EA-9E39-4B0F-B48F-605F9FE53402}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{4F6130E7-62F4-432A-9998-FBE92FA59276}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{516AB0E8-2240-4404-A163-9A633630DD1B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{4AD0DA7B-41B9-482E-86C3-66A1D8182778}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{3E8C78CA-2C4A-459B-9FE8-6904C9166143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{720B4A8A-786E-48B4-8BD6-7D09032B7B58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

3. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

In addition to the above:

 

Did you create this file??

 

C:\Users\dalem\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt

 

:blink:


  • 0

#8
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

In addition to the above:

 

Did you create this file??

 

C:\Users\dalem\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt

 

:blink:

 

Yes.  Needed to dump a quick text blurb onto my desktop before rebooting.  the long title ensures I can pick it out of my mess of icons. :)


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Good!

 

I'll be waiting for your reply regarding my post here: http://www.geekstogo...n/#entry2662018


  • 0

#10
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

1.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by dalem (12-11-2021 12:43:42) Run:1
Running from C:\Users\dalem\Desktop
Loaded Profiles: dalem
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (No File)
Task: {011F71FA-0437-411B-A5BC-56E6FEC69F83} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (No File)
Task: {5C43EB5C-A64D-4D32-A167-2E5493836295} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (No File)
Task: {E20D8F6C-C4FB-45EA-8D91-B21FACC1C304} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF NewTab: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2019-02-01 03:35:20&bName=
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
CHR HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Local\AdAwareDesktop
2021-11-11 21:38 - 2021-11-11 21:38 - 017663736 _____ C:\Users\dalem\Downloads\Adaware_Installer_UM.exe
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\StartupApproved\Run: => "uTorrent"
FirewallRules: [{85730F1A-1CB0-4EB6-90FD-1251B963569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{2AD96524-1A61-4945-94DB-D17DF31EDD39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{EAED4AF9-FB81-4B37-B373-3D078735F7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{088D10E2-DABF-4111-8349-726B8F1AABE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{948B648B-B323-4F3C-83C2-CED43A62A1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DA2064EA-9E39-4B0F-B48F-605F9FE53402}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{4F6130E7-62F4-432A-9998-FBE92FA59276}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{516AB0E8-2240-4404-A163-9A633630DD1B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{4AD0DA7B-41B9-482E-86C3-66A1D8182778}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{3E8C78CA-2C4A-459B-9FE8-6904C9166143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{720B4A8A-786E-48B4-8BD6-7D09032B7B58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{011F71FA-0437-411B-A5BC-56E6FEC69F83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{011F71FA-0437-411B-A5BC-56E6FEC69F83}" => removed successfully
C:\WINDOWS\System32\Tasks\StartDVR => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartDVR" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C43EB5C-A64D-4D32-A167-2E5493836295}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C43EB5C-A64D-4D32-A167-2E5493836295}" => removed successfully
C:\WINDOWS\System32\Tasks\StartCN => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartCN" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E20D8F6C-C4FB-45EA-8D91-B21FACC1C304}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20D8F6C-C4FB-45EA-8D91-B21FACC1C304}" => removed successfully
C:\WINDOWS\System32\Tasks\AMDInstallUEP => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMDInstallUEP" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Firefox newtab" => removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\icmgebopaejnjlncllgmcenbbflikfjd => removed successfully
C:\Users\dalem\AppData\Local\AdAwareDesktop => moved successfully
C:\Users\dalem\Downloads\Adaware_Installer_UM.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft..../?LinkId=69157"=> value restored successfully
HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\uTorrent" => removed successfully
"HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uTorrent" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85730F1A-1CB0-4EB6-90FD-1251B963569D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AD96524-1A61-4945-94DB-D17DF31EDD39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAED4AF9-FB81-4B37-B373-3D078735F7E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{088D10E2-DABF-4111-8349-726B8F1AABE4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{948B648B-B323-4F3C-83C2-CED43A62A1FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA2064EA-9E39-4B0F-B48F-605F9FE53402}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F6130E7-62F4-432A-9998-FBE92FA59276}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{516AB0E8-2240-4404-A163-9A633630DD1B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AD0DA7B-41B9-482E-86C3-66A1D8182778}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E8C78CA-2C4A-459B-9FE8-6904C9166143}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{720B4A8A-786E-48B4-8BD6-7D09032B7B58}" => removed successfully
 
========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
 
wevtutil : Failed to clear log Intel-SST-CFD-HDA/IntelSST.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+                               ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to clear...D-HDA/IntelSST.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
The instance name passed was not recognized as valid by a WMI data provider.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+                               ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+                               ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
Access is denied.
 
========= End of Powershell: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 791746510 B
Java, Flash, Steam htmlcache => 686946532 B
Windows/system/drivers => 3020230 B
Edge => 138614785 B
Chrome => 17163116 B
Firefox => 165665903 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 823854 B
systemprofile32 => 823854 B
LocalService => 1096616 B
NetworkService => 1103272 B
dalem => 134821500 B
defaultuser100000 => 134828156 B
 
RecycleBin => 1776 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:46:59 ====
 
2.
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-12-2021
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  32005
# Detected: 54
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.WebBar             C:\Users\dalem\AppData\Roaming\WebDiscoverBrowser
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
Adware.StartPage                HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iyfsearch.com
Adware.StartPage                HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iyfsearch.com
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS|AppMaster.exe
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|AppMaster.exe
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION|AppMaster.exe
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING|AppMaster.exe
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE|AppMaster.exe
PUP.Optional.AppMaster          HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM|AppMaster.exe
PUP.Optional.Banggood           HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
PUP.Optional.Banggood           HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
PUP.Optional.Banggood           HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
PUP.Optional.Banggood           HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.DriverAgent        HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
PUP.Optional.DriverAgent        HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent        HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
PUP.Optional.DriverAgent        HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s-usweb.dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usweb.dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\v.qq.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s-usweb.dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usweb.dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\v.qq.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
PUP.Optional.TweakBit           HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tweakbit.com
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
PUP.Optional.LiveTVNow          TV - web@TV
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
3.
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/12/21
Scan Time: 1:31 PM
Log File: 2d3aec4e-43ef-11ec-a7ad-107b447c9425.json
 
-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47150
License: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1348)
CPU: x64
File System: NTFS
User: DESKTOP-OQ73F3L\dalem
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 461271
Threats Detected: 15
Threats Quarantined: 0
Time Elapsed: 10 min, 36 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 4
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 187, 236865, , , , , , 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 187, 236865, , , , , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 187, 236865, 1.0.47150, , ame, , , 
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\WebDiscoverBrowser, No Action By User, 1743, 253912, 1.0.47150, , ame, , , 
 
Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, 187, 236865, 1.0.47150, , ame, , , 
PUP.Optional.Conduit, HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, 187, 236865, 1.0.47150, , ame, , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 3
PUP.Optional.WebDiscoverBrowser, C:\Users\dalem\AppData\Roaming\WebDiscoverBrowser\Downloader, No Action By User, 1743, 427197, , , , , , 
PUP.Optional.WebDiscoverBrowser, C:\USERS\DALEM\APPDATA\ROAMING\WEBDISCOVERBROWSER, No Action By User, 1743, 427197, 1.0.47150, , ame, , , 
PUP.Optional.Spigot.Generic, C:\USERS\DALEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBR9N80G.DEFAULT-1521393837949\BROWSER-EXTENSION-DATA\WEB@TV, No Action By User, 193, 644708, 1.0.47150, , ame, , , 
 
File: 6
PUP.Optional.PolarityTech.Generic, C:\USERS\DALEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBR9N80G.DEFAULT-1521393837949\EXTENSIONS\[email protected], No Action By User, 1834, 509071, 1.0.47150, , ame, , 0270260728F133E33CA2D0EF67BF1C44, 827252008CA49F4C7CB9498BF5D06D4D079976890BD15B407F49CAF714BB0848
PUP.Optional.Spigot.Generic, C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\browser-extension-data\web@TV\storage.js, No Action By User, 193, 644708, , , , , 185BEDFAA63AD542C70CD7A5A242F2A7, 15FCBCC39865DCB2A87928DF953ABDF4BCC04054AD0081DA2AAAC322AFB407A8
Adware.OpenSoftwareUpdater, C:\USERS\DALEM\APPDATA\LOCAL\BIGBLUEFOLDER\OU.EXE, No Action By User, 569, 679429, 1.0.47150, 8A6A5C2A2EE97D59D2B512C0, dds, 01507324, 200565A5F669DE3B5C8995DCBC3A6539, BCE7EBAE233DB07B648D5060B8170F5AACABF2049D3A976E2CCE8ECB6B6C55D1
PUP.Optional.PCAcceleratePro, C:\USERS\DALEM\APPDATA\LOCAL\BIGBLUEFOLDER\PCAPD.EXE, No Action By User, 506, 546192, 1.0.47150, , ame, , F41633EC8962E8BB1841B2E3D523FD87, F694935CF73EF86F05CAA0216032D46E20FB6C93FB6D5653A0266F4BFD435FC2
Adware.SpecialSearchOffer, C:\USERS\DALEM\DOWNLOADS\FP_PLAYER (1).EXE, No Action By User, 510, 926498, 1.0.47150, 3681DFC2A960BD0B71AF4707, dds, 01507324, 4C9DD1D2DA0D5614D96F794D52C3B5FD, FC642048D9F0B8CB36649FD377FDB68DCE3998F2A88E8C64ACDC4E88435F2562
Adware.SpecialSearchOffer, C:\USERS\DALEM\DOWNLOADS\FP_PLAYER.EXE, No Action By User, 510, 926498, 1.0.47150, 3681DFC2A960BD0B71AF4707, dds, 01507324, 4C9DD1D2DA0D5614D96F794D52C3B5FD, FC642048D9F0B8CB36649FD377FDB68DCE3998F2A88E8C64ACDC4E88435F2562
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Wow!
 
Many things are detected!
 
Let's clean!


1. AdwCleaner (Clean mode)

The findings are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it. (No such software for you anyway)
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, Addition and FRST
  4. Feedback: Is the computer running any better? 

  • 0

#12
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

1

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-12-2021
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  55
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\dalem\AppData\Roaming\WebDiscoverBrowser
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iyfsearch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s-usweb.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tweakbit.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usweb.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\v.qq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iyfsearch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s-usweb.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tweakbit.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usweb.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\v.qq.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yourtango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yourtango.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM|AppMaster.exe
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKCU\Software\WebDiscoverBrowser
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
Deleted       TV - web@TV
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [11666 octets] - [12/11/2021 13:24:20]
AdwCleaner[S01].txt - [11957 octets] - [12/11/2021 14:25:51]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
2
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/12/21
Scan Time: 2:36 PM
Log File: 46003fc8-43f8-11ec-a48b-107b447c9425.json
 
-Software Information-
Version: 4.4.10.144
Components Version: 1.0.1499
Update Package Version: 1.0.47152
License: Trial
 
-System Information-
OS: Windows 10 (Build 19043.1348)
CPU: x64
File System: NTFS
User: DESKTOP-OQ73F3L\dalem
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 461282
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 9 min, 54 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
PUP.Optional.Spigot.Generic, C:\USERS\DALEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBR9N80G.DEFAULT-1521393837949\BROWSER-EXTENSION-DATA\WEB@TV, Quarantined, 193, 644708, 1.0.47152, , ame, , , 
 
File: 5
PUP.Optional.Spigot.Generic, C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\browser-extension-data\web@TV\storage.js, Quarantined, 193, 644708, , , , , 185BEDFAA63AD542C70CD7A5A242F2A7, 15FCBCC39865DCB2A87928DF953ABDF4BCC04054AD0081DA2AAAC322AFB407A8
PUP.Optional.PCAcceleratePro, C:\USERS\DALEM\APPDATA\LOCAL\BIGBLUEFOLDER\PCAPD.EXE, Quarantined, 506, 546192, 1.0.47152, , ame, , F41633EC8962E8BB1841B2E3D523FD87, F694935CF73EF86F05CAA0216032D46E20FB6C93FB6D5653A0266F4BFD435FC2
Adware.OpenSoftwareUpdater, C:\USERS\DALEM\APPDATA\LOCAL\BIGBLUEFOLDER\OU.EXE, Quarantined, 569, 679429, 1.0.47152, 8A6A5C2A2EE97D59D2B512C0, dds, 01507384, 200565A5F669DE3B5C8995DCBC3A6539, BCE7EBAE233DB07B648D5060B8170F5AACABF2049D3A976E2CCE8ECB6B6C55D1
Adware.SpecialSearchOffer, C:\USERS\DALEM\DOWNLOADS\FP_PLAYER (1).EXE, Quarantined, 510, 926498, 1.0.47152, 3681DFC2A960BD0B71AF4707, dds, 01507384, 4C9DD1D2DA0D5614D96F794D52C3B5FD, FC642048D9F0B8CB36649FD377FDB68DCE3998F2A88E8C64ACDC4E88435F2562
Adware.SpecialSearchOffer, C:\USERS\DALEM\DOWNLOADS\FP_PLAYER.EXE, Quarantined, 510, 926498, 1.0.47152, 3681DFC2A960BD0B71AF4707, dds, 01507384, 4C9DD1D2DA0D5614D96F794D52C3B5FD, FC642048D9F0B8CB36649FD377FDB68DCE3998F2A88E8C64ACDC4E88435F2562
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
3
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by dalem (administrator) on DESKTOP-OQ73F3L (12-11-2021 14:50:01)
Running from C:\Users\dalem\Desktop
Loaded Profiles: dalem
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <32>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] () [File not signed]
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Discord] => C:\Users\dalem\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\dalem\AppData\Local\WebEx\ciscowebexstart.exe [4934984 2021-10-29] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [43520 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [22528 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-28] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2DFB9BB0-3F66-4E56-ABE4-9FB2F7779AFA} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {32F7EBBB-2048-4417-97E5-1428F2A7E4F8} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {430F5F1D-5EE3-4845-B19D-B31CDCA00E46} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4B659983-D679-40BD-95FA-AB98C706CC31} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695104 2021-10-01] (McAfee, LLC -> McAfee, LLC)
Task: {5D06F9B1-7928-4924-9F2F-F4C3FDD60529} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {6D6A7DFC-2EA5-4E00-B56B-7312DC518E62} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {71A42A9C-4873-4454-B3D7-4B92BF07427F} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {8BF25168-2659-42B5-973A-79B526A0E582} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {95A21D35-D8CF-44AC-9734-D6F34305AC1E} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
Task: {9D85908A-AD18-4FD3-A327-B9D638699AB4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9D8E9D60-D599-4F3B-BC57-F7CF740A72BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB9CF8CC-E324-4D33-AD02-3802999DA56C} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [752200 2018-05-20] (HP Inc. -> )
Task: {D31CE78D-B65F-438F-8F82-7ABDA3284064} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
Task: {E94CD4E2-878D-4AA2-B81A-A1DABD016E2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
Task: {F4B14C95-DA58-40AA-B871-A55C0DA8DAB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a3ecad54-bb73-4810-b02c-3e8cac2386fa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
DownloadDir: C:\Users\dalem\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> hxxps://pjmedia.com/instapundit/
Edge DefaultProfile: Default
Edge Profile: C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-12]
Edge DownloadDir: Default -> C:\Users\dalem\Downloads
Edge HomePage: Default -> hxxps://pjmedia.com/instapundit/
Edge StartupUrls: Default -> "hxxps://pjmedia.com/instapundit/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Session Restore: Default -> is enabled.
Edge Extension: (Cisco Webex Extension) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2021-08-13]
Edge Extension: (Scener – Virtual Movie Theater) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc [2021-09-25]
 
FireFox:
========
FF DefaultProfile: wbr9n80g.default-1521393837949
FF ProfilePath: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 [2021-11-12]
FF Homepage: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://www.scabard.com/pbs/
FF HomepageOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF NewTabOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF Extension: (YouTube™ Flash® Player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\[email protected] [2018-10-06]
FF Extension: (Open in VLC™ media player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2019-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\searchplugins\Search Now.xml [2020-12-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-10-29] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dalem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-06-25]
 
Chrome: 
=======
CHR Profile: C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default [2021-11-12]
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&pc=COS2&ptag=D020119-N0640A2D586A4510&form=CONBDF&conlogo=CT3335800
CHR DefaultSearchKeyword: Default -> bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D020119-N0630A2D586A4510&form=CONMHP&conlogo=CT3335800
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Slides) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-01]
CHR Extension: (Docs) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-01]
CHR Extension: (Google Drive) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-12]
CHR Extension: (YouTube) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-01]
CHR Extension: (Sheets) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-12]
CHR Extension: (Gmail) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-05-22] (AMD) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe [797576 2021-10-22] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\\McCSPServiceHost.exe [2845608 2021-10-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1677024 2021-10-23] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
S2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2019-02-17] (Samsung Electronics CO., LTD. -> )
S2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [74752 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [574464 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390656 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [90048 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526336 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1088512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [638464 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110080 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118784 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [256512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-12 14:49 - 2021-11-12 14:49 - 000002642 _____ C:\Users\dalem\Desktop\mwb2.txt
2021-11-12 14:35 - 2021-11-12 14:35 - 000011152 _____ C:\Users\dalem\Desktop\AdwCleaner[C01].txt
2021-11-12 13:58 - 2021-11-12 13:58 - 000004367 _____ C:\Users\dalem\Desktop\mwb1.txt
2021-11-12 13:29 - 2021-11-12 13:29 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-11-12 13:29 - 2021-11-12 13:29 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-12 13:29 - 2021-11-12 13:29 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-12 13:29 - 2021-11-12 13:29 - 000000000 ____D C:\Users\dalem\AppData\Local\mbam
2021-11-12 13:29 - 2021-11-12 13:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-12 13:29 - 2021-11-12 13:29 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-12 13:26 - 2021-11-12 13:26 - 002101944 _____ (Malwarebytes) C:\Users\dalem\Downloads\MBSetup-119967.119967-consumer.exe
2021-11-12 13:26 - 2021-11-12 13:26 - 002101944 _____ (Malwarebytes) C:\Users\dalem\Desktop\MBSetup-119967.119967-consumer.exe
2021-11-12 13:25 - 2021-11-12 13:25 - 000011666 _____ C:\Users\dalem\Desktop\AdwCleaner[S00]1.txt
2021-11-12 13:23 - 2021-11-12 14:26 - 000000000 ____D C:\AdwCleaner
2021-11-12 13:23 - 2021-11-12 13:23 - 008553680 _____ (Malwarebytes) C:\Users\dalem\Downloads\AdwCleaner.exe
2021-11-12 13:23 - 2021-11-12 13:23 - 008553680 _____ (Malwarebytes) C:\Users\dalem\Desktop\AdwCleaner.exe
2021-11-12 12:43 - 2021-11-12 12:46 - 000015713 _____ C:\Users\dalem\Desktop\Fixlog1.txt
2021-11-12 11:33 - 2021-11-12 11:33 - 000000220 _____ C:\Users\dalem\Desktop\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.txt
2021-11-11 22:07 - 2021-11-12 11:39 - 000064844 _____ C:\Users\dalem\Desktop\Addition.txt
2021-11-11 22:06 - 2021-11-12 14:50 - 000021885 _____ C:\Users\dalem\Desktop\FRST.txt
2021-11-11 22:05 - 2021-11-11 22:05 - 000000000 ____D C:\Users\dalem\Desktop\FRST-OlderVersion
2021-11-11 22:04 - 2021-11-12 14:50 - 000000000 ____D C:\FRST
2021-11-11 22:03 - 2021-11-11 22:05 - 002312192 _____ (Farbar) C:\Users\dalem\Desktop\FRST64.exe
2021-11-11 22:01 - 2021-11-11 22:01 - 002299904 _____ (Farbar) C:\Users\dalem\Downloads\FRST64.exe
2021-11-11 01:45 - 2021-11-11 01:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-10 20:44 - 2021-11-10 20:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 20:39 - 2021-11-10 20:39 - 000000000 ___HD C:\$WinREAgent
2021-11-10 13:44 - 2021-11-10 13:44 - 007570553 _____ C:\Users\dalem\Downloads\bb.zip
2021-11-10 13:43 - 2021-11-10 13:43 - 024789008 _____ C:\Users\dalem\Downloads\cccc.zip
2021-11-04 12:25 - 2021-11-12 11:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-04 00:21 - 2021-11-04 00:21 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 00:21 - 2021-11-04 00:21 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 20:35 - 2021-11-05 20:40 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-31 10:47 - 2021-10-31 10:48 - 275218658 _____ C:\Users\dalem\Downloads\TheWolfWorldsStenSeriesBook2_ep6.aax
2021-10-25 19:47 - 2021-10-25 19:47 - 006580877 _____ C:\Users\dalem\Downloads\Calculating character sheet - NBA v1_13.pdf
2021-10-24 19:04 - 2021-10-24 19:05 - 130894753 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_linked.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004711904 _____ C:\Users\dalem\Downloads\Zalozhniy_Quartet_Sampler.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004183454 _____ C:\Users\dalem\Downloads\Double_Tap_Sample.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 002303634 _____ C:\Users\dalem\Downloads\The_Dracula_Dossier_Directors_Handbook_preview.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 001429934 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.epub
2021-10-24 19:04 - 2021-10-24 19:04 - 001153956 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.mobi
2021-10-22 15:49 - 2021-10-22 15:49 - 006409918 _____ C:\Users\dalem\Downloads\Time_Sensitive_Onboarding_Documents_for_Signa.pdf
2021-10-21 07:13 - 2021-10-21 07:13 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (2).exe
2021-10-15 09:22 - 2021-10-15 09:22 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-11-12 14:49 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-12 14:48 - 2019-11-05 21:01 - 000000000 ____D C:\Users\dalem\AppData\Local\BigBlueFolder
2021-11-12 14:26 - 2018-12-30 00:09 - 000000000 ____D C:\Users\dalem\AppData\Roaming\discord
2021-11-12 14:26 - 2018-01-21 17:40 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-12 14:23 - 2018-01-22 14:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-11-12 14:20 - 2020-09-19 15:47 - 000000000 ____D C:\Users\dalem\AppData\Local\Discord
2021-11-12 14:03 - 2020-04-01 10:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-12 13:56 - 2020-09-15 02:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-12 13:42 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-12 13:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-12 13:29 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-12 13:24 - 2020-09-15 02:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-12 13:24 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-12 13:21 - 2020-11-29 11:00 - 000000000 __RSD C:\Users\dalem\Documents\McAfee Vaults
2021-11-12 13:20 - 2020-09-15 02:59 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-11-12 13:19 - 2020-09-15 02:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-12 13:19 - 2020-09-15 02:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-12 13:19 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-12 13:19 - 2019-02-17 19:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-12 12:52 - 2018-06-10 11:51 - 000000000 ____D C:\Users\dalem\AppData\Local\D3DSCache
2021-11-12 12:46 - 2020-07-24 10:06 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\Temp
2021-11-12 11:47 - 2018-01-21 19:06 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\Mozilla
2021-11-12 11:24 - 2018-01-21 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-12 11:23 - 2018-01-21 18:58 - 000000000 ____D C:\Users\dalem\AppData\Roaming\vlc
2021-11-12 10:54 - 2020-09-15 02:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-12 10:54 - 2019-12-07 03:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-11-12 09:43 - 2021-08-04 15:21 - 000000000 ____D C:\Users\dalem\AppData\Roaming\ImgBurn
2021-11-11 23:24 - 2018-01-21 19:36 - 000000000 ____D C:\Users\dalem\AppData\Roaming\.minecraft
2021-11-11 01:45 - 2018-01-21 19:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 01:44 - 2020-09-15 02:52 - 000450984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 01:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 00:33 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\Local\WebEx
2021-11-10 20:46 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 20:39 - 2018-01-22 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 20:37 - 2018-01-22 22:15 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 23:08 - 2021-08-24 12:23 - 000000000 ____D C:\Program Files\dotnet
2021-11-08 23:08 - 2018-03-17 20:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-07 16:11 - 2020-09-15 02:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3599443798-625604178-375638978-1001
2021-11-07 16:11 - 2020-09-15 00:50 - 000002379 _____ C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-06 15:42 - 2021-06-22 06:24 - 000000000 ____D C:\Users\dalem\valorandvictory
2021-11-02 22:11 - 2018-02-05 18:27 - 000000000 ____D C:\Users\dalem\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 20:41 - 2018-01-21 18:33 - 000000000 ____D C:\Users\dalem\AppData\Local\Packages
2021-11-02 20:35 - 2018-06-20 15:02 - 000000000 ____D C:\ProgramData\Packages
2021-10-29 22:39 - 2020-09-15 02:59 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-10-29 22:39 - 2018-01-21 22:12 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-10-28 17:03 - 2020-04-01 10:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-28 17:03 - 2020-04-01 10:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-28 09:29 - 2020-09-15 02:59 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-10-25 19:17 - 2020-10-28 00:33 - 000000000 ____D C:\Users\dalem\Calibre Library
2021-10-24 14:25 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\WebEx
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-19 08:14 - 2018-08-23 08:52 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-10-16 01:24 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 17:18 - 2019-08-12 19:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories ========
 
2021-02-28 13:18 - 2021-02-28 13:18 - 000004903 _____ () C:\Users\dalem\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by dalem (12-11-2021 14:51:20)
Running from C:\Users\dalem\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-09-15 08:59:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3599443798-625604178-375638978-500 - Administrator - Disabled)
dalem (S-1-5-21-3599443798-625604178-375638978-1001 - Administrator - Enabled) => C:\Users\dalem
DefaultAccount (S-1-5-21-3599443798-625604178-375638978-503 - Limited - Disabled)
Guest (S-1-5-21-3599443798-625604178-375638978-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3599443798-625604178-375638978-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Amazon Amazon Music) (Version: 7.6.0.1902 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
Armored Brigade (HKLM-x32\...\Armored Brigade) (Version: 1.000 - Matrix Games)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BrLauncher (HKLM-x32\...\{C332FFD4-D911-4429-B071-DE2D2F2A9040}) (Version: 2.0.13.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{59079CC5-EF18-4F31-B6CC-8276EB4053AE}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{055AD757-30D5-4689-B378-FAE12E7D28F0}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
calibre 64bit (HKLM\...\{E3517FE8-B504-4D1D-94DE-EF326AEF314F}) (Version: 5.3.0 - Kovid Goyal)
Cisco Webex Meetings (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Field of Glory (HKLM-x32\...\Field of Glory) (Version: 2.5.02.1042 - Slitherine)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Slots (HKLM-x32\...\{FF82A507-7891-4A7E-90D1-79AB5969840E}) (Version: 1.00.0000 - Encore Software, Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R40 - McAfee, LLC)
Microsoft .NET Runtime - 5.0.12 (x64) (HKLM-x32\...\{5bd6ae15-bcab-4509-86af-c5dfc54b60d7}) (Version: 5.0.12.30622 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minutor (HKLM-x32\...\{4F34B0A4-1E8A-436E-9616-B1F715583A74}) (Version: 2.1.0 - Sean Kasun)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{96CEE8C3-B934-48A4-ADA6-91B7CE8A5002}) (Version: 1.2.17.0 - Brother Industries, Ltd.) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.28 - Samsung Electronics Co., Ltd.) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{D42470A0-E4C3-41C9-9A92-B1B23FD13F8C}) (Version: 1.21.6.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TextPad 8 (HKLM\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)
VideoSolo Blu-ray Player 1.0.32 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.0.32 - VideoSolo Studio)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
 
Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2021-10-09] (AccuWeather) [MS Ad]
Add Music To Videos -> C:\Program Files\WindowsApps\39691Videopix.AddMusicToVideos_1.1.15.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2021-10-09] (Plex)
Quarrel -> C:\Program Files\WindowsApps\38062AvishaiDernis.DiscordUWP_20.7.5.0_x64__q72k3wbnqqnj6 [2021-10-09] (Adam Dernis) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-03-29] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3599443798-625604178-375638978-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2017-03-07] (Helios Software Solutions Ltd -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-08-16 11:37 - 2019-08-16 11:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-05-12 14:41 - 2017-10-27 10:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A4C9CA3E-1CEC-4773-8865-31510CA92A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{82E19896-E698-4329-9CCC-08E06A605A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{0BD47CD0-53C6-468B-AD34-FA30AFB4C47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{4961841F-AAD7-461B-ACBF-5BBC12AC8412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{E50A75BF-1018-464B-B1CF-1FBF8AAA0179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{49E77D7A-42F8-4279-BF72-DD3E5181D78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{091563F7-B347-4947-AB2A-0AFB3E13E71C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{637D6DC0-1D97-4C36-A66B-06D0A444841D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{717080A2-E3D6-4DF5-B700-2EDC1FA48138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{EF2286F6-DEDF-43A6-A7DF-5E539F0B1E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{50DE897F-F4DC-4E04-9099-DCD11F04ACF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{2425B39F-D4F2-477F-AFBB-D794038667C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{E724D557-1D0E-4754-9DB3-85856BE82854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{3326BB17-F98C-4D92-8F42-9CAF5198591B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{1E15B93F-81EE-4D61-A9CB-C82E70B33241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{F6FF3AAB-F2EF-4445-8E5B-DEA86DD163C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{2FCB2CDE-FEA6-4E22-80A6-D30449F4FF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{65C191ED-70B7-4731-9AE5-8D3CD30F725F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{2F78CA3C-2B0C-407B-AB3A-DDBD00D36836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{9F1D7A1F-F967-46BA-9B74-0896630D3026}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{82570A68-5C3A-4B5C-9F60-37382E7369D2}] => (Allow) LPort=54955
FirewallRules: [{A60A3585-8E79-4553-89C3-EFE51F3F3DFA}] => (Allow) LPort=54950
FirewallRules: [{A8FF0EAD-41DA-46EC-AF1A-63D0C924ABDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{8DD92079-9EFD-45E6-9D8A-7ED81C80477F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E42CB51A-17C7-4CD2-A1FD-8E70F89C53E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{CB38BEF0-C51E-451F-AE13-955ADBF8B119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{40384A16-867A-4F5A-8B48-3BCD4244A9BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{1F2C2545-4E97-4E51-81F9-C849381A787A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{67E485AE-0EAF-431B-B0AF-504A62B0A263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{39C2EFF7-4FA7-4D92-8D0F-D4FAA720CF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{6A2F5372-AF1D-42FF-BE16-83FF99FF4B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{7BD7C20D-B389-493F-AF0D-5DE3F60D03E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{0FC01B86-AC75-4429-8DAE-54DDBC75B330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{3950B385-0F0A-4436-8D54-23746221D5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{12AAF236-4504-47B7-8CD4-F3033ABABB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{6B05BD90-8918-4CFD-B125-6ADB71463E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{B4F39558-70B1-48E0-B84A-86F698E891A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{33109564-9D32-4684-A161-3691FE4C3478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{89A25041-9676-4D00-909B-0B8259867919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{900A83F0-983C-4573-A1FD-7CA0CA498E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{05D7FBB3-DA71-4028-8607-278D0BB2CADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{E2897A40-2881-421A-9838-0A7AC0FE53CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{0E55C94F-942A-40E3-8C62-9083580C4187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{DF48AAD2-A023-462A-A404-F4EF919347CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat  Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{1FF46CD6-57E2-43AF-AAEB-CD88D00ECF22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBAE541E-FCEE-4F6E-835B-F1B37797C110}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{310D2F4F-BEA7-46C5-998C-FB6B96C795B8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{970447B1-219D-4CC8-A6EE-33E7AB85A3D4}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{3C75B2D2-5273-4CAE-822E-86B2B11320D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6AA9459-B0D4-44D7-B55D-E5F7E5AA623A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2FC2F3F0-A38E-4DBB-85B0-FFCFD1DA6D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{9DAECDA0-CCB4-484A-8DE8-A7CBDA675A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{72AEC3A7-4F36-4A7B-8BAD-4282072BFB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{4C1DEA1C-0D90-404E-AA89-0381F78CF2E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{119E2071-795A-4065-888D-E9D9AABDBC8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{D80EA7A6-F395-4C4E-9AA4-5D25EB87733E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{F2B600F2-823B-4834-8E18-13B2E7B5C666}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7700F605-CCE0-4401-8977-01428544FBAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47C06BE2-7101-416C-973C-5F2F72318A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{F8663787-374C-4625-9C22-D459B0B63C92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E5E5AC8E-4442-4074-845A-481ACB76F665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{9E2AE1FD-F827-4B07-A996-1BB0FE58D3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{5CD1CBE2-DDB5-44F8-9ED1-6C70674EFCD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{BF41656D-1812-490D-BD26-CD4FF3D493CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{8DAD25DA-13A6-441B-B4E8-C762F05BCCAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{4CBBD028-26E2-40D7-AB7B-F871563B7634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{89AF9E33-3229-4CE9-875A-D340EA43CC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{ECFDB7DB-7583-45C3-8030-F1D8D53C0628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle  Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{E1342BFF-2526-44CE-9EE1-EDD4A009D0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{B91F188B-CD9B-4EAA-A726-FCFB32CAFC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{4D31C5DF-228D-4F44-A52C-F2631E5C9F28}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{5977B9E0-C55B-42D3-B4AD-FE73764046C3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{C03B41D3-6DF1-4599-BD12-67F6C98A8C81}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{A5905CDA-489A-4069-9F42-F53427E766CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{9B647C46-4D7D-4C4E-A6B4-1EF40EFC0389}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{80916E14-1953-4697-9074-FF041BA6EA49}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{08C70099-0FB4-4300-9239-90D2F07EECA9}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{ECEE5C6A-5B84-41E3-8CD3-1F0F3B70F962}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4474B7F-76DD-4A48-959D-BBE05535D43B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{4314CAB6-60A5-4042-BFCB-D757232AB093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{6FF64FB1-699C-4966-BF89-76E8B6E05A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{30D6F85B-31D5-4F0A-906E-24785B16E82E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{17A4207B-2090-4DA5-A89B-EEA4E9ADF5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{9804197B-8DC3-42FD-8D65-C80C4628906A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{D599A3BC-C738-4868-A061-647AA00A6F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{F4211D51-DC0A-424F-8901-A75E371A4B00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{E042D7FF-F6BD-467C-A29E-068A3EF0C3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{F71AC68D-C110-45F2-9BE1-B0332037E79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{C7D5396A-591F-4733-A179-5D3E5CC2D7AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{3988456F-B38B-45DC-820D-65C8290D27A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{83F3CE13-62D9-4185-90C8-D5B47E5F779C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{19BB8468-6A7D-47B7-8A33-D2F9805C35A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{2EC1EBAA-8806-4F80-9FFE-719671B9B73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{C99A6F24-7B0C-4337-8F24-A06DECCD11DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{17E75E5B-9111-493E-A85E-6E6504159167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{ED6833FB-8979-46B7-AFAB-8AB92585F82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{BEABA52E-C74B-4B94-B4ED-2E003A72341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{316A38B2-49BB-493B-8263-E4553D795583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{82F81DA8-2453-487E-948D-26FDACA8DD15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{094488BB-290B-430C-AB35-21ECA9E6B5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{8325BDA7-B635-4E2A-AC1B-17D4BB84DC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{0288E1AE-CF15-4968-8099-82818A741FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{315156DE-07BE-4453-B722-7DA2662391CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{B2D84E78-2196-4C24-B14A-95F5FD2704E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{C8C9FB74-22ED-4B5E-A365-253E32A7D1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{AB4250E0-F0CA-43A1-8D41-9E3D91CEE1B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{F5059D73-2819-4472-897F-7E6178D6D029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{27C1BBA2-1C02-4B6A-AAC6-378C04E8F323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{5D570449-71E7-47E8-869D-1AFC59E67270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{15B89EFF-C1CE-4B74-9811-D5F8BAE9DBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{097EC5D7-0517-47A2-B136-8929FE05F795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{F260384B-8CD4-4270-BAF3-691D38506C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{406E230E-BB64-4685-BC0B-8A34BD8BF828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{5DBBFDD8-501A-40A7-9EF2-0028218A9256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{0F0B8933-C93B-491F-B08C-6F7C19132597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{35664D0A-B671-43EB-9E31-3F05E06EAF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{F139791B-4EA9-4402-B2F0-1E08A509006A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{EDBC52B2-8484-4B7A-BD7D-856A823D05B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{560CD5AF-0605-4F98-BA96-C89F439EAA91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C4A58B91-4FA4-464E-A96C-720296C74D0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{34BD72EC-AEAD-4497-9C0F-3253CE9F7179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{6931784C-B430-401F-B0B1-C9E48B14239C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{236DC0DE-0ACB-4F2A-B40F-34AADF07FA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{EB5100C6-5C15-487E-B174-1C9E64507BA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4A353A3E-5334-4878-BE0D-26FCD0ED8DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A1ED21C3-EE2F-499F-946C-2D6172D164A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{BF846BB0-DDBC-4B6D-8602-03B5F5A18BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{71C146F0-E372-45DA-898D-9A77B88CECBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{C7E588DA-FB08-4040-BD64-AAF888D38883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{B6818CD8-6EDE-4670-9E82-5D5BE73B4D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{8E70E6AE-0E40-4F09-A6D3-09CAEAE3D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{3A0C7294-3036-49EB-8F3E-489A1BC9AE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{B835739F-B2FB-4886-8865-44442B8B1F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{E0201CB1-DD2B-4A3C-995E-384324BD5AE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{478F2866-EDDB-4B2D-AB90-92F19513EAF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{E01A6333-8D84-4A70-904D-4CDCE17C1CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{D2D77DF2-4B09-4592-BD4F-8428F81C9BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{5EB05C02-8589-4C4D-8FD1-4D60AF9DC2C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{A8AC9023-BF1D-4F35-AFD4-2826F9AEB89F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{2BC02A41-8472-40A9-8FC8-766482D9494B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6A2760AC-C808-4476-81A2-159A6CF09CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{2E26ED2F-6B5F-41A8-A548-ED7898A65FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{F4B5C197-216F-4FBA-B777-4DF79585B08A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{A7D84937-0C46-4F79-8931-D7D3FB2AD324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{4DBF6A60-D6CD-41B2-8F95-23C97B535F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{31F284FE-CB65-48AF-87EF-0F22E32E94C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C8A32E50-67E5-4046-8EF6-51F3467BD915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C6E471D5-DA64-4E26-8C06-36FB6422F28D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{038FC860-81BB-421D-87AF-DDF6AFD759C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{C8E95729-1379-4CDE-AD97-3DB085D90499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{6279C4E2-ABF1-41EE-B4A1-90E2E5C25D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{F91F1408-4E86-4800-83A5-18F8FF36998C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{1C27F52F-8C66-4F64-8716-44F90F12DAEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{C1BDC899-9060-4B7A-B887-AE22F44BBFDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7F23BA3D-B3AC-4012-AA53-A4F122FC9947}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AFECC72E-B166-449B-A0E1-FA740096A1AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7188B239-8F07-425A-8E57-F492FEB8FE73}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{973DC6F6-D506-4168-8701-81718833C1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89B6C70A-53D5-4069-859D-FAFA5D162A97}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD63EA97-C16A-41F4-89C1-7422D5CA285B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{246F4DE5-B0AD-4264-AC67-BA54AD3DE093}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{954057B6-318D-4CFE-A983-43858129CB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{652B73A4-6631-485E-8005-63C42267E5AB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B2F3B25-4566-4027-B5E0-28E3D4A60DFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCCDF852-4AAC-4C25-B794-02BB16E42FA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51B0CB12-E1DF-4430-A6E2-A4A8CC607376}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0894DDC2-19AA-4241-8D33-4F4B02314961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3107C0E5-F0D1-41B3-997A-24952B96578E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CDF044B0-AC23-49C0-8CFB-8DDCCFDCF79F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D641772F-AC9C-4338-9767-47F6C9754F83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EEEE16BB-5870-4804-9595-D8B5DA27CA91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F4E65EA-BA6D-45BF-87EE-8380C828C1CB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DFA9DBE6-5D2A-4BD0-AA1D-404E35C9CE59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A169977E-53E3-40B0-9435-B0755269EE32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{034DB826-C878-414F-A7E2-B17C96DE0859}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
28-10-2021 06:57:41 Scheduled Checkpoint
06-11-2021 04:27:13 Scheduled Checkpoint
08-11-2021 00:36:42 Windows Modules Installer
10-11-2021 20:39:15 Windows Modules Installer
11-11-2021 21:39:24 AA11
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/12/2021 02:25:27 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:25:27.053]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:25:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:25:19.883]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:25:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:25:12.715]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:24:29 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:24:29.683]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:24:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:24:22.513]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:24:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:24:15.343]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:23:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:23:32.335]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
Error: (11/12/2021 02:23:25 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2021/11/12 14:23:25.181]: [00013228]: Error GetInkSupplyType Send ( ErrCode == 5 )
 
 
System errors:
=============
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BrYNSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Samsung UPD Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1 milliseconds: Restart the service.
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2021 02:26:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Brother USB Application Controller service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===============
Date: 2021-11-12 14:46:49
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1203 12/25/2017
Motherboard: ASUSTeK COMPUTER INC. TUF Z270 MARK 2
Processor: Intel® Core™ i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 61%
Total physical RAM: 8133.76 MB
Available physical RAM: 3138.06 MB
Total Virtual: 27589.76 MB
Available Virtual: 20300.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.03 GB) (Free:102.98 GB) NTFS
Drive d: (Data) (Fixed) (Total:1397.26 GB) (Free:548.11 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:571.09 GB) NTFS
 
\\?\Volume{30748c3d-54a7-42cd-932e-0104cd4b876e}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{de9868d4-1430-4cfb-8747-81db6d6babb5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0D1C6D57)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=06)
 
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
4. no recurrence of pop-up, but I didn't see it this morning either so that in and of itself isn't definitive yet. 
 
-dale

  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Dale.
 
Logs are clean.
 
Let's make a final check, to ensure everything is fine.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#14
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
11/13/2021 15:12:53 PM
Files scanned: 1206480
Detected files: 8
Cleaned files: 8
Total scan time 01:31:32
Scan status: Finished
D:\From_old_XP_Sep_2014\xxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\AV Stuff\DVDStyler\dvdstylerfree_8680.exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting
 
D:\From_old_XP_Sep_2014\xxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\Games\Strategic Command II\WaW_Bundle_Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.AZ.gen potentially unwanted application cleaned by deleting
 
D:\From_old_XP_Sep_2014\xxxxxxxxxxxxxxxxxxxxxxxxxxx\Downloads\Games\Strategic Command II\WaW_Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.AZ.gen potentially unwanted application cleaned by deleting
 
D:\From_old_XP_Sep_2014\xxxxxxxxxxxxxxxxxxxxxxxxxxx\My Documents\Downloads\cbsidlm-tr1_13-Dwarf_Fortress-ORG-10879594.exe Win32/DownloadAdmin.G potentially unwanted application,Win32/DownloadAdmin.H potentially unwanted application cleaned by deleting
 
D:\From_old_XP_Sep_2014\xxxxxxxxxxxxxxxxxxxxxxxxxxx\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.W application cleaned by deleting
 
D:\NONmedia\Downloads\DVDStyler\dvdstylerfree_8680.exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting
 
D:\NONmedia\Downloads\Games\Strategic Command II\WaW_Bundle_Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.AZ.gen potentially unwanted application cleaned by deleting
 
D:\NONmedia\Downloads\Games\Strategic Command II\WaW_Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application,a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.AZ.gen potentially unwanted application cleaned by deleting

  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Dale.
 
As you see, 8 files in D are deleted as potentially unwanted applications or adware. I would NOT advise you to do that, but in case you would like to restore them, follow this Eset link: %5BKB2915%5D Restore files quarantined by the ESET Online Scanner version 3
 
 
The computer is now clean.  :thumbsup: 
 
If you don't have any other issues/questions/concerns...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP