Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Inhereted Notebook - Running Slow, Fan Running Fast [Solved]


  • Please log in to reply

#1
Jackpine

Jackpine

    Member

  • Member
  • PipPipPip
  • 490 posts

Hello, My daughter bought herself a new notebook, and gave me her old one.

 

It runs slow, and I can hear the fan working hard from time to time during normal use, i.e., word processing, checking emails.  There are no high-demand games or programs installed on the notebook.

 

I wonder if someone can check for any malware or other problems.  Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by Amanda (administrator) on AMANDA-HP (Hewlett-Packard HP Pavilion g6 Notebook PC) (12-11-2021 12:19:41)
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31019504 2020-06-09] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series XPS: C:\Windows\system32\CNMXLMCS.DLL [409088 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2015-03-17] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: PDBoot.exeautocheck autochk *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03941A70-4158-4900-8D36-8F597CD87A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-08] (Google Inc -> Google Inc.)
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe /verysilent /update /freq=90 (No File)
Task: {3295C7FC-3908-4C0A-935D-F48D09EDC2D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {430E6E3F-AD4A-4913-83CD-C2BE5A226333} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {4499D604-0F97-4510-B778-73FB4EBB6759} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-31] (HP Inc. -> HP Inc.)
Task: {460C6D7D-8B5A-4F51-86B0-35BCBC536FC6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {54D1192B-C6C8-4241-941C-70EF8518242D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. -> HP Inc.)
Task: {58FD8687-A1F3-4CED-BFDE-DD71224F3616} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {6F10E98C-4ADB-47F6-ADD8-9A8F41025F79} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {75F28C26-5AF7-4734-BA75-7B3F7262A840} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-06-09] (Garmin International, Inc. -> )
Task: {79FA81FE-1D64-4D93-B0D9-54E850E73E87} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {83CEB22E-798A-4557-8061-95A29A644057} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {91C1CAB6-F32C-4F23-B4F0-07D151F8D8AE} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {950B8750-DF2C-4F2D-AB8B-9E9E8678095D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-07-01] (HP Inc. -> HP Inc.)
Task: {A53D8E94-59D0-4D15-801D-7AB40FAF2992} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {A5AA4715-C292-4388-AB2B-A11D02F1C156} - System32\Tasks\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408} => C:\Windows\system32\pcalua.exe -a C:\Users\Amanda\Desktop\HPSupportSolutionsFramework-12.15.14.3.exe -d C:\Users\Amanda\Desktop
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
Task: {B8B57C90-1D22-4548-BD2E-5A85B60A89BA} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {BE307D0C-1B08-4818-8D4B-3835554BD269} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {C6876885-D0C3-46F6-8F4D-7F606B05B959} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {CCAD9F13-C37C-4216-AAC0-1E01C64F5999} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {D05C7DE2-BB37-46E7-84ED-87F1C21905A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1053760 2016-04-22] (Hewlett-Packard Company -> HP Inc.)
Task: {DA92ED9A-F28D-4472-A96B-59809B015955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-08] (Google Inc -> Google Inc.)
Task: {E1965C9E-3865-4D70-8D4E-5C7C11653368} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {E62C9B41-00FA-48DF-A3DF-47F32E9ACCF4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {EB99145D-B11F-46BD-AEF6-6ED40D03CF47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {ED31D45D-DB50-4CE5-8F2C-4CF65114CD0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [664920 2020-06-29] (HP Inc. -> HP Inc.)
Task: {EF7E3A68-0503-43D8-BDFD-383FA0AD4A2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1053760 2016-04-22] (Hewlett-Packard Company -> HP Inc.)
Task: {F5B4B7C4-6F65-4F92-B404-B135D8A21FCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [664920 2020-06-29] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{9955086B-673D-4CF2-9BDF-346645A0F1B5}: [DhcpNameServer] 192.168.2.1 207.164.234.193

FireFox:
========
FF DefaultProfile: cjf2nppd.default-1547470643528
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 [2021-11-12]
FF Notifications: Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 -> hxxps://www.facebook.com
FF Extension: (AVG Online Security) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\[email protected] [2021-07-22]
FF Extension: (uBlock Origin) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\[email protected] [2021-10-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-15] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [387928 2020-06-30] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2424424 2011-08-29] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987152 2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [305152 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [73928 2018-03-28] (Paramount Software UK Ltd -> Windows ® Win 7 DDK provider)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [535040 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-12 12:19 - 2021-11-12 12:20 - 000019558 _____ C:\Users\Amanda\Desktop\FRST.txt
2021-11-12 12:18 - 2021-11-12 12:19 - 002312192 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2021-11-12 10:29 - 2021-11-12 12:20 - 000000000 ____D C:\FRST
2021-11-12 10:15 - 2021-11-12 10:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-30 18:01 - 2021-10-30 18:01 - 000003288 ____N C:\bootsqm.dat
2021-10-30 09:59 - 2018-07-15 14:33 - 000150796 _____ C:\HPHWDiag_log.txt
2021-10-30 09:09 - 2021-11-12 10:18 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-12 12:19 - 2018-03-14 21:02 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2021-11-12 12:16 - 2019-03-28 21:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-12 12:08 - 2018-03-14 21:11 - 000000000 ____D C:\Users\Amanda\AppData\Local\ClassicShell
2021-11-12 12:04 - 2018-10-20 13:37 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-12 10:52 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-12 10:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-11-12 10:45 - 2009-07-13 23:45 - 000035600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-12 10:45 - 2009-07-13 23:45 - 000035600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-12 10:27 - 2018-04-09 13:43 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2021-11-12 10:26 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-12 10:26 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-12 10:10 - 2018-03-14 20:29 - 000003934 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F52EBCF6-B655-4260-897D-6C56F659BD58}
2021-10-30 10:00 - 2011-10-31 19:24 - 000000000 ____D C:\Windows\system32\Tasks\Hewlett-Packard
2021-10-30 09:59 - 2011-10-31 18:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-10-30 09:58 - 2011-02-10 14:23 - 000000000 ____D C:\SWSetup
2021-10-30 09:43 - 2018-03-15 09:39 - 000000000 ____D C:\Windows\system32\MRT
2021-10-30 09:39 - 2018-03-15 09:39 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-30 09:17 - 2020-02-18 12:46 - 000000000 ____D C:\Users\Amanda\Documents\Website Info
2021-10-30 09:10 - 2018-05-06 19:50 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-10-30 08:59 - 2018-12-08 21:18 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-30 08:59 - 2018-12-08 21:18 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2018-09-14 14:25 - 2018-09-14 14:44 - 044858529 _____ () C:\Program Files (x86)\MahJong.Suite.2015.v12.0.rar
2018-04-18 11:24 - 2018-04-18 11:24 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122435.txt
2018-04-18 11:28 - 2018-04-18 11:28 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122827.txt
2018-04-18 14:03 - 2018-04-18 14:03 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150359.txt
2018-04-18 14:09 - 2018-04-18 14:09 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150955.txt
2018-04-10 08:19 - 2018-04-10 08:19 - 000007667 _____ () C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-10-30 11:51
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by Amanda (12-11-2021 12:20:59)
Running from C:\Users\Amanda\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X64) (2018-03-15 01:26:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3956403641-1016103790-1991301254-500 - Administrator - Disabled)
Amanda (S-1-5-21-3956403641-1016103790-1991301254-1000 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3956403641-1016103790-1991301254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956403641-1016103790-1991301254-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{C31D139A-5A4A-44A7-9B85-7775CEA60121}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Elevated Installer (HKLM-x32\...\{BC4FF911-2F33-4A79-9D59-7E21866C8A09}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{414a0118-9b7e-484e-8079-a01bc6d069f8}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{630919DC-A490-4AFF-B2C9-C5FA69D3D742}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hope Lake 1.00 (HKLM-x32\...\Hope Lake 1.00) (Version: 1.00 - Games)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{ECCFEFB0-A6EB-4BB3-9C9D-690370ED0C6D}) (Version: 1.7.0.0 - HP Inc.)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{90201F91-CF46-41DC-8AF7-2756A2492A72}) (Version: 8.8.28.13 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{EA6A1ABF-8D4C-432A-AF6C-84738319C2D7}) (Version: 12.17.27.5 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Macrium Reflect Server Edition (HKLM\...\{49157BD6-B5D3-4DBB-98C8-A604D4332D9B}) (Version: 7.0.2187 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000_Classes\CLSID\{994DDB09-5EF2-4b68-9599-29BB1A2A6944}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2018-03-14 21:19 - 2011-05-20 12:05 - 000059904 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2019-06-06 12:32 - 2019-06-06 12:32 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae5e4617a0a8018308c37b0d47e74d26\IsdiInterop.ni.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2018-03-14 21:19 - 2010-12-22 14:50 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2018-03-19 13:14 - 2015-03-17 07:51 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2020-06-09 10:41 - 2020-06-09 10:41 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2019-06-06 12:32 - 2019-06-06 12:32 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1ee5bbe67e0d1b85eb1b125cf57cba91\IAStorCommon.ni.dll
2018-03-14 21:19 - 2010-12-22 14:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
2018-03-14 21:19 - 2011-05-20 11:54 - 000278528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2020-02-18 15:58 - 2020-02-18 15:58 - 000225792 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\b5259b9020de24e4a8286949afdab665\IAStorDataMgr.ni.dll
2020-02-18 15:58 - 2020-02-18 15:58 - 000491520 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45a77d07d6fa9e5a23c26adc0d0e2aee\IAStorUtil.ni.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2018-03-16 14:49 - 2018-03-16 14:49 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2020-06-09 10:39 - 2020-06-09 10:39 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-09 13:42 - 2018-04-09 13:42 - 000000143 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Broadcom\Broadcom 802.11\Driver;;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Intel\Services\IPT\
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 207.164.234.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{98B44A3A-A17A-47E5-ABDB-F1798C77AD44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5943820C-A840-4247-8DD5-5142C5020FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5989919C-1183-43C8-88B8-0A1A33B2BA2A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{5BFE4BC2-21AB-47BE-922A-041ED5B9C7F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{54F25319-BBFB-485D-A61A-1C5A08980F0C}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{83753B62-EEEE-46F3-AFBA-570B8F8E1ACB}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\airhost.exe => No File

==================== Restore Points =========================

14-08-2020 12:26:47 Windows Update
14-08-2020 12:48:07 Device Driver Package Install: AVG Technologies Network Service
14-08-2020 15:05:15 Installed HP Support Solutions Framework
14-08-2020 15:08:18 Installed HP Support Assistant
14-08-2020 15:12:26 Windows Modules Installer
17-08-2020 07:14:02 Windows Modules Installer
17-08-2020 07:15:52 Windows Modules Installer
30-09-2020 15:28:30 Revo Uninstaller Pro's restore point - CCleaner
07-12-2020 15:41:32 Scheduled Checkpoint
07-12-2020 16:05:55 Windows Update
07-12-2020 16:22:24 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
22-07-2021 12:09:57 Revo Uninstaller Pro's restore point - AVG AntiVirus FREE
22-07-2021 12:28:48 Windows Update
20-08-2021 21:06:51 Windows Update
30-10-2021 09:38:33 Windows Update
30-10-2021 09:59:13 Installed HP PC Hardware Diagnostics Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/12/2021 10:45:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:45:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:45:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:45:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:30:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:30:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:30:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/12/2021 10:30:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.


System errors:
=============
Error: (11/12/2021 12:23:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/12/2021 10:28:47 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (11/12/2021 10:27:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/12/2021 10:25:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (11/12/2021 10:24:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/12/2021 10:06:26 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (11/12/2021 10:05:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/30/2021 06:04:50 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.


==================== Memory info ===========================

BIOS: Hewlett-Packard F.34 06/14/2012
Motherboard: Hewlett-Packard 1695
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 6091.86 MB
Available physical RAM: 2864.62 MB
Total Virtual: 12181.86 MB
Available Virtual: 8935.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.46 GB) (Free:749.38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.89 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

\\?\Volume{84515f44-27fb-11e8-9f78-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A65C9874)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt =======================


Edited by Jackpine, 12 November 2021 - 11:29 AM.

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Jackpine.

 

There are signs of the KMS service in the computer which is used for illegally activating Microsoft products, like Windows and Office. Also, it seems that a method to illegally bypass activation of Malwarebytes is used.

 

I am going to request you to completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software. If the Windows operating system is the case, unfortunately I can't provide you any help until you legally activate it.

 

FYI, here are the Forum's Rules: Terms of Use - Geeks to Go Forum

 

Please note the following:

 

 

We will NOT help anyone we suspect of having obtained their software or services illegally.

 

 

Please let me know if you agree with uninstalling all the pirated programs before we begin.


  • 0

#3
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hi Dr M.

 

I know that when we bought the laptop for our daughter, it came preloaded with Windows 7.  I don't believe Windows Office was included, but I don't remember 100%.  She may have had it installed at University at the time.  I checked under Control Panel - System for the notebook, and it does say that Windows has been activated and there is a product ID number showing.

 

Do I just uninstall Office?

 

What about Malewarebytes?  How is that to be uninstalled?

 

Thanks, Jackpine


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hello.

 

1. P2P program

 

Since I see that you have decided to continue here with the cleaning procedure, I have to tell you something about the following:

You have μTorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2.

 
2. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program in the list:
Malwarebytes Anti-Malware version 2.2.1.1043 
Microsoft Office Enterprise 2007 
μTorrent *
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

NOTE:

 

If you need an Office platform, these are some free alternatives. I tried the first two and I liked them both very much: 
 
Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft[/size]
www.freeoffice.com - Download[/size]
Apache OpenOffice - Official Site - The Free and Open Productivity Suite[/size]
WPS Office - Free Office Download for PC & Mobile, Alternative to MS Office
 
You can install one of the above, if you like, at the end of the cleaning procedure here.

 

 

3. Fresh FRST logs

 

Please, after you uninstall the programs, provide fresh FRST logs, Addition and FRST. 

 

 


  • 0

#5
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Progress so far:

 

Malwarebytes uninstalled.

 

Microsoft Office uninstall attempted.  A screen showed uninstall progress, then a message appeared saying: "Office 2007 uninstall did not complete successfully."  I then pressed the Close button.  Please provide further direction.


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

See Option 2 here, to completely uninstall Office: Uninstall Office from a PC (microsoft.com)

 

Let me know how it went. 


  • 0

#7
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

I followed Option 2 to uninstall Office 2007.  It completed the steps and required the computer to reboot, which it did.  I checked under Control Panel, Programs and Features, but Office Enterprise 2007 is still there.  I checked Office Outlook and was able to send/receive emails, so it still works.

 

Is Office 2007 the same as Office Enterprise 2007?


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

To clarify some things:

 

Enterprise edition for Office is for big companies and not for individuals. Therefore, the license used here is not legal, unless the computer belongs to a company.

 

Outlook, the email client, comes as a part of Microsoft Office Enterprise, so it won't work when you uninstall the whole Office platform.

 

Apart, have in mind that support for Office 2007 ended on October 10, 2017.

 

Is this OK with you?


  • 0

#9
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

I need to uninstall Office Enterprise 2007 somehow.


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

I see you have Revo Uninstaller.

  • Open the program.
  • Write in the search area, on the top left, the following program:
Microsoft Office Enterprise 2007
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Microsoft Office Enterprise 2007 items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

 

More luck now? 


  • 0

Advertisements


#11
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Office Enterprise 2007 is now completely uninstalled.  Fresh FRST logs are provided below.

 

In addition to the original problems of this notebook, there are two other problems:

 

1.  The icon next to the time and date in the lower right of the screen that shows internet connection (the five bars), shows "not connected" when I hover the mouse over it.  However, I do have an internet connection.

 

2.  When I go to Control Panel, Programs and Features, in the top left of the page there is a line that says "Turn Windows features on or off."  When I click on the line, a new box opens up that says "Please wait."  However the box remains blank.  It doesn't show any Windows features to turn on or off.  (What I wanted to do was to turn off Internet Explorer 11.)

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <5>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Software Asset Manager -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [168376 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31019504 2020-06-09] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series XPS: C:\Windows\system32\CNMXLMCS.DLL [409088 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2015-03-17] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: PDBoot.exeautocheck autochk *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03941A70-4158-4900-8D36-8F597CD87A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-08] (Google Inc -> Google Inc.)
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe /verysilent /update /freq=90 (No File)
Task: {3295C7FC-3908-4C0A-935D-F48D09EDC2D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {430E6E3F-AD4A-4913-83CD-C2BE5A226333} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {4499D604-0F97-4510-B778-73FB4EBB6759} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-31] (HP Inc. -> HP Inc.)
Task: {460C6D7D-8B5A-4F51-86B0-35BCBC536FC6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {54D1192B-C6C8-4241-941C-70EF8518242D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506136 2020-07-01] (HP Inc. -> HP Inc.)
Task: {58FD8687-A1F3-4CED-BFDE-DD71224F3616} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {6F10E98C-4ADB-47F6-ADD8-9A8F41025F79} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {75F28C26-5AF7-4734-BA75-7B3F7262A840} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-06-09] (Garmin International, Inc. -> )
Task: {79FA81FE-1D64-4D93-B0D9-54E850E73E87} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {83CEB22E-798A-4557-8061-95A29A644057} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8A9BE98C-A3D1-481C-8F8D-FAE4C6454F48} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5008312 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {902CE974-2537-4900-9FB7-315327C91AB9} - System32\Tasks\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {91C1CAB6-F32C-4F23-B4F0-07D151F8D8AE} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {950B8750-DF2C-4F2D-AB8B-9E9E8678095D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-07-01] (HP Inc. -> HP Inc.)
Task: {A53D8E94-59D0-4D15-801D-7AB40FAF2992} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {A5AA4715-C292-4388-AB2B-A11D02F1C156} - System32\Tasks\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408} => C:\Windows\system32\pcalua.exe -a C:\Users\Amanda\Desktop\HPSupportSolutionsFramework-12.15.14.3.exe -d C:\Users\Amanda\Desktop
Task: {AC1797AA-1F1E-419E-9D33-D95489587F16} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1815352 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
Task: {B8B57C90-1D22-4548-BD2E-5A85B60A89BA} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {BE307D0C-1B08-4818-8D4B-3835554BD269} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {C6876885-D0C3-46F6-8F4D-7F606B05B959} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {CCAD9F13-C37C-4216-AAC0-1E01C64F5999} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {D05C7DE2-BB37-46E7-84ED-87F1C21905A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1053760 2016-04-22] (Hewlett-Packard Company -> HP Inc.)
Task: {DA92ED9A-F28D-4472-A96B-59809B015955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-08] (Google Inc -> Google Inc.)
Task: {E1965C9E-3865-4D70-8D4E-5C7C11653368} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {E62C9B41-00FA-48DF-A3DF-47F32E9ACCF4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {EB99145D-B11F-46BD-AEF6-6ED40D03CF47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {ED31D45D-DB50-4CE5-8F2C-4CF65114CD0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [664920 2020-06-29] (HP Inc. -> HP Inc.)
Task: {EF7E3A68-0503-43D8-BDFD-383FA0AD4A2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1053760 2016-04-22] (Hewlett-Packard Company -> HP Inc.)
Task: {F5B4B7C4-6F65-4F92-B404-B135D8A21FCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [664920 2020-06-29] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{9955086B-673D-4CF2-9BDF-346645A0F1B5}: [DhcpNameServer] 192.168.2.1 207.164.234.193

FireFox:
========
FF DefaultProfile: cjf2nppd.default-1547470643528
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 [2021-11-13]
FF Notifications: Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 -> hxxps://www.facebook.com
FF Extension: (AVG Online Security) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\[email protected] [2021-07-22]
FF Extension: (uBlock Origin) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\[email protected] [2021-10-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-15] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [713656 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [460728 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8413296 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [387928 2020-06-30] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2424424 2011-08-29] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987152 2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [305152 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35872 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [222264 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [372336 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250456 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99432 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41504 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184800 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [539144 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2021-11-12] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107976 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83040 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [852352 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [557784 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [214496 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [317840 2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation -> Broadcom Corporation.)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [73928 2018-03-28] (Paramount Software UK Ltd -> Windows ® Win 7 DDK provider)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [535040 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-13 11:39 - 2021-11-13 11:40 - 000022982 _____ C:\Users\Amanda\Desktop\FRST.txt
2021-11-13 11:32 - 2021-11-13 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-13 11:23 - 2021-11-13 11:24 - 000000000 ____D C:\Windows\SHELLNEW
2021-11-13 10:29 - 2021-11-13 10:50 - 000000000 ____D C:\Users\Amanda\AppData\Local\SaraResults
2021-11-13 10:27 - 2021-11-13 10:27 - 000000520 _____ C:\Users\Amanda\Desktop\Microsoft Support and Recovery Assistant.appref-ms
2021-11-13 10:27 - 2021-11-13 10:27 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2021-11-13 10:27 - 2021-11-13 10:27 - 000000000 ____D C:\Users\Amanda\AppData\Local\SaRALogs
2021-11-13 10:25 - 2021-11-13 10:48 - 000000000 ____D C:\Users\Amanda\AppData\Local\Deployment
2021-11-13 10:25 - 2021-11-13 10:25 - 000000000 ____D C:\Users\Amanda\AppData\Local\Apps\2.0
2021-11-13 09:41 - 2021-11-13 09:41 - 000003274 _____ C:\Windows\system32\Tasks\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2}
2021-11-12 16:04 - 2021-11-12 16:04 - 000000750 _____ C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Solitaire.lnk
2021-11-12 13:47 - 2021-11-12 13:47 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\AVG
2021-11-12 13:47 - 2021-11-12 13:47 - 000000000 ____D C:\Users\Amanda\AppData\Local\AVG
2021-11-12 13:46 - 2021-11-12 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2021-11-12 13:44 - 2021-11-12 13:44 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2021-11-12 13:43 - 2021-11-12 13:43 - 000852352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000557784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000539144 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000372336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000336824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-11-12 13:43 - 2021-11-12 13:43 - 000317840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000250456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000222264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000184800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000107976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000099432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000083040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000041504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000035872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000029944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetNd6.sys
2021-11-12 13:43 - 2021-11-12 13:43 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-11-12 13:42 - 2021-11-12 13:42 - 000000000 ____D C:\Program Files\AVG
2021-11-12 12:18 - 2021-11-12 12:19 - 002312192 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2021-11-12 10:29 - 2021-11-13 11:40 - 000000000 ____D C:\FRST
2021-11-12 10:15 - 2021-11-12 10:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-30 09:59 - 2018-07-15 14:33 - 000150796 _____ C:\HPHWDiag_log.txt
2021-10-30 09:09 - 2021-11-12 10:18 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-13 11:38 - 2019-03-28 21:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-13 11:37 - 2018-03-14 21:02 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2021-11-13 11:35 - 2018-10-20 13:37 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-13 11:33 - 2019-01-01 11:14 - 000000000 ____D C:\ProgramData\AVG
2021-11-13 11:33 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-13 11:32 - 2009-07-13 23:45 - 000035600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-13 11:32 - 2009-07-13 23:45 - 000035600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-13 11:32 - 2009-07-13 21:34 - 000000478 _____ C:\Windows\win.ini
2021-11-13 11:29 - 2018-03-14 21:11 - 000000000 ____D C:\Users\Amanda\AppData\Local\ClassicShell
2021-11-13 11:05 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-13 11:05 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-11-13 09:42 - 2018-03-17 15:56 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\uTorrent
2021-11-13 08:41 - 2018-03-14 20:29 - 000003934 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F52EBCF6-B655-4260-897D-6C56F659BD58}
2021-11-12 17:10 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2021-11-12 16:03 - 2018-03-15 09:39 - 000000000 ____D C:\Windows\system32\MRT
2021-11-12 15:58 - 2018-03-15 09:39 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-12 13:43 - 2021-07-22 12:06 - 000214496 ____N (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-11-12 10:26 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-30 10:00 - 2011-10-31 19:24 - 000000000 ____D C:\Windows\system32\Tasks\Hewlett-Packard
2021-10-30 09:59 - 2011-10-31 18:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-10-30 09:58 - 2011-02-10 14:23 - 000000000 ____D C:\SWSetup
2021-10-30 09:10 - 2018-05-06 19:50 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-10-30 08:59 - 2018-12-08 21:18 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-30 08:59 - 2018-12-08 21:18 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2018-09-14 14:25 - 2018-09-14 14:44 - 044858529 _____ () C:\Program Files (x86)\MahJong.Suite.2015.v12.0.rar
2018-04-18 11:24 - 2018-04-18 11:24 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122435.txt
2018-04-18 11:28 - 2018-04-18 11:28 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122827.txt
2018-04-18 14:03 - 2018-04-18 14:03 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150359.txt
2018-04-18 14:09 - 2018-04-18 14:09 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150955.txt
2018-04-10 08:19 - 2018-04-10 08:19 - 000007667 _____ () C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-11-12 13:09
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by Amanda (13-11-2021 11:43:52)
Running from C:\Users\Amanda\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X64) (2018-03-15 01:26:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3956403641-1016103790-1991301254-500 - Administrator - Disabled)
Amanda (S-1-5-21-3956403641-1016103790-1991301254-1000 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3956403641-1016103790-1991301254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956403641-1016103790-1991301254-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{C31D139A-5A4A-44A7-9B85-7775CEA60121}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.9.3209 - AVG Technologies)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Elevated Installer (HKLM-x32\...\{BC4FF911-2F33-4A79-9D59-7E21866C8A09}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{414a0118-9b7e-484e-8079-a01bc6d069f8}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{630919DC-A490-4AFF-B2C9-C5FA69D3D742}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Hope Lake 1.00 (HKLM-x32\...\Hope Lake 1.00) (Version: 1.00 - Games)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{ECCFEFB0-A6EB-4BB3-9C9D-690370ED0C6D}) (Version: 1.7.0.0 - HP Inc.)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{90201F91-CF46-41DC-8AF7-2756A2492A72}) (Version: 8.8.28.13 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{EA6A1ABF-8D4C-432A-AF6C-84738319C2D7}) (Version: 12.17.27.5 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Macrium Reflect Server Edition (HKLM\...\{49157BD6-B5D3-4DBB-98C8-A604D4332D9B}) (Version: 7.0.2187 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\0527a644a4ddd31d) (Version: 17.0.7513.7 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000_Classes\CLSID\{994DDB09-5EF2-4b68-9599-29BB1A2A6944}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-11-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2018-03-14 21:19 - 2011-05-20 12:05 - 000059904 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2019-06-06 12:32 - 2019-06-06 12:32 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae5e4617a0a8018308c37b0d47e74d26\IsdiInterop.ni.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2018-03-14 21:19 - 2010-12-22 14:50 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2018-03-19 13:14 - 2015-03-17 07:51 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2020-06-09 10:41 - 2020-06-09 10:41 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2019-06-06 12:32 - 2019-06-06 12:32 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1ee5bbe67e0d1b85eb1b125cf57cba91\IAStorCommon.ni.dll
2018-03-14 21:19 - 2010-12-22 14:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
2018-03-14 21:19 - 2011-05-20 11:54 - 000278528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2020-02-18 15:58 - 2020-02-18 15:58 - 000225792 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\b5259b9020de24e4a8286949afdab665\IAStorDataMgr.ni.dll
2020-02-18 15:58 - 2020-02-18 15:58 - 000491520 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45a77d07d6fa9e5a23c26adc0d0e2aee\IAStorUtil.ni.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2018-03-16 14:49 - 2018-03-16 14:49 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\MSVCP140.dll
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\ucrtbase.DLL
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\ucrtbase.DLL
2021-11-12 13:43 - 2021-11-12 13:43 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVG\Antivirus\1033\avg.local_vc142.crt\VCRUNTIME140.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\VCRUNTIME140.dll
2021-11-13 07:45 - 2021-11-13 07:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll] C:\Program Files\AVG\Antivirus\defs\21111302\avg.local_vc142.crt\VCRUNTIME140_1.dll
2020-06-09 10:39 - 2020-06-09 10:39 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-09 13:42 - 2018-04-09 13:42 - 000000143 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Broadcom\Broadcom 802.11\Driver;;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Intel\Services\IPT\
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1 - 207.164.234.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{98B44A3A-A17A-47E5-ABDB-F1798C77AD44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5943820C-A840-4247-8DD5-5142C5020FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5989919C-1183-43C8-88B8-0A1A33B2BA2A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{5BFE4BC2-21AB-47BE-922A-041ED5B9C7F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{54F25319-BBFB-485D-A61A-1C5A08980F0C}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{83753B62-EEEE-46F3-AFBA-570B8F8E1ACB}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5E91DCF1-2975-4918-8784-5A6EF0C0675E}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CAC5A05E-B89E-4694-8034-080DA4236268}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

22-07-2021 12:28:48 Windows Update
20-08-2021 21:06:51 Windows Update
30-10-2021 09:38:33 Windows Update
30-10-2021 09:59:13 Installed HP PC Hardware Diagnostics Windows
12-11-2021 13:16:13 Scheduled Checkpoint
12-11-2021 13:43:33 Device Driver Package Install: AVG Technologies Network Service
12-11-2021 15:57:40 Windows Update
13-11-2021 09:38:33 Removed Microsoft Office Enterprise 2007
13-11-2021 09:46:21 Removed Microsoft Office Enterprise 2007
13-11-2021 10:35:41 Removed Microsoft Office Enterprise 2007
13-11-2021 11:00:50 Removed Microsoft Office Enterprise 2007
13-11-2021 11:21:42 Revo Uninstaller Pro's restore point - Microsoft Office Enterprise 2007
13-11-2021 11:22:23 Removed Microsoft Office Enterprise 2007

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/13/2021 11:33:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2021 11:29:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2021 11:23:36 AM) (Source: MsiInstaller) (EventID: 1013) (User: Amanda-HP)
Description: Internal MSI error. Installer terminated prematurely.

Error: (11/13/2021 11:02:25 AM) (Source: MsiInstaller) (EventID: 1013) (User: Amanda-HP)
Description: Internal MSI error. Installer terminated prematurely.

Error: (11/13/2021 10:50:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2021 10:37:33 AM) (Source: MsiInstaller) (EventID: 1013) (User: Amanda-HP)
Description: Internal MSI error. Installer terminated prematurely.

Error: (11/13/2021 10:32:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2021 09:48:29 AM) (Source: MsiInstaller) (EventID: 1013) (User: Amanda-HP)
Description: Internal MSI error. Installer terminated prematurely.


System errors:
=============
Error: (11/13/2021 11:47:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/13/2021 11:35:48 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (11/13/2021 11:35:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2021 11:34:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/13/2021 11:32:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/13/2021 11:30:44 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (11/13/2021 11:29:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2021 10:51:48 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.


==================== Memory info ===========================

BIOS: Hewlett-Packard F.34 06/14/2012
Motherboard: Hewlett-Packard 1695
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 65%
Total physical RAM: 6091.86 MB
Available physical RAM: 2089.53 MB
Total Virtual: 12181.86 MB
Available Virtual: 8150.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.46 GB) (Free:718.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.89 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

\\?\Volume{84515f44-27fb-11e8-9f78-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A65C9874)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt =======================


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

OK.
 
Now we are ready to start. Since I see that you installed AVG, I have to turn your attention to the following guidelines:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

===============================================

 

I will need some time to review your logs. 

 

Just letting you know that here it is 19:05.
 


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Hi, Jackpine.
 
1. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Adobe Shockwave Player 11.6 
Microsoft Office File Validation Add-In 
Microsoft Office Visio 2007 Service Pack 3 
Microsoft Support and Recovery Assistant 
Update for 2007 Microsoft Office System (KB967642) 
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CloseProcesses:
CreateRestorePoint:
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
FirewallRules: [{83753B62-EEEE-46F3-AFBA-570B8F8E1ACB}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe /verysilent /update /freq=90 (No File)
Task: {902CE974-2537-4900-9FB7-315327C91AB9} - System32\Tasks\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {A5AA4715-C292-4388-AB2B-A11D02F1C156} - System32\Tasks\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408} => C:\Windows\system32\pcalua.exe -a C:\Users\Amanda\Desktop\HPSupportSolutionsFramework-12.15.14.3.exe -d C:\Users\Amanda\Desktop
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Hosts:
CMD: SFC /scannow
EmptyTem:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#14
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Programs removed.  (However, Microsoft Office Visio 2007 Service Pack 3 and Update for 2007 Microsoft Office System (KB967642) were not found in Programs and Features or Revo Uninstaller.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by Amanda (13-11-2021 13:17:59) Run:1
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
FirewallRules: [{83753B62-EEEE-46F3-AFBA-570B8F8E1ACB}] => (Allow) C:\Users\Amanda\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe /verysilent /update /freq=90 (No File)
Task: {902CE974-2537-4900-9FB7-315327C91AB9} - System32\Tasks\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {A5AA4715-C292-4388-AB2B-A11D02F1C156} - System32\Tasks\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408} => C:\Windows\system32\pcalua.exe -a C:\Users\Amanda\Desktop\HPSupportSolutionsFramework-12.15.14.3.exe -d C:\Users\Amanda\Desktop
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Hosts:
CMD: SFC /scannow
EmptyTem:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}\\SystemComponent" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ESET Security Shell => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => removed successfully
C:\Windows\pss\KMService.lnk.CommonStartup => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83753B62-EEEE-46F3-AFBA-570B8F8E1ACB}" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20FCFF64-00DD-401D-B1AE-BB1FD97DC929} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20FCFF64-00DD-401D-B1AE-BB1FD97DC929} => removed successfully
C:\Windows\System32\Tasks\klcp_update => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902CE974-2537-4900-9FB7-315327C91AB9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902CE974-2537-4900-9FB7-315327C91AB9}" => removed successfully
C:\Windows\System32\Tasks\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60B6F7C9-8334-4EB5-AFDF-9902669C0ED2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5AA4715-C292-4388-AB2B-A11D02F1C156}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5AA4715-C292-4388-AB2B-A11D02F1C156}" => removed successfully
C:\Windows\System32\Tasks\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B8DC4A1-C6A7-4116-9ED3-552D789BC408}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B22AF7EA-67F5-45E8-84D4-8AAE462B59D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B22AF7EA-67F5-45E8-84D4-8AAE462B59D6}" => removed successfully
C:\Windows\System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2859790-1CBC-48FC-B2DF-BED06E883DB7}" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removed successfully
HKLM\System\CurrentControlSet\Services\ekrnEpfw => removed successfully
ekrnEpfw => service removed successfully
HKLM\System\CurrentControlSet\Services\hpqwmiex => removed successfully
hpqwmiex => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========

EmptyTem: => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 13:28:56 ====


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,269 posts

Good. Moving on. 

 

 

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, ALL the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items ALL options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP