Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer / high CPU usage [Closed]

Started by wickkidda , Apr 06 2022 08:53 PM

  • This topic is locked This topic is locked

#1
wickkidda
Posted 06 April 2022 - 08:53 PM

wickkidda

    Member

  • Member
  • PipPipPip
  • 129 posts

When I run programs they multiply into many processes and cause high enough CPU/RAM usage to cause things to lag quite a bit. Usually rebooting fixes it but now it doesn't. I'm not sure what happened but it might have been a shady .exe that I ran that infected me. I don't usually run those types of things and I did recently, so it's my only clue. Since then I've installed and run Malwarebytes and it detected 1 thing and quarantined it and nothing seems to have changed. Thanks I appreciate you guys.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by Matt (administrator) on MATT-PC (MSI MS-7673) (06-04-2022 22:36:22)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt
Platform: Microsoft Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Mark of the Unicorn -> ) C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(services.exe ->) (Mark of the Unicorn -> MOTU Inc.) C:\Program Files (x86)\MOTU\motuDNSResponder.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\Wondershare UniConverter\WSVCUUpdateHelper.exe (No File)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\Run: [Discord] => C:\Users\Matt\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\Run: [Voicemod] => "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" (No File)
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1087376 2022-04-04] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKLM\...\Print\Monitors\HP AF11 Status Monitor: C:\WINDOWS\system32\hpinkstsAF11LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Photosmart 6520 series): C:\WINDOWS\system32\HPDiscoPMAF11.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Service.lnk [2016-03-29]
ShortcutTarget: MOTU Pedal Service.lnk -> C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe (Mark of the Unicorn -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Plants vs Zombies.lnk [2017-10-03]
ShortcutTarget: Plants vs Zombies.lnk -> C:\Program Files\Plants vs Zombies\PlantsVsZombies.exe (PopCap Games -> ) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FDF82CB-1750-4538-B6CC-D852B9983A70} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {2DF97236-1A23-425B-9EC1-1C19F475E3BA} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {83FACCEC-63C9-4F9D-B192-B8DF8C2229D0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {8910BFB0-CC0A-4798-8A81-BFCAA376FBB3} - System32\Tasks\OMEN Command Center BackGround Process => C:\Program Files\HP\OMEN Ally\HPOMENBG.exe (No File)
Task: {A2AAC01A-8AD3-4F3C-97EB-3D9C78B7457E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A34078CC-AF56-4EF5-A71E-C3C3571BC226} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-12] (Google Inc -> Google Inc.)
Task: {B366EDE1-AD7E-48FA-87CF-0817E8FEEF5A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {BCF02DEF-F2EE-4FBC-A83B-B7EFAF0B844C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-12] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A8AF30D9-6B50-490F-BC9B-4C9A5C379417}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\885fjc2b.Default User [2022-04-06]
FF Homepage: Mozilla\Firefox\Profiles\885fjc2b.Default User -> www.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\885fjc2b.Default User\Extensions\[email protected] [2022-04-06]
FF Extension: (uBlock Origin) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\885fjc2b.Default User\Extensions\[email protected] [2022-04-06]
FF Extension: (NoScript) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\885fjc2b.Default User\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-04-06]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\885fjc2b.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-04-06]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2021-12-28]
CHR Extension: (Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-12]
CHR Extension: (Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-12]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-01]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-12]
CHR Extension: (Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-01]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-28]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-06-07] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2022-02-13] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-05] (Malwarebytes Inc -> Malwarebytes)
R2 MOTU_ZeroConf; C:\Program Files (x86)\MOTU\motuDNSResponder.exe [391472 2015-07-14] (Mark of the Unicorn -> MOTU Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare UniConverter\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-05] (Malwarebytes Inc -> Malwarebytes)
S3 MFWAMIDI64; C:\WINDOWS\system32\drivers\MFWAMIDI64.sys [34576 2015-07-14] (Mark of the Unicorn -> Mark of the Unicorn)
S3 MFWAWAVE64; C:\WINDOWS\system32\drivers\MFWAWAVE64.sys [84752 2015-07-14] (Mark of the Unicorn -> Mark of the Unicorn)
R3 motubus; C:\WINDOWS\system32\drivers\MotuBus64.sys [32016 2015-07-14] (Mark of the Unicorn -> Mark of the Unicorn)
S3 MotuFWA64; C:\WINDOWS\system32\drivers\Motufwa64.sys [656144 2015-07-14] (Mark of the Unicorn -> Mark of the Unicorn)
R3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [129960 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [36946840 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [31744 2020-06-17] (Windows ® Win 7 DDK provider) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-06 01:16 - 2022-04-06 22:36 - 000014249 _____ C:\Users\Matt\Desktop\FRST.txt
2022-04-06 01:16 - 2022-04-06 22:20 - 000048022 _____ C:\Users\Matt\Desktop\Addition.txt
2022-04-05 23:53 - 2022-04-05 23:53 - 000000000 ____D C:\Users\Matt\Downloads\FRST-OlderVersion
2022-04-05 23:52 - 2022-04-06 22:36 - 000000000 ____D C:\FRST
2022-04-05 23:52 - 2022-04-05 23:53 - 002365440 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2022-04-05 23:30 - 2022-04-05 23:30 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-05 23:30 - 2022-04-05 23:30 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-05 23:30 - 2022-04-05 23:30 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-05 23:29 - 2022-04-05 23:29 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-04-05 23:29 - 2022-04-05 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-05 19:56 - 2022-04-05 20:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-17 20:56 - 2022-04-06 18:56 - 000000000 ____D C:\Users\Matt\AppData\Local\Battle.net
2022-03-17 20:56 - 2022-03-17 21:00 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Battle.net
2022-03-17 20:55 - 2022-04-04 19:41 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-03-17 20:55 - 2022-03-17 20:55 - 000000932 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-03-17 20:55 - 2022-03-17 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-06 22:29 - 2016-11-17 23:49 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Mozilla
2022-04-06 22:26 - 2015-10-05 23:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-04-06 22:25 - 2016-03-22 15:54 - 000003594 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-7044521-2876628912-3050056458-1001
2022-04-06 22:19 - 2016-03-22 16:59 - 000000000 ____D C:\Program Files (x86)\Steam
2022-04-06 22:17 - 2018-05-18 19:47 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-06 22:14 - 2016-07-19 22:57 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2022-04-06 22:00 - 2022-02-09 19:29 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-06 21:20 - 2017-07-06 20:20 - 000000000 ____D C:\Users\Matt\AppData\Roaming\discord
2022-04-06 20:37 - 2017-07-06 20:20 - 000000000 ____D C:\Users\Matt\AppData\Local\Discord
2022-04-06 18:34 - 2015-10-05 23:40 - 000000000 __RDO C:\Users\Matt\SkyDrive
2022-04-06 18:30 - 2016-03-22 15:49 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-06 18:10 - 2016-05-13 23:36 - 000000000 ____D C:\ProgramData\Skype
2022-04-06 02:00 - 2016-04-05 01:22 - 000000000 ____D C:\Users\Matt\AppData\Local\Adobe
2022-04-06 01:29 - 2021-10-09 20:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-05 23:29 - 2017-11-02 19:22 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-05 20:16 - 2016-03-22 15:47 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-05 20:16 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2022-04-05 20:15 - 2018-05-20 19:39 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-05 20:15 - 2018-05-20 19:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-05 20:10 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-04 18:34 - 2018-12-12 16:25 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-04 18:23 - 2015-10-09 09:14 - 002491904 ___SH C:\Users\Matt\Desktop\Thumbs.db
2022-04-03 22:15 - 2015-10-06 13:07 - 010582016 ___SH C:\Users\Matt\Downloads\Thumbs.db
2022-04-03 00:10 - 2016-03-25 20:37 - 000000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2022-03-31 22:30 - 2013-08-22 09:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-31 00:10 - 2016-03-22 15:41 - 000000000 ____D C:\Users\Matt
2022-03-29 19:34 - 2017-08-06 16:43 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2022-03-16 20:32 - 2020-08-02 20:01 - 000001188 _____ C:\Users\Public\Desktop\paint.net.lnk
2022-03-16 20:32 - 2016-04-26 18:13 - 000001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2022-03-16 20:32 - 2016-04-26 18:13 - 000000000 ____D C:\Program Files\paint.net
2022-03-09 21:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2022-03-09 00:22 - 2013-08-22 10:44 - 000364760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-09 00:13 - 2016-03-24 21:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-09 00:13 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2022-03-09 00:09 - 2016-03-24 21:30 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-09 00:09 - 2013-08-22 11:20 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-04-06 00:31
==================== End of FRST.txt ========================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Matt (06-04-2022 22:36:52)
Running from C:\Users\Matt\Desktop
Microsoft Windows 8.1 Pro (Update) (X64) (2016-03-22 19:43:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-7044521-2876628912-3050056458-500 - Administrator - Disabled)
Guest (S-1-5-21-7044521-2876628912-3050056458-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-7044521-2876628912-3050056458-1003 - Limited - Enabled)
Matt (S-1-5-21-7044521-2876628912-3050056458-1001 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
AVS Video Editor 7.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.1.2.262 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Botanicula (HKLM-x32\...\1207659024_is1) (Version: 2.1.0.10 - GOG.com)
Burning Crusade Classic (HKLM-x32\...\Burning Crusade Classic) (Version:  - Blizzard Entertainment)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Easy GIF Animator 7.3 (HKLM-x32\...\Easy GIF Animator_is1) (Version: 7.0 - Karlis Blumentals)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: 1.1.2 - RePack by R.G. Enginegames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Gunpoint (HKLM-x32\...\Gunpoint_is1) (Version:  - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel XTU SDK (HKLM-x32\...\{43A58350-CB99-4F4E-9BB6-F058D7B27985}) (Version: 1.0.7 - HP Inc.) Hidden
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MOTU Hardware (HKLM\...\{E45DD703-F7E6-4C4E-85CB-42208A41E222}) (Version: 4.0.6.6814 - MOTU)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0 (x64 en-US)) (Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
NVIDIA Graphics Driver 473.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 473.04 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 473.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 473.04 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
paint.net (HKLM\...\{E56D2CED-CCAE-4902-A559-17B452752DA5}) (Version: 4.3.10 - dotPDN LLC)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlanetSide 2 (HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
Plants vs Zombies (HKLM\...\{1E4E9CEB-AF32-4C7C-BEFB-CB3EAC11FE38}_is1) (Version: 1.0.0.1051 - PopcapGames)
Samorost 3 (HKLM\...\c2Ftb3Jvc3Qz_is1) (Version: 1 - )
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warcraft: Orcs & Humans (HKLM-x32\...\1706049527_is1) (Version: 1.2 - GOG.com)
Wasteland 2: Director's Cut (HKLM-x32\...\Wasteland 2: Director's Cut_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version:  - Blizzard Entertainment)
World of Warcraft Classic PTR (HKLM-x32\...\World of Warcraft Classic PTR) (Version:  - Blizzard Entertainment)
WowUp 2.6.2 (HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\b31ca559-50e4-54d8-a458-330e72a28314) (Version: 2.6.2 - Jliddev)

Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-10-07] (Microsoft Corporation) [MS Ad]
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2015-11-19] (Hewlett-Packard Company)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-10-07] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-10-07] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-10-07] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-22] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-10-07] (Microsoft Corporation) [MS Ad]
Quick WebCam -> C:\Program Files\WindowsApps\24957MrSumit.QuickWebCam_1.1.0.0_neutral__5qwdbxr1dyzba [2015-12-03] (MrSumit)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-10-07] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-06] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-7044521-2876628912-3050056458-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Matt\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2022-01-17] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-05] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-03-22 16:56 - 2015-12-31 10:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-7044521-2876628912-3050056458-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-7044521-2876628912-3050056458-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Plants vs Zombies.lnk"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-7044521-2876628912-3050056458-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AE7B182A-3902-4A74-B717-A2C9552C6368}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{2B9D9558-92DD-48C6-A22D-F49A5C40AE6E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FA273A95-0330-4239-9BC4-8A61F4618DEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D2C7F2A5-138A-41B2-B4DC-DBBE9243A421}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{0CC7E4EA-3B1D-4EBF-A970-9CC30A07DCAE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{B8B51510-149D-42DF-9FA1-D0177F1C9B8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{D27B8BC2-4CB8-4B91-9ECE-7DA116DF477E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{8A15E1D4-D54F-4EB8-9223-14A1187DADFB}] => (Allow) C:\Users\Matt\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{B4CB17A0-EDF0-4AE1-B70F-4A0886F4D804}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31FDE656-6AD5-4A37-ACB2-5240E6A12698}] => (Allow) LPort=2869
FirewallRules: [{E01250AF-1B31-432C-BB46-B4D02D96D7DD}] => (Allow) LPort=1900
FirewallRules: [{95959BB6-BCF7-442D-9291-196008A65190}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{33816738-BFC7-43D8-8E67-6F90E9096D2A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{EC57EA71-82C4-44EF-B411-F0EEC61BC4B4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{5327E677-30E2-419D-A037-D129B0C5E6A5}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe => No File
FirewallRules: [{BD7B2937-4142-43C7-B854-A8C9739CB0DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe => No File
FirewallRules: [{4FADEDAD-F4F5-46B3-8E25-0BD02CFFB705}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll => No File
FirewallRules: [{054BC85D-3F7E-4CE1-B3F3-43A8BFA72156}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll => No File
FirewallRules: [{FD04241A-4500-44BD-BF5A-23028A2AC3F1}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll => No File
FirewallRules: [{5F3EFAE3-9D48-46CC-9D31-8379D27A3B8D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll => No File
FirewallRules: [{33F58D81-6F09-4E7C-A50C-69938D141B33}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll => No File
FirewallRules: [{1343C614-5F77-45E0-9F8F-678886DEE0CD}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll => No File
FirewallRules: [{3A7F8950-6C83-41B8-AA34-680025A239FD}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll => No File
FirewallRules: [{F606DB4A-2548-45F7-B81E-38A434B43DC1}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll => No File
FirewallRules: [{ECEE1120-50ED-44DD-8699-2EEEB5EB3663}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll => No File
FirewallRules: [{46349752-A5B9-4ABD-9C42-E0CD5F1FB6DE}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll => No File
FirewallRules: [{4C10E3FF-1B06-4544-803D-BDBF0AB3750C}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll => No File
FirewallRules: [{6E0460E2-C3BC-4CE2-A154-DA3563C9B4BC}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll => No File
FirewallRules: [{F46FCC1B-7211-4CEB-B860-9DDBD1EB819D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe => No File
FirewallRules: [{15192DF1-562E-4508-ADE4-796B1B0984F1}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe => No File
FirewallRules: [{E4BF12C8-080B-488E-8B2B-3ED55135629C}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jbp.exe => No File
FirewallRules: [{71020E16-54A0-4A22-AA3F-EB7B333E8B92}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jbp.exe => No File
FirewallRules: [{50BC14DC-EAC7-4224-886F-D2C1A3028DB8}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jwmpp.exe => No File
FirewallRules: [{9096560F-804C-41ED-AF71-95BF6EECDE71}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jwmpp.exe => No File
FirewallRules: [{F2EACF6E-8326-4A41-B566-B73F9F8F2DE8}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\ffmpeg.exe => No File
FirewallRules: [{CFA4E3B1-4237-465E-91CA-1B65A25EBDB4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\ffmpeg.exe => No File
FirewallRules: [{23457C23-E75A-40D6-8B67-88FA7DA2DFA5}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\aria2c.exe => No File
FirewallRules: [{64B6E2D6-11C4-4758-845D-A5D92B0C0534}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\aria2c.exe => No File
FirewallRules: [{E576711B-FD58-4F88-8A99-C28C69CFC4CE}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\qtCopy.exe => No File
FirewallRules: [{7A949F09-EB94-4BDF-ACE2-842C71DE5ACE}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\qtCopy.exe => No File
FirewallRules: [TCP Query User{4E9223CE-C2EC-412B-A38B-9D76BD669E75}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{4CDDCB38-359E-447F-ACF2-E9BFA1232153}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{4F04EF24-7AF9-4CE7-BAA8-0A1A9821CC97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe => No File
FirewallRules: [{E7A6CB62-8583-4E27-B7CD-0A9996EE296D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe => No File
FirewallRules: [{FE2B8311-5EEB-4476-87F4-16F058F7270E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe () [File not signed]
FirewallRules: [{B07F5DA2-7242-4BF8-8C5A-8E6AB2078C45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe () [File not signed]
FirewallRules: [{11BF6DC4-103E-40C1-8884-9482377EBFD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{DA301AC0-55B2-48AF-9E82-E9AF3274CECC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{00C7DC40-B2D4-49D1-83AC-2E9354D46616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroine's Quest\Heroine's Quest.exe (Crystal Shard) [File not signed]
FirewallRules: [{959589D4-E33A-42D8-BAF9-6C6402C0BAB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroine's Quest\Heroine's Quest.exe (Crystal Shard) [File not signed]
FirewallRules: [{35F05ADC-90ED-45F6-9C6B-20CC16400492}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D3A03BED-0D19-4E99-8F94-B844428D8E1E}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{55CFD32D-BC66-4AAC-B9FF-E185E80894BE}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0C801EAE-17FC-4A52-9BFB-42D3E6374C80}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{205888E3-AEA4-43F5-8A16-43AA2574B4EB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2398FAE5-9A10-4308-89B9-197C792B1C29}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe => No File
FirewallRules: [{7B40BFEC-8ADF-43E9-8343-58FA1B0FF20D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe => No File
FirewallRules: [{75418078-5664-406E-B9D9-49C0F6EB0A7B}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe => No File
FirewallRules: [{086FA933-D85C-4FC8-8827-071B4DBBF6FF}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe => No File
FirewallRules: [{9C658CDC-FC8C-4544-89E8-8E16E130275A}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\Streaming-Video-Recorder.exe => No File
FirewallRules: [{57B43203-940B-49A7-9D06-896F551502BC}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\StreamingVideoRecorder.exe => No File
FirewallRules: [{B5C15B38-EF18-4BDF-A43B-5F345DF0F30B}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll => No File
FirewallRules: [{F25FEDD6-5759-4D6F-B635-37EE6AF8EF83}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll => No File
FirewallRules: [{DBE642B6-A10C-446A-B0F7-A31069528A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{7B285FEE-DC7A-49CC-BA1C-84E9F1AD6DB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [TCP Query User{EF0AC2D2-6A60-4274-ACEF-75EDD08DF054}C:\users\matt\desktop\oxygen.not.included.v221697\oxygennotincluded.exe] => (Allow) C:\users\matt\desktop\oxygen.not.included.v221697\oxygennotincluded.exe () [File not signed]
FirewallRules: [UDP Query User{48BB97A0-A5EC-4343-9A59-CE2F9384929B}C:\users\matt\desktop\oxygen.not.included.v221697\oxygennotincluded.exe] => (Allow) C:\users\matt\desktop\oxygen.not.included.v221697\oxygennotincluded.exe () [File not signed]
FirewallRules: [{0EB881DE-3537-4B0F-9360-C82FE6482603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{F2960566-FC66-46B5-89B0-0C39A1FBFA69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{6F01E352-C043-49E7-9328-F539333D97BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D5AAAA35-3682-4B60-8465-9A4C3B91033C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [TCP Query User{686BEFC0-F0AE-41EA-912D-BA8C2F8E5EB2}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [UDP Query User{DBC28D45-8CBF-415B-999F-43AB5392A63F}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [{9E57E536-FB60-4DB9-BC39-E07E7071C8A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0E1CF6D3-01E1-4842-9AF5-83B8D70C4E26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{0130FAAE-7B3E-439F-B6D0-F2ADBD816498}C:\users\matt\appdata\roaming\bittorrent\updates\7.10.4_44847.exe] => (Allow) C:\users\matt\appdata\roaming\bittorrent\updates\7.10.4_44847.exe => No File
FirewallRules: [UDP Query User{DA3F2386-331E-493E-8FF0-9672B54FB634}C:\users\matt\appdata\roaming\bittorrent\updates\7.10.4_44847.exe] => (Allow) C:\users\matt\appdata\roaming\bittorrent\updates\7.10.4_44847.exe => No File
FirewallRules: [TCP Query User{FEB0E8C2-A9F1-41D8-880E-60C8857B0082}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{5A68F43C-FFB4-488B-8DFF-0B8C13CF0D92}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{34A478FF-4AA7-4B49-8BC8-48E74844A8FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pilgrims\Pilgrims.exe () [File not signed]
FirewallRules: [{926BBA7F-25D2-4AA0-887D-A87E814E6DBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pilgrims\Pilgrims.exe () [File not signed]
FirewallRules: [TCP Query User{6FBD07F1-3EE9-4111-BE21-CE8A40C8A619}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{7E44C863-0451-4DBA-97E9-00C8553820D4}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{58ECBDEF-A4C2-4A05-9158-95986AD0E8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{84CF9FE1-1F89-477E-8A69-7DF54D5F9134}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [TCP Query User{3B9F50D0-3F26-4560-82DD-CA94DF69A2B8}G:\games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) G:\games\warcraft iii\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{1DA31824-5BDC-4716-95DA-BCAB4B7CE46C}G:\games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) G:\games\warcraft iii\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [{34B83453-FBF5-449B-B7C3-ACF3A55FE94E}] => (Allow) G:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{22E02904-74F2-4DD6-8CDA-08B407343492}] => (Allow) G:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{10725A3A-D4AB-4F4B-9061-269018C56972}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{0757B923-8638-42D0-A10B-18036229AFE6}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{857A1438-EF1D-45D1-86F5-03B9B83BB35E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{9F3E9FEF-57F9-4E2C-9FAE-48177511DE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{3EFEEB4A-5820-46AB-8C78-E0BAD7ED4FEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stoneshard Prologue\Stoneshard Prologue.exe () [File not signed]
FirewallRules: [{4CEA0DF6-9C7B-493A-8878-BBB6C7A5F3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stoneshard Prologue\Stoneshard Prologue.exe () [File not signed]
FirewallRules: [{DC790496-1642-4BE9-AD4A-190624213578}] => (Allow) G:\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{EB857D74-60A1-4318-9B9F-F0670103F0D7}] => (Allow) G:\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{5B17009B-C58F-4C01-87FC-FB227D4A79BB}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{104C59BA-C89D-44A5-B462-C7F63F4EE01D}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{1E917D26-2B9A-48DE-B104-8FE9ACF141A2}C:\users\matt\downloads\man of the house v1.0.2c (extra)\man of the house.exe] => (Allow) C:\users\matt\downloads\man of the house v1.0.2c (extra)\man of the house.exe => No File
FirewallRules: [UDP Query User{6B6F8E67-BA8D-4897-9BAD-1206D3CC50B2}C:\users\matt\downloads\man of the house v1.0.2c (extra)\man of the house.exe] => (Allow) C:\users\matt\downloads\man of the house v1.0.2c (extra)\man of the house.exe => No File
FirewallRules: [TCP Query User{F45B6237-02C3-4248-A086-CA595FB28642}G:\sss games\man of the house v1.0.2c (extra)\man of the house.exe] => (Allow) G:\sss games\man of the house v1.0.2c (extra)\man of the house.exe () [File not signed]
FirewallRules: [UDP Query User{CD45FAC1-5B87-4E5D-A312-CF84A5DFA42E}G:\sss games\man of the house v1.0.2c (extra)\man of the house.exe] => (Allow) G:\sss games\man of the house v1.0.2c (extra)\man of the house.exe () [File not signed]
FirewallRules: [{C4FB1B42-4ACE-45F6-9D18-9D1F786AA00E}] => (Allow) G:\Steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{64AFE5C7-8E58-463D-83B3-628B85BC823C}] => (Allow) G:\Steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{D5DD3188-D14F-47F0-8AB8-4B274BA2D5B7}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{E84EDBAE-947F-46F0-9657-6C29E96D93DD}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{F9907F14-23A6-41A9-8379-D08B528CAA7B}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{C9C57918-3072-478A-8B93-3EB922096D99}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{98C361C7-FB8D-4A1E-B61F-141A359EAB31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-03-2022 22:43:41 Scheduled Checkpoint
06-04-2022 18:09:21 Removed Skype™ 7.40

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/06/2022 06:39:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 824

Start Time: 01d84a0661d2ff72

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 572d6a11-b5fa-11ec-836a-8c89a5136da5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/06/2022 06:33:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/06/2022 06:33:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (04/06/2022 06:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/06/2022 05:46:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/05/2022 09:54:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/05/2022 09:54:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (04/05/2022 09:52:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WowClassic.exe version 2.5.4.42940 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17a4

Start Time: 01d8495575d096e4

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\World of Warcraft\_classic_\WowClassic.exe

Report Id: 2fdd0cdf-b54c-11ec-836a-8c89a5136da5

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/06/2022 10:41:07 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/06/2022 10:39:07 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.

Error: (04/06/2022 10:20:21 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/06/2022 10:18:21 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.

Error: (04/06/2022 10:05:56 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/06/2022 10:03:56 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.

Error: (04/06/2022 06:30:13 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (04/06/2022 06:28:13 PM) (Source: DCOM) (EventID: 10010) (User: MATT-PC)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-04-04 23:44:30.022
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-04 00:50:13.479
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-04 00:22:57.341
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-03 20:54:43.440
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-04-03 20:27:54.322
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-01-31 19:13:52.256
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.355.2792.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-01-31 19:13:52.200
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.355.2792.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-01-31 19:13:52.102
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.355.2792.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-10-14 19:00:37.909
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.351.366.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-10-14 19:00:37.908
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.351.366.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18600.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.11 04/14/2011
Motherboard: MSI P67S-C43 (MS-7673)
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 28%
Total physical RAM: 8164.42 MB
Available physical RAM: 5869.73 MB
Total Virtual: 9636.42 MB
Available Virtual: 6120.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.75 GB) (Free:77.28 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:139.51 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:490.33 GB) NTFS

\\?\Volume{839f44a4-6bc2-11e5-824c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 5F86D235)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A88F9E55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 07 April 2022 - 12:55 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.
 
There are signs related to your Windows activation. Do you have a valid licensed copy of Windows?
 
Let's check that out first.

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

  • 0

#3
wickkidda
Posted 07 April 2022 - 05:14 PM

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 129 posts

I don't have a valid copy of windows on this old hunk of junk but I've been using it like this for a very long time and it didn't have this problem until now.

 


asdf.jpg


  • 0

#4
DR M
Posted 07 April 2022 - 11:46 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Yes...

 

Unfortunately, the key is based on a KMS licence. These keys are not-for-resale. They are issued by organizations for use on client computers associated in some way with the organization. 

 

Have in mind that we don't provide help if the operating system is not legally activated, with either OEM or Retail license. A not activated system consists a security risk, and it will give you many issues, now or in the future. Making the long story short, it is a waste of time to clean a not activated operating system, since soon or later it will have issues. 

 

If you decide to activate your Windows with a genuine Retail licence, we are here to help you. Otherwise, I'm afraid that this can't be done. 


  • 0

#5
DR M
Posted 10 April 2022 - 02:25 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Since we can't provide any further assistance, I am colsing this topic. 

 

wickkidda, if you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP