Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups claiming different infections [Solved]

Pop ups

  • This topic is locked This topic is locked

#1
homeworks67

homeworks67

    Member

  • Member
  • PipPip
  • 38 posts

Hi,

I have pop ups claiming different viruses and in order to clean, press here. No two are alike. On the bottom of these pop ups is: "re-captha-version-3-290.buzz". I ran Malware bytes and 20  PUP.Optional files were quarantined but the issue still exists. I accidently hit one of the buttons and malware bytes stopped the action and said it was a malicious site "pshmetrk.com" . I'm not sure how I got the infection but my guess would be a malicious website. These things are annoying and I would appreciate any help. Thank you

 

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.07.2024
Ran by Craig Rioux (administrator) on DESKTOP-3200C37 (HP 510-p109) (14-07-2024 10:44:38)
Running from C:\Users\Craig Rioux\Desktop\FRST64.exe
Loaded Profiles: Craig Rioux
Platform: Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe ->) (BlackBerry Ltd. -> ) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe <2>
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe ->) (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(Discord Inc. -> Discord Inc.) C:\Users\Craig Rioux\AppData\Local\Discord\app-1.0.9153\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(explorer.exe ->) (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\WinTV10\WinTVTray.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (BlackBerry Ltd. -> Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(services.exe ->) (BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(services.exe ->) (BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [427416 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2015-05-04] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [868328 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Run: [Discord] => C:\Users\Craig Rioux\AppData\Local\Discord\Update.exe [1525032 2022-08-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Run: [MicrosoftEdgeAutoLaunch_EF83EE16BAE97F63DC6F10DC8E6EF19B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [70024624 2024-07-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Uninstall 24.116.0609.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\24.116.0609.0005" [0 2024-07-12] () <==== ATTENTION [zero byte File/Folder]
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX470 series: C:\WINDOWS\system32\CNCALC2.DLL [303104 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP495 series: C:\WINDOWS\system32\CNMLMA9.DLL [361472 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series: C:\WINDOWS\system32\CNMLMC2.DLL [391168 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [360448 2013-09-11] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-26] (Google LLC -> Google LLC)
Startup: C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-08-17]
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\launcher.vbs () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2016-08-17]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2023-02-19]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV10\WinTVTray.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DF3BB107-5CF3-4141-AFD6-CF43F4E9AC35} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {00163458-8114-4533-A0A5-C40F152985B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {8CCC6F0A-B2D5-4DAA-B191-4C0BA1B699A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {CD448FE2-3292-400A-8409-7DCBA4CDDE1A} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [5094808 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {F0AA2C03-9DD2-4F7E-8AE5-110FC85D5A71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe  -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {1A266D2C-6E2C-4F71-AAFA-4F040B41BE07} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {DDF56556-F156-4617-854E-F3D3F36CA220} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {D9CECBD0-A2D7-4DB1-B145-C385706EF15E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AF122944-D80B-429C-BE2B-A83B0D6672CD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E9B8867C-F6BC-48E5-8764-D2E0EEFF6911} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{C4463791-D7AE-4817-835A-6B9E768D2D47} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {C0D8CAB8-B421-4B35-A83A-1BCA93F63450} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-06-26] (HP Inc. -> HP Inc.)
Task: {B9239978-8549-4704-88A3-EDB5FBE36A75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  -> C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\/f
Task: {E883CA79-0260-48BD-AF73-CA83FA0FC757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-06-26] (HP Inc. -> HP Inc.)
Task: {5FF7B298-117C-4B18-BC45-5010F593531C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {6C80F735-4713-4C20-BF6C-4960023E6447} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310832 2024-06-26] (HP Inc. -> HP Inc.)
Task: {5563B98D-7071-40F3-A6F9-8F7122AE90D4} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316456 2024-06-26] (HP Inc. -> )
Task: {46EC34C2-A6CC-4C8D-932E-2D548A031C2D} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {7B640D70-064B-4150-9E2B-E6F3C754A511} - System32\Tasks\HPDAS => C:\Program  -> Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Task: {3ED78EBE-2A0C-4544-ABEB-3FA962097C09} - System32\Tasks\HPJumpStartProvider => "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe"  (No File)
Task: {F2458C2C-8E04-4E10-8D0A-9C1BD5A67B35} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {211339A8-2F82-4090-9404-19AABBA3C197} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA55C23-BD54-4719-AE46-8BF65C3932DD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A27777B9-5CB4-4C84-8448-0DED138FD221} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD21F32E-0D0C-4E2D-8B2A-71F0747AEA0A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [342136 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B91343F-550A-4F45-A96D-F8453AC95422} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {04A16C5F-DA24-4148-BDE9-58908112294F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-07-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3b475ba3-9e24-4535-9ac0-24564d1f1167}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3b475ba3-9e24-4535-9ac0-24564d1f1167}: [DhcpDomain] phub.net.cable.rogers.com
Tcpip\..\Interfaces\{7c873f94-926d-4b39-8b75-15f9308a7473}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{7c873f94-926d-4b39-8b75-15f9308a7473}: [DhcpDomain] phub.net.cable.rogers.com
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,10.0.0.115,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,169.254.244.137,1]
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-14]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-07-12]
Edge Extension: (Google Docs Offline) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] (Research In Motion -> )
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] (WildTangent Inc -> )
 
Chrome: 
=======
CHR Profile: C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default [2024-07-14]
CHR Notifications: Default -> hxxps://barrie360.com; hxxps://betafpv.com; hxxps://re-captha-version-3-290.buzz; hxxps://rock95.com; hxxps://store.dji.com; hxxps://www.banggood.com; hxxps://www.chess.com; hxxps://www.insta360.com
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxps://www.imdb.com/chart/boxoffice","hxxps://www.google.ca/?gws_rd=ssl"
CHR NewTab: Default ->  Not-active:"chrome-extension://ijpgjiobapjdadigoagamcmhmdfdggmg/index.html"
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-10]
CHR Extension: (Save to Pinterest) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-07-10]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-07-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-07-11]
CHR Extension: (OceanHero) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijpgjiobapjdadigoagamcmhmdfdggmg [2024-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-11]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-326621168-1673352180-3701679548-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-04-13] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [9052568 2024-07-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [766360 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1203608 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-26] (Avast Software s.r.o. -> AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2015-05-04] (BlackBerry Ltd. -> BlackBerry Limited)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent Inc -> WildTangent)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [622296 2023-02-10] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [928192 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [926760 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [922560 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [927680 2024-06-26] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [493544 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [26648 2016-05-23] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20544 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229952 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [380992 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292936 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84544 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28736 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [271944 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548928 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97856 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69184 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [942536 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1195992 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203736 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306648 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 hcw10bda; C:\WINDOWS\system32\drivers\hcw10bda.sys [1412144 2022-01-21] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.)
R2 hcw10cir; C:\WINDOWS\system32\drivers\hcw10cir.sys [65584 2022-01-21] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221264 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78928 2024-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-07-12] (Malwarebytes Inc. -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-15] (Microsoft Windows -> Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-14 10:44 - 2024-07-14 10:47 - 000037016 _____ C:\Users\Craig Rioux\Desktop\FRST.txt
2024-07-14 10:44 - 2024-07-14 10:44 - 000000000 ____D C:\Users\Craig Rioux\Desktop\FRST-OlderVersion
2024-07-14 10:43 - 2024-07-14 10:46 - 000000000 ____D C:\FRST
2024-07-12 01:05 - 2024-07-12 01:05 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-07-11 19:47 - 2024-07-14 10:49 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Malwarebytes
2024-07-11 19:47 - 2024-07-11 19:47 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-07-11 19:47 - 2024-07-11 19:47 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-07-11 19:46 - 2024-07-11 19:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-07-11 19:46 - 2024-07-11 19:46 - 000000000 ____D C:\Program Files\Malwarebytes
2024-07-11 19:44 - 2024-07-11 19:44 - 002591728 _____ (Malwarebytes) C:\Users\Craig Rioux\Desktop\MBSetup.exe
2024-07-11 19:37 - 2024-07-14 10:43 - 002395648 _____ (Farbar) C:\Users\Craig Rioux\Desktop\FRST64.exe
2024-07-11 04:27 - 2024-07-11 04:27 - 000000000 ____D C:\WINDOWS\system32\compatrel
2024-07-11 03:48 - 2024-07-11 03:48 - 000021724 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-11 03:46 - 2024-07-11 03:46 - 000021724 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-11 03:01 - 2024-07-11 03:01 - 000000000 ___HD C:\$WinREAgent
2024-07-10 10:41 - 2024-07-10 10:40 - 000314776 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-07-06 10:22 - 2024-07-06 10:22 - 000000000 ____D C:\Users\Craig Rioux\Desktop\Emily's Camera
2024-06-22 23:18 - 2024-06-22 23:19 - 534920432 _____ (Arashi Vision Inc. ) C:\Users\Craig Rioux\Desktop\Insta360Studio_5.2.0(RC_build30)_20240612_172647_1718184906680.exe
2024-06-22 23:11 - 2024-06-22 23:11 - 023036116 _____ C:\Users\Craig Rioux\Desktop\Insta360 X3 User Manual.pdf
2024-06-16 15:19 - 2024-06-16 15:19 - 001182010 _____ C:\Users\Craig Rioux\Desktop\RMA.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-14 10:51 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-14 10:42 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-14 10:41 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-14 10:30 - 2021-01-22 17:20 - 000004178 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{9A962C9A-D658-41CD-93BC-B690BDCDF04B}
2024-07-14 10:13 - 2022-08-17 19:05 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Discord
2024-07-14 10:13 - 2020-11-22 01:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-14 08:45 - 2021-04-30 20:20 - 000000000 ____D C:\Users\Craig Rioux\AppData\Roaming\discord
2024-07-14 03:00 - 2023-02-19 19:19 - 000000000 ____D C:\ProgramData\Hauppauge
2024-07-13 17:21 - 2016-08-17 09:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-07-13 02:05 - 2016-08-17 09:15 - 000000000 ____D C:\Program Files\HP
2024-07-13 02:04 - 2020-11-22 01:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-07-12 20:53 - 2020-06-24 18:21 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-12 20:53 - 2020-06-24 18:21 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-12 01:59 - 2021-12-11 18:32 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-326621168-1673352180-3701679548-1001
2024-07-12 01:59 - 2020-11-22 01:48 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-326621168-1673352180-3701679548-1001
2024-07-12 01:59 - 2020-11-22 01:24 - 000002404 _____ C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-12 01:59 - 2017-01-02 19:08 - 000000000 ___RD C:\Users\Craig Rioux\OneDrive
2024-07-12 01:13 - 2018-07-18 10:42 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\CrashDumps
2024-07-12 01:10 - 2020-11-22 01:34 - 000934914 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-12 01:10 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-07-12 01:05 - 2017-01-07 17:11 - 000000000 ____D C:\ProgramData\AVAST Software
2024-07-12 01:03 - 2020-11-22 01:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-12 01:03 - 2020-11-22 01:18 - 000008192 ___SH C:\DumpStack.log.tmp
2024-07-12 01:02 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-07-12 01:02 - 2017-06-15 18:32 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-07-12 00:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-11 19:47 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-07-11 04:46 - 2021-04-30 20:20 - 000002280 _____ C:\Users\Craig Rioux\Desktop\Discord.lnk
2024-07-11 04:31 - 2020-11-22 01:19 - 000456504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-11 04:31 - 2016-08-17 09:17 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-07-11 04:31 - 2016-08-17 09:17 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-07-11 04:29 - 2016-08-17 11:15 - 000000000 ____D C:\ProgramData\Realtek
2024-07-11 04:27 - 2023-12-13 23:19 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-11 04:25 - 2020-11-22 01:24 - 000000000 ____D C:\Users\Craig Rioux
2024-07-11 03:46 - 2020-11-22 01:48 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-11 03:46 - 2020-11-22 01:48 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 03:45 - 2020-11-22 01:23 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-07-10 10:41 - 2020-11-22 01:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2024-07-10 10:41 - 2017-01-07 17:13 - 000942536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-07-10 10:40 - 2020-10-22 23:57 - 000271944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-07-10 10:40 - 2020-04-14 21:27 - 000548928 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-07-10 10:40 - 2019-01-14 09:43 - 000380992 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000292936 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000084544 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000020544 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-07-10 10:40 - 2018-10-09 12:53 - 000028736 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-07-10 10:40 - 2017-11-21 10:34 - 000229952 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 001195992 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000306648 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000097856 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000069184 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-07-10 07:23 - 2017-01-03 19:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-10 07:17 - 2017-01-03 19:09 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-07 16:09 - 2021-07-13 13:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-07-07 16:09 - 2020-11-22 01:48 - 000003462 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-07-07 16:09 - 2020-11-22 01:48 - 000003238 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-07-07 16:09 - 2020-11-22 01:48 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2024-07-07 16:09 - 2020-11-22 01:48 - 000002540 _____ C:\WINDOWS\system32\Tasks\HPDAS
2024-07-07 16:09 - 2020-11-22 01:48 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2024-07-07 16:09 - 2020-11-22 01:48 - 000002262 _____ C:\WINDOWS\system32\Tasks\DropboxOEM
2024-07-07 16:09 - 2020-11-22 01:48 - 000002252 _____ C:\WINDOWS\system32\Tasks\HPJumpStartProvider
2024-07-07 16:09 - 2020-11-22 01:48 - 000002146 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-06-28 21:31 - 2017-12-14 20:47 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Packages
2024-06-28 19:05 - 2022-10-12 20:39 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-28 19:05 - 2022-10-12 20:39 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-06-26 15:55 - 2021-12-16 00:49 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-26 15:55 - 2017-01-02 19:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-26 15:55 - 2017-01-02 19:19 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories ========
 
2017-01-02 19:05 - 2024-07-14 10:13 - 025928417 _____ () C:\Users\Craig Rioux\AppData\Local\BTServer.log
2019-02-04 21:26 - 2019-02-04 21:26 - 000007628 _____ () C:\Users\Craig Rioux\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.07.2024
Ran by Craig Rioux (14-07-2024 10:53:15)
Running from C:\Users\Craig Rioux\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) (2020-11-22 05:50:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-326621168-1673352180-3701679548-500 - Administrator - Disabled)
Craig Rioux (S-1-5-21-326621168-1673352180-3701679548-1001 - Administrator - Enabled) => C:\Users\Craig Rioux
DefaultAccount (S-1-5-21-326621168-1673352180-3701679548-503 - Limited - Disabled)
Guest (S-1-5-21-326621168-1673352180-3701679548-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-326621168-1673352180-3701679548-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-7be673e1-b37a-4c38-bc23-2376669664e4) (Version: 3.0.2.118 - WildTangent) Hidden
ACP Application (HKLM\...\{9C533925-D605-6414-1478-06214E47DDFA}) (Version: 2016.0412.2135.17 - Advanced Micro Devices, Inc.) Hidden
Adelantado Trilogy Book Three (HKLM-x32\...\WTA-0cd6eb9c-b006-48f9-9932-ce753a94bf44) (Version: 3.0.2.59 - WildTangent) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20895 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{7ABA79A8-D458-BE8B-6575-FB4A3F8FD766}) (Version: 9.0.000.2 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0712.153.1564 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.6.6121 - Avast Software)
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-811f2d61-87b0-40ac-9fa7-09ca2b25e68f) (Version: 3.0.2.51 - WildTangent) Hidden
BlackBerry 10 Desktop Software (HKLM-x32\...\{a0642dd3-1105-464b-84c8-caaf676c39c8}) (Version: 1.1.0.22 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.23 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.28 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
BlackBerry USB Driver (HKLM-x32\...\{51e38982-9005-48e1-aee8-cfa2f13b2446}) (Version: 5.0.0.2 - BlackBerry Limited)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.02 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.1.3008 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.911.1 - Dropbox, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.2.40336 - Hauppauge Computer Works, Inc)
Hauppauge WinTV v10 (HKLM-x32\...\Hauppauge WinTV v10) (Version: 10.0.41041 (SD) - Hauppauge Computer Works, Inc)
Home Makeover (HKLM-x32\...\WTA-75d76e39-26bc-4781-81d1-edadab9f6ae8) (Version: 3.0.2.59 - WildTangent) Hidden
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.90.0 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP ePrint SW (HKLM\...\{3C246BB4-8985-480D-8163-0E075A23AB04}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{7855A8A5-0B5B-41A9-AC8B-A50405FB72FE}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{7ADB025F-BFB1-480B-B3BF-B2FF8F115FB8}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{EFDACC2F-510D-4A1A-A988-196D58B4B915}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP ePrint SW (HKLM-x32\...\{E2A0A04B-C0A4-49F5-A496-4B93E1D0710D}) (Version: 5.0.18701 - HP) Hidden
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{52A6690A-A8F3-4EDC-8BA9-125FDD65337A}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-4f202f1d-a21b-44b4-bae8-a3fdc326aa6a) (Version: 3.0.2.59 - WildTangent) Hidden
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
MergeModule_x64 (HKLM\...\{8B591A6B-253E-4E62-B2A8-3668CDA0A907}) (Version: 11.0.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{51B45206-47B1-4B51-B46A-330B9156D6C1}) (Version: 11.0.00 - Sony Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17726.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\OneDriveSetup.exe) (Version: 24.126.0623.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 (HKLM\...\{B0B194F8-E0CE-33FE-AA11-636428A4B73D}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 (HKLM\...\{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506 (HKLM-x32\...\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506 (HKLM-x32\...\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
mIRC (HKLM-x32\...\mIRC) (Version: 7.75 - mIRC Co. Ltd.)
MSVCRT Redists (HKLM\...\{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}) (Version: 1.0 - Sony Creative Software Inc.) Hidden
Mystika 2 (HKLM-x32\...\WTA-31df7aeb-dde7-4889-899d-9ede75d0305d) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{AEB04E0E-0A28-4014-A96A-282E43B7227B}) (Version: 6.0.00.12211 - Sony Corporation)
Plugable Digital Viewer (HKLM-x32\...\Plugable Technologies Plugable Digital Viewer) (Version: 3.1.07 - Plugable Technologies)
PMB_ModeEditor (HKLM-x32\...\{F8063714-BD75-42DC-8FAA-D0E1EED92519}) (Version: 11.0.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{CF081855-ED80-445A-BF63-025584939230}) (Version: 11.0.00 - Sony Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-bac15710-23f8-4022-814b-713d56787e65) (Version: 3.0.2.59 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.53 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.8.311.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.72 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-1ec7b32e-f72f-4ba3-8d0b-a71d4c075d17) (Version: 3.0.2.126 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-ad2c78fe-8e96-42ac-a91f-eee17520ca66) (Version: 1.1.2.4 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
USB Driver x64 (HKLM\...\{6D69CF0E-5928-4B91-9BBE-B0674E46C8D8}) (Version: 5.0.0.2 - BlackBerry Limited) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
 
Packages:
=========
 
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-17] ()
Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.57.0_x86__mdqgnx93n4wtt [2021-12-22] (Arduino LLC)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.272.400.0_x64__kgqvnymyfvs32 [2024-07-11] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Earth Day Living World 2020 -> C:\Program Files\WindowsApps\Microsoft.EarthDayLivingWorld2020_1.0.0.0_neutral__8wekyb3d8bbwe [2020-05-01] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-01-06] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.36.19.0_x64__v10z8vjag6ke6 [2024-07-13] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe [2024-06-24] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-17] (Microsoft Corporation)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.5.10.0_x64__kx24dqmazqk8j [2024-07-09] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0 [2024-07-04] (Spotify AB) [Startup Task]
The Weather Channel -> C:\Program Files\WindowsApps\Weather.TheWeatherChannel_2016.614.87.0_x64__t3yemqpq4kp7p [2017-04-05] (The Weather Channel.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation)
Wheel World Clock -> C:\Program Files\WindowsApps\55884DDLG.WheelWorldClock_2019.17763.65.0_x64__5pb0446f9f9xj [2019-03-05] (DDLG) [MS Ad]
XE Currency -> C:\Program Files\WindowsApps\XE.com.XECurrency_2.1.1.0_neutral__03yfs222qanwj [2022-02-16] (XE.com)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-326621168-1673352180-3701679548-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-12] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [251392 2014-10-19] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2014-10-19] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-03-19 13:22 - 2015-03-19 13:22 - 000094208 _____ () [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2023-02-19 20:37 - 2023-01-26 08:39 - 000025600 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-08-17 11:14 - 2016-05-13 04:40 - 000915968 _____ (AMD) [File not signed] C:\Program Files\Common Files\ATI Technologies\Multimedia\amf-wic-jpeg-decoder64.dll
2023-02-21 14:02 - 2013-08-02 09:43 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2023-02-21 14:02 - 2013-08-02 09:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2023-02-21 12:51 - 2017-07-05 14:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2023-02-21 12:51 - 2017-07-05 14:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2023-02-21 12:51 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2023-02-19 20:37 - 2023-02-10 10:43 - 000788480 _____ (Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\WinTV10\NativeMMS.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-326621168-1673352180-3701679548-1001 -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-06-26] (HP Inc. -> HP Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-06-26] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2019-01-05 15:08 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2018-10-23 18:03 - 2018-10-23 18:03 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{6BB5ECC7-6F39-4B8C-80E5-805ADD87E893}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{8D6B28F8-6707-4DDA-A240-3E0E942571DA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [{B5E301E8-B59F-4891-B2B1-7EFDABB4CBAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{73FE10C9-DF71-408E-8004-FA7B92397CB0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{01457524-DF6B-4AAA-B353-9796A50F0874}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{C2F42F3D-D85E-46A3-B703-C69181BC1973}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B5784C30-8C68-495A-8171-F40F28F0543B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{B8A2FBBE-D960-4414-97B9-76436989D51D}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{9C70BF87-7F68-40A6-9024-CD7729289154}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [{9951F32D-B292-4D06-85A3-432A1CCDE1DF}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{6D4BF4EF-347F-4260-A82E-DA7996F72B0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E1D137B-EA2F-4D14-80D5-9B5C348EC353}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8E4A8BEF-D2BB-4C3C-8CA3-4D84EE30066A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{952362E6-CC25-42C2-BC9C-9F57D468570E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46E5DD2A-64C4-40EE-8245-FCA782643526}] => (Allow) tunmgr.exe => No File
FirewallRules: [{93D1EEE1-EACA-4DB7-9827-69C21CA03553}] => (Allow) tunmgr.exe => No File
FirewallRules: [{466DC7C5-E671-4ACD-BF28-FA56B4F3B155}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{E824D758-49B8-4892-9DDC-17801FB3BEE3}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{955A2F8C-AC3D-48FC-825A-2B5011C25964}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{63991DD1-FAEB-4443-8440-7B2E2F8E45CE}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{F492FB58-F94C-41F2-9FE0-DD00396DCE46}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{F5892B60-BAA8-482B-8007-02B463D7E181}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [{F83C2050-9A72-4906-9879-A8E8B77AB00C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F98235DF-D38D-4E85-B5AD-F8E8928D6906}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F17DDF7-6066-4002-856C-912F39356D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A27360A-EB69-42A5-8D3E-E2C982558BE8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{190FEE51-6BB0-4D75-A13E-BA744F1BF3FD}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [TCP Query User{8A3D840D-6DAB-4389-B99F-FCAB7C2F05D3}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [UDP Query User{100375BE-662A-4153-9B55-7D5FE28C5818}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{8A5455CA-C1F4-4981-9011-4B57CB328BF3}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7B318211-3B54-4AE3-B17F-96DC2EC0DF7E}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [{D9975D5E-02FE-4FCE-B7E0-208C721E449C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{FC47E0AD-A03C-4188-96A0-EADE34452139}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{D46B776A-18AB-4FD9-9312-23BEB473C5DD}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{0E3A8E2C-33E1-4738-8997-BF615D888221}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{4F32323D-79A6-44B7-B02D-91B06360C3D3}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{F070B50F-2D16-4CC6-81EC-41F21D7AF6D3}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{F28C91C6-8C9D-4B58-925F-D00CE35961E9}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{A4934BCF-1AE7-40F4-A9DD-5A6AF2944BB4}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{60ADAE6F-F4A4-49C4-A249-89594BD40AEC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{B3560622-DEB1-4D7D-9ECA-FB2CDCAB4819}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{05429CAA-5039-4FEA-A53B-2093116100EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AE66CA21-2C00-484C-BD44-F23D3D6BFD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AED5AAF8-6B9C-40A0-9D4A-CCC2329ED808}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E690DD5C-8D8D-441D-8F83-D0A9DD9071BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EFDF16DC-F835-4419-A27F-BAE8DB615B6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{461ED8DB-0322-4078-8C81-21644C5263F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7F6848D6-853F-429C-B332-4F3A21ADDB49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9ABF192-7CE9-4DC3-B389-39A5BBDCACE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1C1A460D-E2C6-4F36-AC31-F989FDFB93EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A31B0276-B5EE-4B2F-AA0C-D622FA54ACCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{8384C8C8-E618-4611-966E-3EC93C28ED3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57F98FF9-C577-429E-91D5-844899E79560}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0D65CFFA-EF07-48CD-BE18-2AFFA1E6B511}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{243185FE-3E73-4DF1-9AB7-3B121A63C88E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{942F27F5-717B-4C7D-8BF4-4B4C0AF8E463}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0D133DB5-EF95-4D3F-9359-34A8CAE94321}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{207AB132-1815-4724-9BAF-4422AF5E08B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{16C4E428-EF41-4EF7-AE61-D224621B1696}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{537DE401-F425-48B3-9EA1-382C44B163FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B31E29D7-DF30-411F-8243-6C32B03F9BE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C046C3A2-6FB8-40A5-9E31-8E7EFB701C36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AE20657B-9976-4156-A08F-951AEDC10C3A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{73DEC2F6-6EF5-4650-96F5-85371FC4ADE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.241.434.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8D10A398-86AD-4146-8F9A-8181421343FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C217DCE-3656-4248-A95E-0AAC9B994CD9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4B4207E7-C403-41FB-930A-8B32B3D7B0A7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{47022DCC-420C-495E-9DFD-0A71D53220FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C46716A2-99DC-48D4-9328-F4FBD27F8AFF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.102\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
12-07-2024 00:28:38 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: AMD USB 3.1 eXtensible Host Controller - 1.10 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/14/2024 09:59:42 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_F11FCACC33AC7076_FEBDBF1FDB51BAA1._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (07/14/2024 09:59:11 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(Friendly_F11FCACC33AC7076_FEBDBF1FDB51BAA1._bp2p._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (07/14/2024 09:57:30 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: 1132: ERROR: read_msg errno 203 (The system could not find the environment option that was entered.)
 
Error: (07/14/2024 09:57:30 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (07/14/2024 09:57:00 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 A.7.4.1.B.C.4.2.2.2.9.A.6.2.A.B.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-3200C37.local.
 
Error: (07/14/2024 09:57:00 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:BA26:A922:24CB:147A:5353   25 A.7.4.1.B.C.4.2.2.2.9.A.6.2.A.B.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-3200C37-2.local.
 
Error: (07/14/2024 09:56:55 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-3200C37.local already in use; will try DESKTOP-3200C37-2.local instead
 
Error: (07/14/2024 09:56:55 AM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 DESKTOP-3200C37.local. AAAA FE80:0000:0000:0000:BA26:A922:24CB:147A
 
 
System errors:
=============
Error: (07/14/2024 09:57:19 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server microsoft.windowscommunicationsapps_16005.14326.21998.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server MicrosoftWindows.Client.CBS_1000.19060.1000.0_x64__cw5n1h2txyewy!WindowsBackup.AppX0rebzwn6am0h21d99kr6vpzwcvm6rap7.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server Microsoft.WindowsFeedbackHub_1.2405.21481.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server Microsoft.MicrosoftOfficeHub_18.2407.1052.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server Microsoft.Windows.Search_1.14.15.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX49we79s9ab0xp8xpjb6t6g31ep03r71y.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server Microsoft.Windows.Search_1.14.15.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI.AppXfbff151h5bmghg166fvn34ccayg70vts.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 06:54:00 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server AD2F1837.HPSupportAssistant_9.36.19.0_x64__v10z8vjag6ke6!AD2F1837.HPSupportAssistant.AppXnh1b2twym8n9380b6n50v24as5w5qk0n.mca did not register with DCOM within the required timeout.
 
Error: (07/14/2024 03:45:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Tools service.
 
 
CodeIntegrity:
===============
Date: 2024-07-14 10:57:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.03 08/10/2016
Motherboard: HP 822A
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G 
Percentage of memory in use: 50%
Total physical RAM: 15825.2 MB
Available physical RAM: 7859.47 MB
Total Virtual: 64977.2 MB
Available Virtual: 49696.73 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1849.76 GB) (Free:726.93 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:1.46 GB) (Model: ST2000DM001-1ER164) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{86f4610e-b3df-49bb-bd5f-7a5b007915e8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.33 GB) NTFS
\\?\Volume{86c2d2e8-babf-45fa-9a57-1f5057925c6f}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 868CD1E8)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts
Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure. 

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
  • 0

#3
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Please go ahead. You have my consent.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hi, homeworks67.
 
Let's begin.
 

1. A couple of questions

 

Did you intentionally set this startup page?

hxxps://www.imdb.com/chart/boxoffice

 

Are you aware of this Chrome extension?

OceanHero

 

 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{73FE10C9-DF71-408E-8004-FA7B92397CB0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{01457524-DF6B-4AAA-B353-9796A50F0874}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{9951F32D-B292-4D06-85A3-432A1CCDE1DF}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{46E5DD2A-64C4-40EE-8245-FCA782643526}] => (Allow) tunmgr.exe => No File
FirewallRules: [{93D1EEE1-EACA-4DB7-9827-69C21CA03553}] => (Allow) tunmgr.exe => No File
FirewallRules: [{466DC7C5-E671-4ACD-BF28-FA56B4F3B155}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{E824D758-49B8-4892-9DDC-17801FB3BEE3}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{190FEE51-6BB0-4D75-A13E-BA744F1BF3FD}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [UDP Query User{7B318211-3B54-4AE3-B17F-96DC2EC0DF7E}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [{05429CAA-5039-4FEA-A53B-2093116100EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AE66CA21-2C00-484C-BD44-F23D3D6BFD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AED5AAF8-6B9C-40A0-9D4A-CCC2329ED808}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E690DD5C-8D8D-441D-8F83-D0A9DD9071BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EFDF16DC-F835-4419-A27F-BAE8DB615B6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{461ED8DB-0322-4078-8C81-21644C5263F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7F6848D6-853F-429C-B332-4F3A21ADDB49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9ABF192-7CE9-4DC3-B389-39A5BBDCACE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1C1A460D-E2C6-4F36-AC31-F989FDFB93EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A31B0276-B5EE-4B2F-AA0C-D622FA54ACCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Uninstall 24.116.0609.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\24.116.0609.0005" [0 2024-07-12] () <==== ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {DF3BB107-5CF3-4141-AFD6-CF43F4E9AC35} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5FF7B298-117C-4B18-BC45-5010F593531C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {3ED78EBE-2A0C-4544-ABEB-3FA962097C09} - System32\Tasks\HPJumpStartProvider => "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe"  (No File)
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,10.0.0.115,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,169.254.244.137,1]
CHR Notifications: Default -> hxxps://barrie360.com; hxxps://betafpv.com; hxxps://re-captha-version-3-290.buzz; hxxps://rock95.com; hxxps://store.dji.com; hxxps://www.banggood.com; hxxps://www.chess.com; hxxps://www.insta360.com
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. Your reply to my questions in step 1
  2. The fixlog.txt

  • 0

#5
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hi,

yes to both.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Craig Rioux (16-07-2024 20:15:04) Run:1
Running from C:\Users\Craig Rioux\Desktop
Loaded Profiles: Craig Rioux
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{73FE10C9-DF71-408E-8004-FA7B92397CB0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{01457524-DF6B-4AAA-B353-9796A50F0874}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{9951F32D-B292-4D06-85A3-432A1CCDE1DF}] => (Allow) C:\Program
Files\CyberLink\PowerDirector14\PDR10.EXE => No File
FirewallRules: [{46E5DD2A-64C4-40EE-8245-FCA782643526}] => (Allow) tunmgr.exe => No File
FirewallRules: [{93D1EEE1-EACA-4DB7-9827-69C21CA03553}] => (Allow) tunmgr.exe => No File
FirewallRules: [{466DC7C5-E671-4ACD-BF28-FA56B4F3B155}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{E824D758-49B8-4892-9DDC-17801FB3BEE3}] => (Allow) mDNSResponder.exe => No File
FirewallRules: [{190FEE51-6BB0-4D75-A13E-BA744F1BF3FD}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [UDP Query User{7B318211-3B54-4AE3-B17F-96DC2EC0DF7E}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [{05429CAA-5039-4FEA-A53B-2093116100EB}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AE66CA21-2C00-484C-BD44-F23D3D6BFD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AED5AAF8-6B9C-40A0-9D4A-CCC2329ED808}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E690DD5C-8D8D-441D-8F83-D0A9DD9071BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EFDF16DC-F835-4419-A27F-BAE8DB615B6C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{461ED8DB-0322-4078-8C81-21644C5263F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe =>
No File
FirewallRules: [{7F6848D6-853F-429C-B332-4F3A21ADDB49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F9ABF192-7CE9-4DC3-B389-39A5BBDCACE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1C1A460D-E2C6-4F36-AC31-F989FDFB93EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A31B0276-B5EE-4B2F-AA0C-D622FA54ACCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction
on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\RunOnce: [Uninstall 24.116.0609.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Craig Rioux\AppData\Local\Microsoft\OneDrive\24.116.0609.0005" [0 2024-07-12] () <==== ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task:
{DF3BB107-5CF3-4141-AFD6-CF43F4E9AC35} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5FF7B298-117C-4B18-BC45-5010F593531C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {3ED78EBE-2A0C-4544-ABEB-3FA962097C09} - System32\Tasks\HPJumpStartProvider => "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe"  (No File)
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,10.0.0.115,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,169.254.244.137,1]
CHR Notifications: Default -> hxxps://barrie360.com; hxxps://betafpv.com; hxxps://re-captha-version-3-290.buzz; hxxps://rock95.com; hxxps://store.dji.com; hxxps://www.banggood.com; hxxps://www.chess.com; hxxps://www.insta360.com
S2 amdacpksd;
\??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73FE10C9-DF71-408E-8004-FA7B92397CB0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01457524-DF6B-4AAA-B353-9796A50F0874}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9951F32D-B292-4D06-85A3-432A1CCDE1DF}" => removed successfully
Files\CyberLink\PowerDirector14\PDR10.EXE => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46E5DD2A-64C4-40EE-8245-FCA782643526}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93D1EEE1-EACA-4DB7-9827-69C21CA03553}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{466DC7C5-E671-4ACD-BF28-FA56B4F3B155}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E824D758-49B8-4892-9DDC-17801FB3BEE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{190FEE51-6BB0-4D75-A13E-BA744F1BF3FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7B318211-3B54-4AE3-B17F-96DC2EC0DF7E}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05429CAA-5039-4FEA-A53B-2093116100EB}" => removed successfully
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE66CA21-2C00-484C-BD44-F23D3D6BFD79}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AED5AAF8-6B9C-40A0-9D4A-CCC2329ED808}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E690DD5C-8D8D-441D-8F83-D0A9DD9071BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFDF16DC-F835-4419-A27F-BAE8DB615B6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{461ED8DB-0322-4078-8C81-21644C5263F3}" => removed successfully
No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F6848D6-853F-429C-B332-4F3A21ADDB49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9ABF192-7CE9-4DC3-B389-39A5BBDCACE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C1A460D-E2C6-4F36-AC31-F989FDFB93EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A31B0276-B5EE-4B2F-AA0C-D622FA54ACCA}" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION => restored successfully
HKLM Group Policy restriction => Error: No automatic fix found for this entry.
on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 24.116.0609.0005" => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
Task: => Error: No automatic fix found for this entry.
{DF3BB107-5CF3-4141-AFD6-CF43F4E9AC35} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FF7B298-117C-4B18-BC45-5010F593531C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FF7B298-117C-4B18-BC45-5010F593531C}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3ED78EBE-2A0C-4544-ABEB-3FA962097C09}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ED78EBE-2A0C-4544-ABEB-3FA962097C09}" => removed successfully
C:\WINDOWS\System32\Tasks\HPJumpStartProvider => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartProvider" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\\169.254.0.0,255.255.0.0,10.0.0.115,1" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\\169.254.0.0,255.255.0.0,169.254.244.137,1" => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\amdacpksd => removed successfully
amdacpksd => service removed successfully
\??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2} => removed successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 845715342 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 174375969 B
Windows/system/drivers => 19699971 B
Edge => 0 B
Chrome => 1791098731 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6676 B
systemprofile32 => 6676 B
LocalService => 1676134 B
NetworkService => 1680298 B
Craig Rioux => 26319150822 B
 
RecycleBin => 2501910912 B
EmptyTemp: => 29.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:47:15 ====

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hello.
 
Moving on.


1. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.
 

 

In your next reply, please post:

  • The Malwarebytes report
  • The AdwCleaner[S0*].txt

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hi.

 

Are you still with me?


  • 0

#8
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hi, yes I'm still here. I was unable to get on computer last night. My apologies. I ran Malwarebytes prior to opening this thread and at that time it found 20 infected files all which were quarantined. This time it found none.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/17/2024
Scan Time: 10:27 PM
Log File: 46e1b378-44ad-11ef-bcd8-ec8eb5d8775f.json
 
-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1280
Update Package Version: 1.0.86938
License: Trial
 
-System Information-
OS: Windows 10 (Build 19045.4651)
CPU: x64
File System: NTFS
User: DESKTOP-3200C37\Craig Rioux
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298856
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 32 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-18-2024
# Duration: 00:00:20
# OS:       Windows 10 (Build 19045.4651)
# Scanned:  32105
# Detected: 62
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             MyStart Search
PUP.Optional.Legacy             MyStart Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH 
Preinstalled.HPAudioSwitch   Folder   C:\ProgramData\HP\HPAUDIOSWITCH 
Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46EC34C2-A6CC-4C8D-932E-2D548A031C2D}  
Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch 
Preinstalled.HPAudioSwitch   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPAudioSwitch 
Preinstalled.HPAudioSwitch   Task   C:\Windows\System32\Tasks\HPAUDIOSWITCH 
Preinstalled.HPJumpStartBridge   Folder   C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE 
Preinstalled.HPJumpStartBridge   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E} 
Preinstalled.HPJumpStartLaunch   Folder   C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH 
Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HP\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE 
Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} 
Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Craig Rioux\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A07AA35-BE9C-453F-A2F7-486E68B9DC69} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{52A6690A-A8F3-4EDC-8BA9-125FDD65337A} 
Preinstalled.HPSureConnect   Folder   C:\Program Files (x86)\HP INC\HP SURE CONNECT 
Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY 
Preinstalled.HPSureConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6} 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} 
Preinstalled.SonyPlayMemoriesHome   File   C:\Users\Public\Desktop\PlayMemories Home Help.lnk 
Preinstalled.SonyPlayMemoriesHome   File   C:\Users\Public\Desktop\PlayMemories Home.lnk 
Preinstalled.SonyPlayMemoriesHome   Folder   C:\Program Files (x86)\SONY\PLAYMEMORIES HOME 
Preinstalled.SonyPlayMemoriesHome   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|PMBVolumeWatcher 
Preinstalled.SonyPlayMemoriesHome   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|PMBVolumeWatcher 
Preinstalled.SonyPlayMemoriesHome   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AEB04E0E-0A28-4014-A96A-282E43B7227B} 
Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\12 LABOURS OF HERCULES III GIRL POWER 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\HOME MAKEOVER 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\IMPERIAL ISLAND BIRTH OF AN EMPIRE 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\MYSTIKA 2 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\POLAR BOWLER 1ST FRAME 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES\RUNEFALL 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-commandandconqueralliances 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp 
Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Let's continue.

 

1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
  • Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If nothing found, you won't see this message. If you don't want to remove any preinstalled software, click Cancel and continue.
  • Click Continue, then click Restart now, and you’re done.
  • Once your computer has restarted:
    [list]
  • Click the Log Files tab.
  • Click Skip Basic Repair to finish the cleaning process
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

 

 

2. FRST logs

 

Please make another scan with FRST tool, and attach for me fresh logs to check.

 

 

 

In your next reply, please post:

  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
  3. Feedback: How is the computer running now? 

  • 0

#10
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hi, 

I ran AdwCleaner and checked the 2 items I wanted quarantined and clicked continue. It did its thing and I think it said cleanup complete. It did not give me an option to restart so I did it manually. I then opened up the log and it said it had failed to clean those 2 files. No where could I find "skip basic repair". Thinking I missed something I ran the scan again. It came up with the same 2 files. I did the same things again restarting manually etc.. however checking the log it said 1 file had been cleaned. Not sure what I did differently to cause that change I ran it a third time where this time it came up with nothing. Here are the logs:

 

# -------------------------------

# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-20-2024
# Duration: 00:00:11
# OS:       Windows 10 (Build 19045.4651)
# Cleaned:  0
# Failed:   2
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Not Deleted   MyStart Search
Not Deleted   MyStart Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [8871 octets] - [18/07/2024 16:23:09]
AdwCleaner[S01].txt - [8932 octets] - [20/07/2024 08:58:42]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-20-2024
# Duration: 00:00:03
# OS:       Windows 10 (Build 19045.4651)
# Cleaned:  1
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       MyStart Search
Not Deleted   MyStart Search
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [8871 octets] - [18/07/2024 16:23:09]
AdwCleaner[S01].txt - [8932 octets] - [20/07/2024 08:58:42]
AdwCleaner[C01].txt - [1694 octets] - [20/07/2024 09:00:59]
AdwCleaner[S02].txt - [9054 octets] - [20/07/2024 09:13:52]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.07.2024
Ran by Craig Rioux (administrator) on DESKTOP-3200C37 (HP 510-p109) (20-07-2024 09:53:25)
Running from C:\Users\Craig Rioux\Desktop\FRST64.exe
Loaded Profiles: Craig Rioux
Platform: Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe ->) (BlackBerry Ltd. -> ) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe <2>
(C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe ->) (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(Discord Inc. -> Discord Inc.) C:\Users\Craig Rioux\AppData\Local\Discord\app-1.0.9154\Discord.exe <6>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(explorer.exe ->) (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\WinTV10\WinTVTray.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (BlackBerry Ltd. -> Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(services.exe ->) (BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(services.exe ->) (BlackBerry Ltd. -> BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [427416 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2015-05-04] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [868328 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Run: [Discord] => C:\Users\Craig Rioux\AppData\Local\Discord\Update.exe [1525032 2022-08-08] (Discord Inc. -> GitHub)
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Run: [MicrosoftEdgeAutoLaunch_EF83EE16BAE97F63DC6F10DC8E6EF19B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3883472 2024-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX470 series: C:\WINDOWS\system32\CNCALC2.DLL [303104 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP495 series: C:\WINDOWS\system32\CNMLMA9.DLL [361472 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series: C:\WINDOWS\system32\CNMLMC2.DLL [391168 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [360448 2013-09-11] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.128\Installer\chrmstp.exe [2024-07-17] (Google LLC -> Google LLC)
Startup: C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-10-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-08-17]
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\launcher.vbs () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2016-08-17]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2023-02-19]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV10\WinTVTray.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DF3BB107-5CF3-4141-AFD6-CF43F4E9AC35} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {00163458-8114-4533-A0A5-C40F152985B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {8CCC6F0A-B2D5-4DAA-B191-4C0BA1B699A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {CD448FE2-3292-400A-8409-7DCBA4CDDE1A} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [5094808 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {F0AA2C03-9DD2-4F7E-8AE5-110FC85D5A71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe  -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {1A266D2C-6E2C-4F71-AAFA-4F040B41BE07} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {DDF56556-F156-4617-854E-F3D3F36CA220} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {D9CECBD0-A2D7-4DB1-B145-C385706EF15E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AF122944-D80B-429C-BE2B-A83B0D6672CD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C28FE2DA-BA93-4EDA-B297-1925827329DB} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{C299D616-59CF-4CE7-8422-24C34E6FFB4B} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {C0D8CAB8-B421-4B35-A83A-1BCA93F63450} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-06-26] (HP Inc. -> HP Inc.)
Task: {B9239978-8549-4704-88A3-EDB5FBE36A75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  -> C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\/f
Task: {E883CA79-0260-48BD-AF73-CA83FA0FC757} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-06-26] (HP Inc. -> HP Inc.)
Task: {6C80F735-4713-4C20-BF6C-4960023E6447} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310832 2024-06-26] (HP Inc. -> HP Inc.)
Task: {5563B98D-7071-40F3-A6F9-8F7122AE90D4} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316456 2024-06-26] (HP Inc. -> )
Task: {46EC34C2-A6CC-4C8D-932E-2D548A031C2D} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {7B640D70-064B-4150-9E2B-E6F3C754A511} - System32\Tasks\HPDAS => C:\Program  -> Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs
Task: {F2458C2C-8E04-4E10-8D0A-9C1BD5A67B35} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {211339A8-2F82-4090-9404-19AABBA3C197} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA55C23-BD54-4719-AE46-8BF65C3932DD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A27777B9-5CB4-4C84-8448-0DED138FD221} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD21F32E-0D0C-4E2D-8B2A-71F0747AEA0A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [342136 2024-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B91343F-550A-4F45-A96D-F8453AC95422} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {04A16C5F-DA24-4148-BDE9-58908112294F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-07-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{3b475ba3-9e24-4535-9ac0-24564d1f1167}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3b475ba3-9e24-4535-9ac0-24564d1f1167}: [DhcpDomain] phub.net.cable.rogers.com
Tcpip\..\Interfaces\{7c873f94-926d-4b39-8b75-15f9308a7473}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{7c873f94-926d-4b39-8b75-15f9308a7473}: [DhcpDomain] phub.net.cable.rogers.com
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-20]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-07-12]
Edge Extension: (Google Docs Offline) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Craig Rioux\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] (Research In Motion -> )
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] (WildTangent Inc -> )
 
Chrome: 
=======
CHR Profile: C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default [2024-07-20]
CHR Notifications: Default -> hxxps://www.chess.com
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxps://www.imdb.com/chart/boxoffice","hxxps://www.google.ca/?gws_rd=ssl"
CHR NewTab: Default ->  Not-active:"chrome-extension://ijpgjiobapjdadigoagamcmhmdfdggmg/index.html"
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-10]
CHR Extension: (Save to Pinterest) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-07-10]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-07-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-07-11]
CHR Extension: (OceanHero) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijpgjiobapjdadigoagamcmhmdfdggmg [2024-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig Rioux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-11]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-326621168-1673352180-3701679548-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-04-13] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-11-09] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [9052568 2024-07-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [766360 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1203608 2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-26] (Avast Software s.r.o. -> AVAST Software)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2015-05-04] (BlackBerry Ltd. -> BlackBerry Limited)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent Inc -> WildTangent)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [622296 2023-02-10] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
S2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [928192 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [926760 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [922560 2024-06-26] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [927680 2024-06-26] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [493544 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (BlackBerry Ltd. -> Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Ltd. -> BlackBerry Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [26648 2016-05-23] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20544 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229952 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [380992 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292936 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84544 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28736 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [271944 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548928 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97856 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69184 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [942536 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1195992 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203736 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306648 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 BthAudioHF; C:\WINDOWS\system32\drivers\RtkHfp.sys [104688 2015-09-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 hcw10bda; C:\WINDOWS\system32\drivers\hcw10bda.sys [1412144 2022-01-21] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.)
R2 hcw10cir; C:\WINDOWS\system32\drivers\hcw10cir.sys [65584 2022-01-21] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221264 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2024-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78928 2024-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-07-20] (Malwarebytes Inc. -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> )
R3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
R3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-20 09:18 - 2024-07-20 09:18 - 000000000 ____D C:\Users\Craig Rioux\AppData\LocalLow\IGDump
2024-07-20 09:18 - 2024-07-20 09:17 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-07-18 16:22 - 2024-07-20 09:00 - 000000000 ____D C:\AdwCleaner
2024-07-17 18:28 - 2024-07-18 16:22 - 008790880 _____ (Malwarebytes) C:\Users\Craig Rioux\Desktop\AdwCleaner.exe
2024-07-16 20:15 - 2024-07-16 20:47 - 000013052 _____ C:\Users\Craig Rioux\Desktop\Fixlog.txt
2024-07-14 10:53 - 2024-07-14 10:57 - 000054728 _____ C:\Users\Craig Rioux\Desktop\Addition.txt
2024-07-14 10:44 - 2024-07-20 09:55 - 000034896 _____ C:\Users\Craig Rioux\Desktop\FRST.txt
2024-07-14 10:44 - 2024-07-16 20:13 - 000000000 ____D C:\Users\Craig Rioux\Desktop\FRST-OlderVersion
2024-07-14 10:43 - 2024-07-20 09:54 - 000000000 ____D C:\FRST
2024-07-11 19:47 - 2024-07-20 10:00 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Malwarebytes
2024-07-11 19:47 - 2024-07-11 19:47 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-07-11 19:47 - 2024-07-11 19:47 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-07-11 19:46 - 2024-07-11 19:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-07-11 19:46 - 2024-07-11 19:46 - 000000000 ____D C:\Program Files\Malwarebytes
2024-07-11 19:44 - 2024-07-11 19:44 - 002591728 _____ (Malwarebytes) C:\Users\Craig Rioux\Desktop\MBSetup.exe
2024-07-11 19:37 - 2024-07-16 20:13 - 002395648 _____ (Farbar) C:\Users\Craig Rioux\Desktop\FRST64.exe
2024-07-11 04:27 - 2024-07-11 04:27 - 000000000 ____D C:\WINDOWS\system32\compatrel
2024-07-11 03:48 - 2024-07-11 03:48 - 000021724 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-11 03:46 - 2024-07-11 03:46 - 000021724 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-11 03:01 - 2024-07-11 03:01 - 000000000 ___HD C:\$WinREAgent
2024-07-10 10:41 - 2024-07-10 10:40 - 000314776 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-07-06 10:22 - 2024-07-06 10:22 - 000000000 ____D C:\Users\Craig Rioux\Desktop\Emily's Camera
2024-06-22 23:18 - 2024-06-22 23:19 - 534920432 _____ (Arashi Vision Inc. ) C:\Users\Craig Rioux\Desktop\Insta360Studio_5.2.0(RC_build30)_20240612_172647_1718184906680.exe
2024-06-22 23:11 - 2024-06-22 23:11 - 023036116 _____ C:\Users\Craig Rioux\Desktop\Insta360 X3 User Manual.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-20 09:47 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-20 09:24 - 2020-11-22 01:34 - 000934914 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-20 09:24 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-07-20 09:23 - 2021-04-30 20:20 - 000000000 ____D C:\Users\Craig Rioux\AppData\Roaming\discord
2024-07-20 09:22 - 2022-08-17 19:05 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Discord
2024-07-20 09:21 - 2018-07-18 10:42 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\CrashDumps
2024-07-20 09:21 - 2017-01-02 19:08 - 000000000 ___RD C:\Users\Craig Rioux\OneDrive
2024-07-20 09:17 - 2023-02-19 19:19 - 000000000 ____D C:\ProgramData\Hauppauge
2024-07-20 09:17 - 2021-12-16 00:49 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-20 09:17 - 2020-11-22 01:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-20 09:17 - 2020-11-22 01:18 - 000008192 ___SH C:\DumpStack.log.tmp
2024-07-20 09:17 - 2017-01-07 17:11 - 000000000 ____D C:\ProgramData\AVAST Software
2024-07-20 09:16 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-07-20 09:16 - 2017-06-15 18:32 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-07-20 09:13 - 2021-01-22 17:20 - 000004178 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{9A962C9A-D658-41CD-93BC-B690BDCDF04B}
2024-07-20 08:49 - 2020-11-22 01:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-19 23:14 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-19 23:14 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-19 22:53 - 2020-06-24 18:21 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-19 22:53 - 2020-06-24 18:21 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-17 18:59 - 2017-01-02 19:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-17 18:59 - 2017-01-02 19:19 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-16 21:04 - 2020-11-22 01:24 - 000000000 ____D C:\Users\Craig Rioux
2024-07-15 17:20 - 2021-04-30 20:20 - 000002280 _____ C:\Users\Craig Rioux\Desktop\Discord.lnk
2024-07-13 17:21 - 2016-08-17 09:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-07-13 02:05 - 2016-08-17 09:15 - 000000000 ____D C:\Program Files\HP
2024-07-13 02:04 - 2020-11-22 01:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-07-12 01:59 - 2021-12-11 18:32 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-326621168-1673352180-3701679548-1001
2024-07-12 01:59 - 2020-11-22 01:48 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-326621168-1673352180-3701679548-1001
2024-07-12 01:59 - 2020-11-22 01:24 - 000002404 _____ C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-12 00:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-11 19:47 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-07-11 04:31 - 2020-11-22 01:19 - 000456504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-11 04:31 - 2016-08-17 09:17 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-07-11 04:31 - 2016-08-17 09:17 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-07-11 04:29 - 2016-08-17 11:15 - 000000000 ____D C:\ProgramData\Realtek
2024-07-11 04:27 - 2023-12-13 23:19 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-11 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-11 03:46 - 2020-11-22 01:48 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-11 03:46 - 2020-11-22 01:48 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-11 03:45 - 2020-11-22 01:23 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-07-10 10:41 - 2020-11-22 01:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2024-07-10 10:41 - 2017-01-07 17:13 - 000942536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-07-10 10:40 - 2020-10-22 23:57 - 000271944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-07-10 10:40 - 2020-04-14 21:27 - 000548928 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-07-10 10:40 - 2019-01-14 09:43 - 000380992 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000292936 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000084544 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-07-10 10:40 - 2019-01-05 15:11 - 000020544 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-07-10 10:40 - 2018-10-09 12:53 - 000028736 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-07-10 10:40 - 2017-11-21 10:34 - 000229952 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 001195992 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000306648 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000097856 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-07-10 10:40 - 2017-01-07 17:13 - 000069184 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-07-10 07:23 - 2017-01-03 19:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-10 07:17 - 2017-01-03 19:09 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-07 16:09 - 2021-07-13 13:48 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-07-07 16:09 - 2020-11-22 01:48 - 000003462 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-07-07 16:09 - 2020-11-22 01:48 - 000003238 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-07-07 16:09 - 2020-11-22 01:48 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2024-07-07 16:09 - 2020-11-22 01:48 - 000002540 _____ C:\WINDOWS\system32\Tasks\HPDAS
2024-07-07 16:09 - 2020-11-22 01:48 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2024-07-07 16:09 - 2020-11-22 01:48 - 000002262 _____ C:\WINDOWS\system32\Tasks\DropboxOEM
2024-07-07 16:09 - 2020-11-22 01:48 - 000002146 _____ C:\WINDOWS\system32\Tasks\StartCN
2024-06-28 21:31 - 2017-12-14 20:47 - 000000000 ____D C:\Users\Craig Rioux\AppData\Local\Packages
2024-06-28 19:05 - 2022-10-12 20:39 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-28 19:05 - 2022-10-12 20:39 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
 
==================== Files in the root of some directories ========
 
2017-01-02 19:05 - 2024-07-20 09:19 - 025946711 _____ () C:\Users\Craig Rioux\AppData\Local\BTServer.log
2019-02-04 21:26 - 2019-02-04 21:26 - 000007628 _____ () C:\Users\Craig Rioux\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Overall the computer is running well. No pop ups at this time.

  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts
I ran it a third time where this time it came up with nothing.

You didn't post that log, but I'll take your word, that nothing was found the third time.

 

And I'm glad to hear that no pop ups anymore. 

 

You posted only FRST.txt. The tool creates 2 logs after a scan: FRST.txt and Addition. Thus, I need the Addition.txt in your next reply.


  • 0

#12
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

here is the Addition txt.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Craig Rioux (20-07-2024 10:01:21)
Running from C:\Users\Craig Rioux\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) (2020-11-22 05:50:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-326621168-1673352180-3701679548-500 - Administrator - Disabled)
Craig Rioux (S-1-5-21-326621168-1673352180-3701679548-1001 - Administrator - Enabled) => C:\Users\Craig Rioux
DefaultAccount (S-1-5-21-326621168-1673352180-3701679548-503 - Limited - Disabled)
Guest (S-1-5-21-326621168-1673352180-3701679548-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-326621168-1673352180-3701679548-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-7be673e1-b37a-4c38-bc23-2376669664e4) (Version: 3.0.2.118 - WildTangent) Hidden
ACP Application (HKLM\...\{9C533925-D605-6414-1478-06214E47DDFA}) (Version: 2016.0412.2135.17 - Advanced Micro Devices, Inc.) Hidden
Adelantado Trilogy Book Three (HKLM-x32\...\WTA-0cd6eb9c-b006-48f9-9932-ce753a94bf44) (Version: 3.0.2.59 - WildTangent) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20895 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{7ABA79A8-D458-BE8B-6575-FB4A3F8FD766}) (Version: 9.0.000.2 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0712.153.1564 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FA3D0F2D-BA1C-4462-B6B3-3048CFF464C7}) (Version: 17.0.0.28 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.6.6121 - Avast Software)
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-811f2d61-87b0-40ac-9fa7-09ca2b25e68f) (Version: 3.0.2.51 - WildTangent) Hidden
BlackBerry 10 Desktop Software (HKLM-x32\...\{a0642dd3-1105-464b-84c8-caaf676c39c8}) (Version: 1.1.0.22 - BlackBerry)
BlackBerry Blend (HKLM-x32\...\{1DA42C01-4ED2-4B4E-B90C-18FCBA12FC41}) (Version: 1.1.0.23 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (HKLM-x32\...\{46CD5A63-0C1F-45C3-B643-CA87A17275C0}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (HKLM-x32\...\{1F6490E5-7540-426D-BC1E-EB57B0BF0C38}) (Version: 8.0.0.119 - BlackBerry Ltd.) Hidden
BlackBerry Link (HKLM-x32\...\{C42468F9-9812-4550-A54B-5DDB062EB10F}) (Version: 1.2.4.28 - BlackBerry) Hidden
BlackBerry Link Remover (HKLM-x32\...\{44D65CAB-1BC8-47B7-BF5B-3EB8B6BB0276}) (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
BlackBerry USB Driver (HKLM-x32\...\{51e38982-9005-48e1-aee8-cfa2f13b2446}) (Version: 5.0.0.2 - BlackBerry Limited)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.02 - Canon Inc.)
Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.1.3008 - CyberLink Corp.)
Discord (HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.911.1 - Dropbox, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.128 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.2.40336 - Hauppauge Computer Works, Inc)
Hauppauge WinTV v10 (HKLM-x32\...\Hauppauge WinTV v10) (Version: 10.0.41041 (SD) - Hauppauge Computer Works, Inc)
Home Makeover (HKLM-x32\...\WTA-75d76e39-26bc-4781-81d1-edadab9f6ae8) (Version: 3.0.2.59 - WildTangent) Hidden
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.90.0 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP ePrint SW (HKLM\...\{3C246BB4-8985-480D-8163-0E075A23AB04}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{7855A8A5-0B5B-41A9-AC8B-A50405FB72FE}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{7ADB025F-BFB1-480B-B3BF-B2FF8F115FB8}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM\...\{EFDACC2F-510D-4A1A-A988-196D58B4B915}) (Version: 5.0.18701 - HP) Hidden
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP ePrint SW (HKLM-x32\...\{E2A0A04B-C0A4-49F5-A496-4B93E1D0710D}) (Version: 5.0.18701 - HP) Hidden
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{52A6690A-A8F3-4EDC-8BA9-125FDD65337A}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-4f202f1d-a21b-44b4-bae8-a3fdc326aa6a) (Version: 3.0.2.59 - WildTangent) Hidden
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
MergeModule_x64 (HKLM\...\{8B591A6B-253E-4E62-B2A8-3668CDA0A907}) (Version: 11.0.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{51B45206-47B1-4B51-B46A-330B9156D6C1}) (Version: 11.0.00 - Sony Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17726.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-326621168-1673352180-3701679548-1001\...\OneDriveSetup.exe) (Version: 24.126.0623.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 (HKLM\...\{B0B194F8-E0CE-33FE-AA11-636428A4B73D}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 (HKLM\...\{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506 (HKLM-x32\...\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506 (HKLM-x32\...\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
mIRC (HKLM-x32\...\mIRC) (Version: 7.75 - mIRC Co. Ltd.)
MSVCRT Redists (HKLM\...\{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}) (Version: 1.0 - Sony Creative Software Inc.) Hidden
Mystika 2 (HKLM-x32\...\WTA-31df7aeb-dde7-4889-899d-9ede75d0305d) (Version: 1.1.2.4 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{AEB04E0E-0A28-4014-A96A-282E43B7227B}) (Version: 6.0.00.12211 - Sony Corporation)
Plugable Digital Viewer (HKLM-x32\...\Plugable Technologies Plugable Digital Viewer) (Version: 3.1.07 - Plugable Technologies)
PMB_ModeEditor (HKLM-x32\...\{F8063714-BD75-42DC-8FAA-D0E1EED92519}) (Version: 11.0.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{CF081855-ED80-445A-BF63-025584939230}) (Version: 11.0.00 - Sony Corporation) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-bac15710-23f8-4022-814b-713d56787e65) (Version: 3.0.2.59 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.53 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.8.311.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.72 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-1ec7b32e-f72f-4ba3-8d0b-a71d4c075d17) (Version: 3.0.2.126 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-ad2c78fe-8e96-42ac-a91f-eee17520ca66) (Version: 1.1.2.4 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
USB Driver x64 (HKLM\...\{6D69CF0E-5928-4B91-9BBE-B0674E46C8D8}) (Version: 5.0.0.2 - BlackBerry Limited) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
 
Packages:
=========
 
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-17] ()
Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.57.0_x86__mdqgnx93n4wtt [2021-12-22] (Arduino LLC)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.272.400.0_x64__kgqvnymyfvs32 [2024-07-11] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Earth Day Living World 2020 -> C:\Program Files\WindowsApps\Microsoft.EarthDayLivingWorld2020_1.0.0.0_neutral__8wekyb3d8bbwe [2020-05-01] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-01-06] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.36.19.0_x64__v10z8vjag6ke6 [2024-07-13] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5001.0_x64__8wekyb3d8bbwe [2024-06-24] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-17] (Microsoft Corporation)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.5.10.0_x64__kx24dqmazqk8j [2024-07-09] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0 [2024-07-18] (Spotify AB) [Startup Task]
The Weather Channel -> C:\Program Files\WindowsApps\Weather.TheWeatherChannel_2016.614.87.0_x64__t3yemqpq4kp7p [2017-04-05] (The Weather Channel.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation)
Wheel World Clock -> C:\Program Files\WindowsApps\55884DDLG.WheelWorldClock_2019.17763.65.0_x64__5pb0446f9f9xj [2019-03-05] (DDLG) [MS Ad]
XE Currency -> C:\Program Files\WindowsApps\XE.com.XECurrency_2.1.1.0_neutral__03yfs222qanwj [2022-02-16] (XE.com)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-326621168-1673352180-3701679548-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-12] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-07-10] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [251392 2014-10-19] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2014-10-19] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-03-19 13:22 - 2015-03-19 13:22 - 000094208 _____ () [File not signed] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2023-02-19 20:37 - 2023-01-26 08:39 - 000025600 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2024-07-12 03:14 - 2024-07-12 03:14 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\b4fea3b6cb88f6b9706771c9b135888e\BRIDGECommon.ni.dll
2024-07-12 03:16 - 2024-07-12 03:16 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\d06da02d36dd64ea626b1a7ed6184457\BridgeExtension.ni.dll
2024-07-12 03:17 - 2024-07-12 03:17 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\f5a8a9854b39a7a4d317f0e5705ab2e2\CleanStartController.ni.dll
2016-08-17 11:14 - 2016-05-13 04:40 - 000915968 _____ (AMD) [File not signed] C:\Program Files\Common Files\ATI Technologies\Multimedia\amf-wic-jpeg-decoder64.dll
2023-02-21 14:02 - 2013-08-02 09:43 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2023-02-21 14:02 - 2013-08-02 09:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2023-02-21 12:51 - 2017-07-05 14:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2023-02-21 12:51 - 2017-07-05 14:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2023-02-21 12:51 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2023-02-19 20:37 - 2023-02-10 10:43 - 000788480 _____ (Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\WinTV10\NativeMMS.dll
2024-07-12 03:16 - 2024-07-12 03:16 - 000135168 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\0f6b2cb81f6355878c0af752b7a4fc55\CommonPortable.ni.dll
2020-04-19 00:45 - 2020-04-19 00:45 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-19 00:45 - 2020-04-19 00:45 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-08 23:23 - 2016-09-08 23:23 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-08 23:22 - 2016-09-08 23:22 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Craig Rioux\Desktop\AdwCleaner.exe:MBAM.Zone.Identifier [182]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-326621168-1673352180-3701679548-1001 -> {F0E03EDD-BE22-4DF5-91A2-454412446D1A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-06-26] (HP Inc. -> HP Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-06-26] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-28] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2019-01-05 15:08 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2018-10-23 18:03 - 2018-10-23 18:03 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-326621168-1673352180-3701679548-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig Rioux\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{6BB5ECC7-6F39-4B8C-80E5-805ADD87E893}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{8D6B28F8-6707-4DDA-A240-3E0E942571DA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [{B5E301E8-B59F-4891-B2B1-7EFDABB4CBAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C2F42F3D-D85E-46A3-B703-C69181BC1973}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B5784C30-8C68-495A-8171-F40F28F0543B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{B8A2FBBE-D960-4414-97B9-76436989D51D}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [TCP Query User{9C70BF87-7F68-40A6-9024-CD7729289154}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [{6D4BF4EF-347F-4260-A82E-DA7996F72B0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E1D137B-EA2F-4D14-80D5-9B5C348EC353}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8E4A8BEF-D2BB-4C3C-8CA3-4D84EE30066A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{952362E6-CC25-42C2-BC9C-9F57D468570E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{955A2F8C-AC3D-48FC-825A-2B5011C25964}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe (BlackBerry Ltd. -> )
FirewallRules: [{63991DD1-FAEB-4443-8440-7B2E2F8E45CE}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe (BlackBerry Ltd. -> BlackBerry Limited. All rights reserved)
FirewallRules: [TCP Query User{F492FB58-F94C-41F2-9FE0-DD00396DCE46}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [UDP Query User{F5892B60-BAA8-482B-8007-02B463D7E181}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Allow) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe (BlackBerry Ltd. -> BlackBerry Limited)
FirewallRules: [{F83C2050-9A72-4906-9879-A8E8B77AB00C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F98235DF-D38D-4E85-B5AD-F8E8928D6906}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F17DDF7-6066-4002-856C-912F39356D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A27360A-EB69-42A5-8D3E-E2C982558BE8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{8A3D840D-6DAB-4389-B99F-FCAB7C2F05D3}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [UDP Query User{100375BE-662A-4153-9B55-7D5FE28C5818}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe (mIRC Co. Ltd. -> mIRC Co. Ltd.)
FirewallRules: [TCP Query User{8A5455CA-C1F4-4981-9011-4B57CB328BF3}C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.42.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [{D9975D5E-02FE-4FCE-B7E0-208C721E449C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{FC47E0AD-A03C-4188-96A0-EADE34452139}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{D46B776A-18AB-4FD9-9312-23BEB473C5DD}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{0E3A8E2C-33E1-4738-8997-BF615D888221}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{4F32323D-79A6-44B7-B02D-91B06360C3D3}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{F070B50F-2D16-4CC6-81EC-41F21D7AF6D3}] => (Allow) C:\Program Files (x86)\WinTV\WinTV10\WinTV10.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{F28C91C6-8C9D-4B58-925F-D00CE35961E9}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{A4934BCF-1AE7-40F4-A9DD-5A6AF2944BB4}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{60ADAE6F-F4A4-49C4-A249-89594BD40AEC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{B3560622-DEB1-4D7D-9ECA-FB2CDCAB4819}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [File not signed]
FirewallRules: [{8384C8C8-E618-4611-966E-3EC93C28ED3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D65CFFA-EF07-48CD-BE18-2AFFA1E6B511}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D10A398-86AD-4146-8F9A-8181421343FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C217DCE-3656-4248-A95E-0AAC9B994CD9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4B4207E7-C403-41FB-930A-8B32B3D7B0A7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{47022DCC-420C-495E-9DFD-0A71D53220FD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.123.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17E4D562-D98F-44F6-85CB-63EB518475B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8A6B6050-605E-45A0-8473-8B18CA5BF789}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F5EC36C9-0B63-4266-9562-8F06434450D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7A24B95A-9D69-48D4-AEB4-0E29CD05C927}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A2F1144-A3DF-4EAF-B0F1-CFB1A3CDC976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B2F39A5-C33D-4630-97E3-D8B8B0A29E09}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{019DEDED-0790-4B4D-8E55-BC22B3384D55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{86285F17-C201-4FE7-9649-98FB4E5407FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{56CC572E-C2E6-4E47-9DB0-B53653CFAA14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{44A9D3F5-4C39-4E34-A5B3-08814120AEF1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0482D628-2C68-483A-9589-F1011AA69EA0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.242.290.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D958F0B9-47E3-47EE-AAE2-CDDB86545DE2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
12-07-2024 00:28:38 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/20/2024 09:21:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAudioSwitch.exe, version: 1.0.179.0, time stamp: 0x5d0cf7ef
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4648, time stamp: 0xc655de20
Exception code: 0xe0434352
Fault offset: 0x00140d72
Faulting process id: 0x3230
Faulting application start time: 0x01dadaa7a72780b2
Faulting application path: C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 570ee630-aff2-47ef-be72-4120d4faf39d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/20/2024 09:21:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPAudioSwitch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Read(Byte[] data, Int32 offset, Int32 length)
   at System.Runtime.Remoting.Channels.Ipc.PipeStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Runtime.Remoting.Channels.SocketHandler.ReadFromSocket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Runtime.Remoting.Channels.SocketHandler.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.Runtime.Remoting.Channels.SocketHandler.ReadAndMatchFourBytes(Byte[] buffer)
   at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadAndMatchPreamble()
   at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadVersionAndOperation(UInt16& operation)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientHandler.ReadHeaders()
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at SingleInstanceApplication.InstanceProxy.SetCommandLineArgs(Boolean, System.String[])
   at SingleInstanceApplication.ApplicationInstanceManager.UpdateRemoteObject(System.String)
   at SingleInstanceApplication.ApplicationInstanceManager.CreateSingleInstance(System.String, System.EventHandler`1<SingleInstanceApplication.InstanceCallbackEventArgs>)
   at HPAudioApp.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at HPAudioApp.App.Main()
 
Error: (07/20/2024 09:20:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAudioSwitch.exe, version: 1.0.179.0, time stamp: 0x5d0cf7ef
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4648, time stamp: 0xc655de20
Exception code: 0xe0434352
Fault offset: 0x00140d72
Faulting process id: 0x2cc
Faulting application start time: 0x01dadaa755f18f09
Faulting application path: C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 11e2abe3-7660-469f-a5aa-94015db3dffa
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/20/2024 09:19:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPAudioSwitch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at Hardcodet.Wpf.TaskbarNotification.TaskbarIcon..cctor()
 
Exception Info: System.TypeInitializationException
   at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(System.RuntimeType)
   at System.Windows.DependencyProperty.FromName(System.String, System.Type)
   at System.Windows.Baml2006.WpfXamlType.FindDependencyPropertyBackedProperty(System.String, Boolean, Boolean)
   at System.Windows.Baml2006.WpfXamlType.FindMember(System.String, Boolean, Boolean)
   at System.Windows.Baml2006.WpfXamlType.LookupMember(System.String, Boolean)
   at System.Xaml.XamlType.GetMember(System.String)
   at System.Windows.Baml2006.Baml2006SchemaContext.GetProperty(Int16, System.Xaml.XamlType)
   at System.Windows.Baml2006.Baml2006Reader.Process_PropertyWithConverter()
   at System.Windows.Baml2006.Baml2006Reader.Process_OneBamlRecord()
   at System.Windows.Baml2006.Baml2006Reader.ReadObject(System.Windows.Baml2006.KeyRecord)
   at System.Windows.ResourceDictionary.CreateObject(System.Windows.Baml2006.KeyRecord)
   at System.Windows.ResourceDictionary.OnGettingValue(System.Object, System.Object ByRef, Boolean ByRef)
   at System.Windows.ResourceDictionary.OnGettingValuePrivate(System.Object, System.Object ByRef, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValueWithoutLock(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValue(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValueWithoutLock(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValue(System.Object, Boolean ByRef)
   at System.Windows.Application.FindResource(System.Object)
   at HPAudioApp.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at HPAudioApp.App.Main()
 
Error: (07/20/2024 09:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAudioSwitch.exe, version: 1.0.179.0, time stamp: 0x5d0cf7ef
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4648, time stamp: 0xc655de20
Exception code: 0xe0434352
Fault offset: 0x00140d72
Faulting process id: 0x28b8
Faulting application start time: 0x01dadaa5c974408a
Faulting application path: C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: dc7797de-8b5e-41ba-a40d-82107e760594
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/20/2024 09:09:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPAudioSwitch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.Remoting.RemotingException
 
Server stack trace: 
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Read(Byte[] data, Int32 offset, Int32 length)
   at System.Runtime.Remoting.Channels.Ipc.PipeStream.Read(Byte[] buffer, Int32 offset, Int32 size)
   at System.Runtime.Remoting.Channels.SocketHandler.ReadFromSocket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Runtime.Remoting.Channels.SocketHandler.Read(Byte[] buffer, Int32 offset, Int32 count)
   at System.Runtime.Remoting.Channels.SocketHandler.ReadAndMatchFourBytes(Byte[] buffer)
   at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadAndMatchPreamble()
   at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadVersionAndOperation(UInt16& operation)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientHandler.ReadHeaders()
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   at SingleInstanceApplication.InstanceProxy.SetCommandLineArgs(Boolean, System.String[])
   at SingleInstanceApplication.ApplicationInstanceManager.UpdateRemoteObject(System.String)
   at SingleInstanceApplication.ApplicationInstanceManager.CreateSingleInstance(System.String, System.EventHandler`1<SingleInstanceApplication.InstanceCallbackEventArgs>)
   at HPAudioApp.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at HPAudioApp.App.Main()
 
Error: (07/20/2024 09:06:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAudioSwitch.exe, version: 1.0.179.0, time stamp: 0x5d0cf7ef
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4648, time stamp: 0xc655de20
Exception code: 0xe0434352
Fault offset: 0x00140d72
Faulting process id: 0x1f50
Faulting application start time: 0x01dadaa56c648774
Faulting application path: C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6840f069-1407-4bfa-9be3-d787f734fc25
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/20/2024 09:06:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPAudioSwitch.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
   at Hardcodet.Wpf.TaskbarNotification.TaskbarIcon..cctor()
 
Exception Info: System.TypeInitializationException
   at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(System.RuntimeType)
   at System.Windows.DependencyProperty.FromName(System.String, System.Type)
   at System.Windows.Baml2006.WpfXamlType.FindDependencyPropertyBackedProperty(System.String, Boolean, Boolean)
   at System.Windows.Baml2006.WpfXamlType.FindMember(System.String, Boolean, Boolean)
   at System.Windows.Baml2006.WpfXamlType.LookupMember(System.String, Boolean)
   at System.Xaml.XamlType.GetMember(System.String)
   at System.Windows.Baml2006.Baml2006SchemaContext.GetProperty(Int16, System.Xaml.XamlType)
   at System.Windows.Baml2006.Baml2006Reader.Process_PropertyWithConverter()
   at System.Windows.Baml2006.Baml2006Reader.Process_OneBamlRecord()
   at System.Windows.Baml2006.Baml2006Reader.ReadObject(System.Windows.Baml2006.KeyRecord)
   at System.Windows.ResourceDictionary.CreateObject(System.Windows.Baml2006.KeyRecord)
   at System.Windows.ResourceDictionary.OnGettingValue(System.Object, System.Object ByRef, Boolean ByRef)
   at System.Windows.ResourceDictionary.OnGettingValuePrivate(System.Object, System.Object ByRef, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValueWithoutLock(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValue(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValueWithoutLock(System.Object, Boolean ByRef)
   at System.Windows.ResourceDictionary.GetValue(System.Object, Boolean ByRef)
   at System.Windows.Application.FindResource(System.Object)
   at HPAudioApp.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at HPAudioApp.App.Main()
 
 
System errors:
=============
Error: (07/20/2024 09:21:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/20/2024 09:21:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect.
 
Error: (07/20/2024 09:17:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HPAppHelperCap service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/20/2024 09:17:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HPAppHelperCap service terminated with the following error: 
Incorrect function.
 
Error: (07/20/2024 09:15:59 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Error: (07/20/2024 09:15:40 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout.
 
Error: (07/20/2024 09:15:40 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3200C37)
Description: The server AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6!App.AppXzsf06b8mcszwt1984bgexvdjfdbdaddg.mca did not register with DCOM within the required timeout.
 
Error: (07/20/2024 09:14:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP JumpStart Bridge service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===============
Date: 2024-07-20 10:02:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.03 08/10/2016
Motherboard: HP 822A
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G 
Percentage of memory in use: 45%
Total physical RAM: 15825.2 MB
Available physical RAM: 8619.27 MB
Total Virtual: 64977.2 MB
Available Virtual: 57205.61 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1849.76 GB) (Free:742.96 GB) (Model: ST2000DM001-1ER164) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:1.46 GB) (Model: ST2000DM001-1ER164) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{86f4610e-b3df-49bb-bd5f-7a5b007915e8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.33 GB) NTFS
\\?\Volume{86c2d2e8-babf-45fa-9a57-1f5057925c6f}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 868CD1E8)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hi.
 
The system is clean.
 
If there is no other question/issue/concern...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.


  • 0

#14
homeworks67

homeworks67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I appreciate you, Thank-you!


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

You are very welcome!

 

I'll be waiting for your last log, before I mark the topic as Solved.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Pop ups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP