Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System slow...not responding properly. [Closed]


  • This topic is locked This topic is locked

#1
ByronM1759

ByronM1759

    New Member

  • Member
  • Pip
  • 1 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024
Ran by mason (administrator) on BYRON-ACER (Acer Aspire A515-54) (24-08-2024 13:16:01)
Running from C:\Users\mason\Desktop\FRST64.exe
Loaded Profiles: mason
Platform: Microsoft Windows 10 Home Version 22H2 19045.4780 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Real\RealPlayer\downloader2.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realdownloader264.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxCUIService.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxEM.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2407.18001.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(explorer.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(explorer.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\mason\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Users\mason\AppData\Local\Mozilla Firefox\firefox.exe <16>
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealPlayer\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_3cbddcc68b1c0da2\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ea63d1eddd5853b5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ea63d1eddd5853b5\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(svchost.exe ->) (83564403-0B26-46B8-9D84-040F43691D31 -> Realtek Semiconductor) C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.205.0_x64__dt26b99r8h8gj\RtkUWP.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxext.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\mason\AppData\Local\Microsoft\OneDrive\24.156.0804.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2406.13.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (RealDefense LLC -> RealDefense LLC) C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe
(svchost.exe ->) (RealDefense LLC -> RealDefense LLC) C:\Program Files\iolo technologies\System Mechanic\LBGovernor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [953120 2019-12-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [353064 2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealPlayer\downloader2.exe [1278248 2020-06-12] (RealNetworks, Inc. -> )
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [241448 2020-05-30] (Mixbyte Inc -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\Run: [HP OfficeJet Pro 9010 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2019-11-17] (HP Inc -> HP Inc.)
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\Run: [MicrosoftEdgeAutoLaunch_A63FDC39720E41B02CBAF0CFE9BA9509] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-08-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mason\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [70770192 2024-08-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mason\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\RunOnce: [Uninstall 24.151.0728.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mason\AppData\Local\Microsoft\OneDrive\24.151.0728.0003" [0 2024-08-22] () <==== ATTENTION [zero byte File/Folder]
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\WINDOWS\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\127.0.6533.120\Installer\chrmstp.exe [2024-08-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-06-12]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E219E98-4BF7-4D45-8AE3-2090AAD532E9} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> ) -> C:\Program Files (x86)\Acer\Care Center\-auto
Task: {91BC3C49-05AD-413A-B0C4-986598FE71DF} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {DC798AE4-F345-45EE-9175-A079C5623CF6} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {DAE8899D-0C2A-454F-94E6-E3B0D50E6364} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {E494AEBE-6DDE-4FB6-B0C5-B7AF6255FB12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.)
Task: {69C6A386-18C0-4C0B-811F-224C07941C3D} - System32\Tasks\App Explorer => C:\Users\mason\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [8794648 2024-08-15] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {6B9C3E34-CF0B-48F3-B535-1CD50E4D7019} - System32\Tasks\G2MUpdateTask-S-1-5-21-3432338355-1889630694-583200658-1001 => C:\Users\mason\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-05-03] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {1F8E273F-F5D0-45A3-B3CE-5FDA2CB391FA} - System32\Tasks\G2MUploadTask-S-1-5-21-3432338355-1889630694-583200658-1001 => C:\Users\mason\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-05-03] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F0FB351E-DF18-403D-99D2-CB82B0930D7B} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem129.0.6651.0{352A24D8-20DE-4F30-BC73-7C6A873B991A} => C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe [4906600 2024-08-11] (Google LLC -> Google LLC)
Task: {EE2CD468-260F-4ACB-889B-32B29FE58C93} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-08-07] (HP Inc. -> HP Inc.)
Task: {6DD584BA-4149-4BA3-9142-2ACCC23907CA} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-08-07] (HP Inc. -> HP Inc.)
Task: {69952FBF-0486-4C97-BAAB-9779A16B1564} - System32\Tasks\iolo\ActiveMessenger => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [3637672 2024-03-27] (RealDefense LLC -> RealDefense LLC) -> C:\Program Files\iolo technologies\System Mechanic\\-appexecutable iolo.exe -ammode
Task: {3D1E6E02-1FC1-4A3B-B7F5-574BCE549A0D} - System32\Tasks\iolo\iolo Tray app => C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe [1795496 2024-03-27] (RealDefense LLC -> RealDefense LLC)
Task: {BB00918B-A040-44FB-BC6B-ED39BCB9E2FA} - System32\Tasks\iolo\Live Boost Process Governor => C:\Program Files\iolo technologies\System Mechanic\LBGovernor.exe [1067944 2024-03-27] (RealDefense LLC -> RealDefense LLC)
Task: {3AEBC560-87BC-4FF6-8276-616C3812E197} - System32\Tasks\iolo\Multi Product Notification Service => C:\Program Files\iolo technologies\System Mechanic\mpns.exe [28584 2024-03-27] (RealDefense LLC -> RealDefense LLC)
Task: {A51AE65B-D2C4-4311-B412-44174DC303CE} - System32\Tasks\iolo\SmartScan => C:\Program Files\iolo technologies\System Mechanic\smartscan.exe [95144 2024-03-27] (RealDefense LLC -> )
Task: {554977C3-9ABB-413D-A8A3-C9A5DA2C6426} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F945976C-F830-4D56-87A2-1557DEFDA76B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {4ED628D5-BC6F-423E-998C-053A6FD811EF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {B57CBC44-544B-4DC6-8FD3-EF67400CEDD9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D4CFF21-4E06-4A03-BA4C-C88348672168} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [182240 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {C26081F0-434D-4627-89A2-A5FE12D4A538} - System32\Tasks\Mozilla\Firefox Background Update A2D7726C0C38172D => C:\Users\mason\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-08-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\A2D7726C0C38172D\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\A2D7726C0C38172D\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {76684A8F-886A-4B7C-9E79-A006E0C91179} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3432338355-1889630694-583200658-1001 A2D7726C0C38172D => C:\Users\mason\AppData\Local\Mozilla Firefox\firefox.exe [676936 2024-08-22] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\A2D7726C0C38172D\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\A2D7726C0C38172D\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {B7142DA5-3AB5-4221-B30E-F971557F7E05} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {562D28A5-2F56-453F-9651-23D4D6692B8F} - System32\Tasks\Mozilla\Firefox Default Browser Agent A2D7726C0C38172D => C:\Users\mason\AppData\Local\Mozilla Firefox\default-browser-agent.exe [34376 2024-08-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {635B76C8-AD4E-417E-BD7B-FE3F70766F0D} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {D380EAAC-200D-4606-B014-120AACB7D1A4} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {575C59EF-ED1E-452F-9AAC-61F56F05E4C3} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {551E8463-C6AA-457C-9EFC-FB0C990E5879} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.2.6\WSCStub.exe [646520 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {9019A18B-F76E-46AC-88E8-AE2CBB0DB4BB} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {17512EED-ED65-4F04-8A70-FBF8351C4F82} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {734D199C-A08B-4C43-B931-3B3CA17D6698} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {5B997CED-E1BA-4F52-ABE5-8AF90AE757C7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {1C644CD5-058D-4D20-ABA9-A9A71886D87E} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealPlayer\downloader2.exe [1278248 2020-06-12] (RealNetworks, Inc. -> )
Task: {8442F653-9A3C-4678-BAA0-0793E0F4735B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3432338355-1889630694-583200658-1001 => C:\Program Files (x86)\Real\RealPlayer\realupgrade.exe [135464 2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {4A32558D-FC64-4040-81AD-EEB982B8BBB6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3432338355-1889630694-583200658-1001 => C:\Program Files (x86)\Real\RealPlayer\realupgrade.exe [135464 2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {5697EEAF-CBEB-431E-9B1D-79D31685CC35} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Ultra\Upgrade.exe [2353000 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {D8F517AB-284D-4351-9E32-63E5E9763E44} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {B934EAD6-1BC9-41C5-AF5B-E27ED334ACD5} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {CD2A34C3-564F-4916-9E26-C7A4A215F2CE} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2019-01-09] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3432338355-1889630694-583200658-1001.job => C:\Users\mason\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3432338355-1889630694-583200658-1001.job => C:\Users\mason\AppData\Local\GoToMeeting\19992\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\759627470284F6D6560223: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\75966496D27457563747D214C6C6572756: [DhcpNameServer] 172.27.4.14
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\75966496D27457563747D214C6C6572756: [DhcpDomain] allure.internal
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\A4F65727E65697: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\A4F65727E65697: [DhcpDomain] hsd1.ca.comcast.net
Tcpip\..\Interfaces\{637757f7-c310-4e32-99d1-6474f1ff1270}\D6F647F602760207572756F543037393: [DhcpNameServer] 192.168.17.207
Tcpip\..\Interfaces\{d71c2be5-fc06-437c-a8fe-280a4fa06e3b}: [DhcpNameServer] 40.30.1.66

Edge:
=======
Edge Profile: C:\Users\mason\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-24]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=ACTE
Edge Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-16]
Edge Extension: (Edge relevant text changes) - C:\Users\mason\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]

FireFox:
========
FF DefaultProfile: 1etzpml1.default
FF ProfilePath: C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\qqoxv75z.default-release-1-1713907621762 [2024-08-24]
FF Homepage: Mozilla\Firefox\Profiles\qqoxv75z.default-release-1-1713907621762 -> hxxps://www.google.com/
FF Extension: (AdGuard AdBlocker) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\qqoxv75z.default-release-1-1713907621762\Extensions\[email protected] [2024-07-10]
FF ProfilePath: C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\1etzpml1.default [2020-11-16]
FF ProfilePath: C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release [2024-08-24]
FF Homepage: Mozilla\Firefox\Profiles\07xs93tw.default-release -> www.google.com
FF HomepageOverride: Mozilla\Firefox\Profiles\07xs93tw.default-release -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\07xs93tw.default-release -> Disabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\07xs93tw.default-release -> Enabled: [email protected]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2020-06-12] [UpdateUrl:hxxps://s3-us-west-2.amazonaws.com/ubp-ubpextension-us-prod/vendor-update/firefox/acer1/updates.json]
FF Extension: (Norton Password Manager) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2020-12-01]
FF Extension: (English (US) Language Pack) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2021-08-04]
FF Extension: (Norton Home Page) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2020-12-01] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2020-12-01] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\07xs93tw.default-release\Extensions\[email protected] [2020-12-01]
FF ProfilePath: C:\Users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\pwlb8vin.default-release-2 [2024-08-24]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2019-05-14] [UpdateUrl:hxxps://s3-us-west-2.amazonaws.com/ubp-ubpextension-us-prod/vendor-update/firefox/acer1/updates.json]
FF Extension: (English (US) Language Pack) - C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2019-05-20]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected] [2021-01-27] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=20.0.0.314 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=20.0.0.314 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2020-06-12] (RealNetworks, Inc. -> RealPlayer)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Default [2024-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-25]
CHR Extension: (DocHub - Sign PDF from Gmail) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjgcgnfikekladnkhnimljcalfibijha [2024-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-08-22]
CHR Notifications: Profile 1 -> hxxps://mytime-kroger.me
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-11]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-04-22]
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-08]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-04-22]
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-08]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5 [2024-05-12]
CHR Extension: (Cruise Control) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\amomjacbbleicjnplhioginaekbgfbik [2023-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-06]
CHR Extension: (Cruise Fastpass) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lgojiobijaofmnncgdnmnagbihmohpoi [2023-11-06]
CHR Extension: (Google Verified Access by Duo) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lojeokmpinkpmpbakfkfpgfhpapbgdnd [2023-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-11-06]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 6 [2024-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mason\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-23]
CHR Profile: C:\Users\mason\AppData\Local\Google\Chrome\User Data\System Profile [2024-08-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13995624 2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
R2 EndpointProtectionService; C:\Program Files\Endpoint Protection SDK\endpointprotection.exe [11774296 2024-07-19] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Endpoint Protection SDK\endpointprotection.exe [11774296 2024-07-19] (Avira Operations GmbH -> Avira Operations GmbH)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-05-30] (Mixbyte Inc -> Freemake)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-08-07] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe [344888 2024-03-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe [1059176 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [38536 2020-05-22] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [990856 2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2019-01-10] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [176712 2024-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2024-05-20] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\BASHDefs\20210929.011\BHDrvx64.sys [2018784 2021-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\ccSetx64.sys [198288 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-02] (Symantec Corporation -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\IPSDefs\20211001.061\IDSvia64.sys [1480144 2021-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MpKslaa07328c; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [137464 2022-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\nsvst.sys [57120 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R1 pgfilter; C:\WINDOWS\System32\drivers\pgfilter.sys [96280 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R1 rtp1; C:\WINDOWS\System32\DRIVERS\rtp1.sys [417608 2024-07-19] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp2; C:\WINDOWS\System32\DRIVERS\rtp2.sys [417720 2024-07-19] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28768 2024-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SRTSP64.SYS [960640 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SRTSPX64.SYS [52864 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SYMEFASI64.SYS [2180248 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SymELAM.sys [36016 2024-03-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.1.50\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\Ironx64.SYS [306872 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\symnets.sys [492720 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22080 2024-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [602520 2024-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\wpCtrlDrv.sys [1016792 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 AppleKmdfFilter; \SystemRoot\System32\drivers\AppleKmdfFilter.sys [X]
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
S1 netprotection_network_filter; System32\drivers\netprotection_network_filter.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-08-24 13:16 - 2024-08-24 13:16 - 000038945 _____ C:\Users\mason\Desktop\FRST.txt
2024-08-24 13:15 - 2024-08-24 13:16 - 000000000 ____D C:\FRST
2024-08-24 13:15 - 2024-08-24 13:15 - 000000000 ____D C:\Users\mason\Desktop\FRST-OlderVersion
2024-08-24 12:45 - 2024-08-24 13:15 - 002397184 _____ (Farbar) C:\Users\mason\Desktop\FRST64.exe
2024-08-24 11:09 - 2024-08-24 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-08-24 10:50 - 2024-08-24 10:50 - 000000000 ____D C:\WINDOWS\LastGood
2024-08-24 10:50 - 2024-06-03 05:50 - 000168976 _____ (TODO: <Company name>) C:\WINDOWS\system32\HPWIAExtensionUI.dll
2024-08-24 10:50 - 2024-06-03 05:49 - 005382560 _____ (HP Inc.) C:\WINDOWS\SysWOW64\HPScanTEDrv.dll
2024-08-24 10:50 - 2024-06-03 05:49 - 000992160 _____ (HP Inc.) C:\WINDOWS\SysWOW64\DiscoveryLibDyn.dll
2024-08-22 10:25 - 2024-08-22 10:26 - 013185766 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-22-08-2024.pdf
2024-08-22 09:26 - 2024-08-24 10:50 - 000000000 ____D C:\Users\mason\AppData\Local\Mozilla Firefox
2024-08-16 22:47 - 2024-08-16 22:47 - 026575087 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-16-08-2024.pdf
2024-08-15 14:09 - 2024-08-15 14:09 - 012948882 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-15-08-2024.pdf
2024-08-14 05:22 - 2024-08-14 05:22 - 000000000 ___HD C:\$WinREAgent
2024-08-08 15:46 - 2024-08-08 15:46 - 001506813 _____ C:\Users\mason\Downloads\Receipt_2024-08-08_153056.pdf
2024-08-07 23:14 - 2024-08-07 23:14 - 002523018 _____ C:\Users\mason\Downloads\Flight info for August 2024 cruise.pdf
2024-08-07 11:59 - 2024-08-07 11:59 - 000062839 _____ C:\Users\mason\Downloads\Registration Document.pdf
2024-08-07 09:09 - 2024-08-07 09:09 - 037689093 _____ C:\Users\mason\Downloads\Iconma - Cruise Documents for Byron Mason.pdf
2024-08-06 22:28 - 2024-08-06 22:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-08-06 22:27 - 2024-08-06 22:27 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (Preview).lnk
2024-08-03 10:59 - 2024-08-03 10:59 - 023685163 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-03-08-2024.pdf
2024-08-02 15:51 - 2024-08-02 15:51 - 000329755 _____ C:\Users\mason\Downloads\MASON_RETPKGA5_000031.pdf
2024-08-02 11:35 - 2024-08-02 11:35 - 027029582 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-02-08-2024.pdf
2024-08-01 01:18 - 2024-08-01 01:18 - 028947721 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-31-07-2024.pdf
2024-07-29 10:08 - 2024-07-29 10:08 - 015435288 _____ C:\Users\mason\Downloads\FullPdf-The Plain Dealer-29-07-2024.pdf
2024-07-26 17:16 - 2024-07-26 17:16 - 000148730 _____ C:\Users\mason\Downloads\DuckFlyer.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-08-24 12:33 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-08-24 12:32 - 2023-08-15 08:32 - 000000000 ____D C:\Users\mason\Desktop\Job search stuff
2024-08-24 12:32 - 2020-06-16 14:26 - 000000000 ____D C:\Users\mason\Desktop\Personal
2024-08-24 12:31 - 2021-10-31 13:31 - 000000000 ____D C:\Users\mason\Desktop\Food
2024-08-24 12:30 - 2023-12-14 13:05 - 000000000 ____D C:\Users\mason\Desktop\Food stand or truck items
2024-08-24 12:28 - 2021-03-29 05:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-08-24 11:48 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-08-24 11:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-08-24 11:29 - 2020-06-13 07:19 - 000000000 ____D C:\Users\mason\AppData\Local\Host App Service
2024-08-24 10:51 - 2022-02-10 12:50 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-08-24 10:51 - 2020-07-14 03:45 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-08-24 10:51 - 2020-07-14 03:45 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-08-24 10:50 - 2021-12-16 01:54 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-08-24 10:50 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-08-22 21:00 - 2021-03-29 05:13 - 000003578 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3432338355-1889630694-583200658-1001
2024-08-22 21:00 - 2021-03-29 05:13 - 000003516 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3432338355-1889630694-583200658-1001
2024-08-22 17:25 - 2020-06-13 07:23 - 000000000 ____D C:\Users\mason\AppData\Local\Packages
2024-08-22 16:45 - 2021-12-11 13:14 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3432338355-1889630694-583200658-1001
2024-08-22 16:45 - 2021-03-29 05:13 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3432338355-1889630694-583200658-1001
2024-08-22 16:45 - 2021-03-29 05:06 - 000002383 _____ C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-08-22 16:45 - 2020-06-12 15:24 - 000000000 ___RD C:\Users\mason\OneDrive
2024-08-22 16:39 - 2021-03-29 05:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-08-22 16:39 - 2020-06-12 15:34 - 000000831 _____ C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-08-22 09:37 - 2020-12-24 23:35 - 000000000 ____D C:\Users\mason\AppData\Local\CrashDumps
2024-08-22 09:22 - 2020-06-13 07:23 - 000000000 __SHD C:\Users\mason\IntelGraphicsProfiles
2024-08-18 06:25 - 2021-03-29 05:06 - 000000000 ____D C:\Users\mason
2024-08-18 06:21 - 2020-06-12 16:52 - 000000000 ____D C:\Users\mason\AppData\Roaming\vlc
2024-08-18 01:25 - 2020-06-12 15:27 - 000000000 ____D C:\Users\mason\AppData\Roaming\Mozilla
2024-08-18 01:23 - 2020-07-28 22:03 - 000000000 ____D C:\Users\mason\dwhelper
2024-08-17 09:58 - 2024-04-09 12:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security Ultra
2024-08-16 08:58 - 2021-03-29 05:15 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-08-16 08:54 - 2024-06-07 22:34 - 000000000 ____D C:\Program Files\Endpoint Protection SDK
2024-08-16 08:53 - 2021-03-29 05:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-08-16 08:53 - 2021-03-29 05:05 - 000008192 ___SH C:\DumpStack.log.tmp
2024-08-16 08:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-08-16 02:06 - 2022-01-11 10:13 - 000000000 ____D C:\Users\mason\Downloads\New folder
2024-08-15 22:41 - 2020-06-22 22:54 - 000000000 ____D C:\Users\mason\.cache
2024-08-15 17:19 - 2020-06-14 19:06 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-08-15 01:47 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-08-15 01:44 - 2021-03-29 05:05 - 000474848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-08-15 01:43 - 2024-06-07 22:35 - 005863824 _____ C:\WINDOWS\system32\rtp.db
2024-08-15 01:43 - 2019-12-07 02:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\schemas
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-08-15 01:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-08-14 05:32 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-08-14 05:28 - 2021-03-29 05:05 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-08-14 05:16 - 2020-06-14 00:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-08-14 05:14 - 2020-06-14 00:06 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-08-11 21:34 - 2023-08-13 16:41 - 000000000 ____D C:\Users\mason\Documents\Outlook Files
2024-08-08 22:56 - 2022-10-13 13:49 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-08-08 22:56 - 2022-10-13 13:49 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-08-08 22:56 - 2021-03-29 05:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-08-07 12:00 - 2023-04-13 14:54 - 000000000 _____ C:\Users\mason\Documents\HPOJ8710_Fax_Port
2024-08-07 06:28 - 2022-03-22 19:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-08-07 06:28 - 2021-12-23 14:24 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-08-06 22:26 - 2020-03-07 16:23 - 000000000 ____D C:\Program Files\Microsoft Office
2024-08-01 21:16 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-28 20:50 - 2021-03-29 05:13 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-28 20:50 - 2021-03-29 05:13 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08.2024
Ran by mason (24-08-2024 13:17:57)
Running from C:\Users\mason\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4780 (X64) (2021-03-29 12:13:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3432338355-1889630694-583200658-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3432338355-1889630694-583200658-503 - Limited - Disabled)
Guest (S-1-5-21-3432338355-1889630694-583200658-501 - Limited - Disabled)
mason (S-1-5-21-3432338355-1889630694-583200658-1001 - Administrator - Enabled) => C:\Users\mason
WDAGUtilityAccount (S-1-5-21-3432338355-1889630694-583200658-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Shield (Disabled - Up to date) {CFD1F43D-7501-B54F-88CE-D3F6D5EF8990}
AV: Norton Security Ultra (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: iolo Antivirus (Enabled - Out of date) {7AF0579C-34E6-B3A7-1F85-37043455CEFE}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Ultra (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security Ultra (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security Ultra (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security Ultra (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security Ultra (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20991 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
App Explorer (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\Host App Service) (Version: 0.273.4.874 - SweetLabs) <==== ATTENTION
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
Clean Streams version 1.2 (HKLM-x32\...\{1A9FABEC-169D-4401-87EC-4E82F0430454}_is1) (Version: 1.2 - Clean Streams)
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2405.2972 - Avira Operations GmbH) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19325.10 - Acer)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.4 - Ellora Assets Corporation)
Gateway (HKLM-x32\...\{3225D30A-29E0-492F-8DC4-4503DC3A1EBC}) (Version: 2.1.1 - RBC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 127.0.6533.120 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{0A7A52B9-7D10-4286-A423-A589919D6880}) (Version: 40.12.1161.1896 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP OfficeJet Pro 9010 series Basic Device Software (HKLM\...\{054E1B87-E52B-4B86-92B6-2FCA44090110}) (Version: 49.6.4502.206 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.40 - PandoraTV)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17830.20138 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 127.0.2651.105 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\OneDriveSetup.exe) (Version: 24.156.0804.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\Mozilla Firefox 129.0.2 (x64 en-US)) (Version: 129.0.2 - Mozilla)
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.3 - Mozilla)
Norton Security Ultra (HKLM-x32\...\NGC) (Version: 22.24.2.6 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 20.0) (Version: 20.0.0 - RealNetworks)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RescuePRO Deluxe 7.0.0.7 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 7.0.0.7 - LC Technology International, Inc.)
RescuePRO SSD 7.0.0.5 (HKLM-x32\...\{6BD4BA00-19BA-499C-A5AB-6C13F7C8DDF6}_is1) (Version: 7.0.0.5 - LC Technology International, Inc.)
System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 24.3.0.57 - RealDefense LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3106 - Acer Incorporated)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)

Chrome apps:
============
Docs (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\42d12322dce8962c0f4064316fc1f170) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\7a7cc9bc0d565a2a33a7e7d6179326dd) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\82233d0f84338a13bffd8e0e9e2190a7) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\2cbd34840a125bab9f5632b924e4bb11) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\a8724e37b4245666360c2b28c047d6e2) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3432338355-1889630694-583200658-1001\...\e0ee8f56fc8e79ba2ee435e63e9c76d7) (Version: 1.0 - Google\Chrome)

Packages:
=========

Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2020-03-07] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2023-06-01] (Acer Incorporated)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-15] ()
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_4.3.1.0_x64__kgqvnymyfvs32 [2024-08-15] (king.com)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-01-14] (Acer Incorporated)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.27.0_x64__xbfy0k16fey96 [2024-08-04] (Dropbox Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.102.4.0_x64__q4d96b2w5wcc2 [2024-08-24] (Evernote) [Startup Task]
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.46.12.0_x64__kgqvnymyfvs32 [2024-08-22] (king.com)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2024-07-11] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.112.0_x64__kx24dqmazqk8j [2024-07-11] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_155.1.1088.0_x64__v10z8vjag6ke6 [2024-08-07] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-07-11] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-06-06] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.34.0_x64__w1wdnht996qgy [2024-08-22] (LinkedIn) [Startup Task]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2407.18001.0_x64__8wekyb3d8bbwe [2024-08-08] (Microsoft Corporation) [Startup Task]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2020-03-07] (MAGIX Software GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-15] (Netflix, Inc.)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2020-03-07] (CYBERLINK COM CORP)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2020-03-07] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-09] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.205.0_x64__dt26b99r8h8gj [2020-06-16] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.5.15.0_x64__kx24dqmazqk8j [2024-08-09] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.18.0_x64__kx24dqmazqk8j [2024-08-09] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.137.0_x64__kx24dqmazqk8j [2024-07-21] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0 [2024-08-16] (Spotify AB) [Startup Task]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2020-03-07] (Acer Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3432338355-1889630694-583200658-1001_Classes\CLSID\{21866f4d-2117-4b95-a17f-c63288a36e3d}\InprocServer32 -> E:\FirefoxPortable\App\firefox64\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-3432338355-1889630694-583200658-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3432338355-1889630694-583200658-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mason\AppData\Local\GoToMeeting\17956\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3432338355-1889630694-583200658-1001_Classes\CLSID\{93acf5c5-31b3-4c31-b49b-9ed6ad265b25}\InprocServer32 -> E:\Firefox II\App\firefox64\notificationserver.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2020-06-12] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\mason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 4" --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

SearchScopes: HKU\S-1-5-21-3432338355-1889630694-583200658-1001 -> DefaultScope {ABFF4D2C-EA5C-4C9E-B9EA-FB9B77D438C3} URL =
SearchScopes: HKU\S-1-5-21-3432338355-1889630694-583200658-1001 -> {ABFF4D2C-EA5C-4C9E-B9EA-FB9B77D438C3} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealPlayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin64.dll [2020-06-12] (RealNetworks, Inc. -> RealPlayer)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealPlayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin.dll [2020-06-12] (RealNetworks, Inc. -> RealPlayer)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 21:49 - 2019-03-18 21:49 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts

2021-07-03 10:06 - 2024-07-19 21:47 - 000000512 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.201 amazon-50cfd33a2.mshome.net # 2024 7 6 27 4 47 4 161
192.168.137.1 Byron-Acer.mshome.net # 2029 7 4 19 4 47 4 161
97

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3432338355-1889630694-583200658-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mason\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\976792044243164049\133689992833640025.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel® Wireless-AC 9560 160MHz -> Netwtw10.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Freemake Improver => 2

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F00E50DB-6D5E-4BC1-9756-AFB14B46C194}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D9EAEE84-39FC-47B9-9A5C-4F95C24B5309}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3C6D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5886DEA5-4E1B-41DB-BB46-E6712E7FCFCA}] => (Allow) C:\Users\mason\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4C187242-A7D1-4433-8DA8-6D55E3169655}] => (Allow) C:\Users\mason\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B95D2CD2-91EB-4091-AA51-430D042EC24C}] => (Allow) C:\Users\mason\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0B24E53B-6FDA-4B76-9639-B5051191F6E5}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS2F95\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3D5E5F49-C857-47CC-B881-656B14F05E5D}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS2F95\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{79243511-9A30-481A-8B88-90BD80AD2FCA}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS2F02\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{CBAA0608-9C06-4780-B170-78DBB319A215}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS2F02\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C7347A40-EF94-4C5F-A92E-7A9297CFC2C7}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3771\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{80F63C33-55C9-4C2C-844D-77275D46A4F6}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3771\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C1F63BD4-C22A-4308-8219-BA60F9DAFDF7}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS0358\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3293EF57-9FC4-496F-B1FA-83D99BAE7393}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS0358\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{453169EF-40DB-406F-A280-043716C81044}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3BDF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8FF7B386-CCA2-478C-923F-28A30CD2EFA9}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS3BDF\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{653FEBBA-FD10-4D3B-A0BD-E5F102293114}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9D57F245-B56A-47C2-B012-CE2AA17B3116}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EEBD597D-B42F-45F0-BD52-DE5729A747C2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A3CA82F0-3E95-454E-AD28-C1C106EA58D5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8E8999C1-E11D-4242-89B1-8AA8533A04A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DF378217-9AA9-43AE-B6BA-5B80E8C11FC0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{A4F9DE3C-D73D-49E7-A93D-404A612D3C9C}C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe] => (Allow) C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E559061E-DA7C-4EC3-8FFB-C3AC2ED646CD}C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe] => (Allow) C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{C60A8765-A958-4175-9F62-2D1CCB63E2EB}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{0CF43463-D86B-4FA3-8132-87F402419E26}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{8EDEE764-B3B6-4DD6-B3C5-A4943B756E24}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{9E7FCA09-0E90-47CD-9801-44B31E2A0231}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{E832C8E3-5086-446D-8DD8-618122C5CE40}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{E8BAF46E-A121-483A-808D-79C6774EC51C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 9010 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{310E1A50-8997-42AA-AA15-DD74EA8D9597}C:\users\mason\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\mason\appdata\local\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{100065B1-B57F-4A3F-93D0-51FD21102673}C:\users\mason\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\mason\appdata\local\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{18EBA174-FE05-4231-BAD8-766C0C7685B0}C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe] => (Allow) C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{F5EA3D98-7672-496A-AA6E-E3E7B8DAC77A}C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe] => (Allow) C:\program files (x86)\clean streams\clean streams_data\streamingassets\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{656A9636-C76C-41CE-8A5E-8196461F690D}] => (Allow) LPort=5357
FirewallRules: [{1F81F3E5-D319-4DBB-A2B9-2482E555070C}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{EC030B5F-02FF-4779-84F8-B5378005407A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E29960E8-9E57-41FF-80BC-7F962547A8FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{633DFBFD-05CD-4EA3-9FDF-D0B1A6677EB9}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS07AE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D482D86D-6F16-43BF-BFA5-3EA7934D46AB}] => (Allow) C:\Users\mason\AppData\Local\Temp\7zS07AE\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B0491D01-9B0F-4A43-B2AD-2E561309C64F}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{AED565B9-A87E-4595-943F-05328491AD9C}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{DC115EBE-CFC3-433F-9B73-8AC37C8B31E9}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{BF93738C-6301-4AFA-B987-A833841983D5}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{2799CCD9-4C3A-4171-8991-FA7C22F81322}C:\users\mason\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\mason\appdata\local\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{96D9EC1C-8D18-45F5-AE75-B5B88F7239DC}C:\users\mason\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\mason\appdata\local\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E418D16D-21F3-4A64-A032-C335F2C897C3}C:\users\mason\appdata\local\temp\7zs412f\enterprisedu.exe] => (Allow) C:\users\mason\appdata\local\temp\7zs412f\enterprisedu.exe => No File
FirewallRules: [UDP Query User{339BAA0D-35DA-461E-95AF-CC9D69D4E941}C:\users\mason\appdata\local\temp\7zs412f\enterprisedu.exe] => (Allow) C:\users\mason\appdata\local\temp\7zs412f\enterprisedu.exe => No File
FirewallRules: [TCP Query User{AF709C7F-A440-4784-8193-690750A8EAB3}C:\users\mason\appdata\local\temp\7zs7ce5\enterprisedu.exe] => (Allow) C:\users\mason\appdata\local\temp\7zs7ce5\enterprisedu.exe => No File
FirewallRules: [UDP Query User{3276B96F-63B5-4592-9208-7323D0ECF14B}C:\users\mason\appdata\local\temp\7zs7ce5\enterprisedu.exe] => (Allow) C:\users\mason\appdata\local\temp\7zs7ce5\enterprisedu.exe => No File
FirewallRules: [{7A4C9225-BBF9-470E-B064-536B774C16A3}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2053E5A9-ED6D-4E1D-8E7A-10ABDD508DC8}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2B2B70C0-2BD6-4AC5-BFFE-F9D67DF28081}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{BF36BBA0-0243-4DFC-AC24-AAF749B1FBBF}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2274F5BB-3778-43CA-A152-345B993CEBA2}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{129BE3B5-39B2-4FFC-9102-4BAD4CC4442A}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7ABEF247-9C8D-436E-A703-836F3ECAB153}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7EB7494C-F806-4A01-9061-ABA7B19A44FB}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{38FE5D14-72AE-4E4E-AD40-70EB3B5F7598}] => (Allow) C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe (RealDefense LLC -> RealDefense LLC)
FirewallRules: [{E075C1CE-EDCA-4DB7-AE30-039FF21AE68B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{42EB051F-F2DB-49F5-9FDE-F467C6EED1BC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FABEECE8-7749-401F-B558-337B3B751BB0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A02162AC-6951-48E3-B05F-B3BFC8A6A485}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01A748E3-85BD-4105-986C-B83AA9046FF5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A8E91085-D51C-46CE-8AB0-942CD78FD3A8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{ACFE0F88-0AEC-4210-9E7C-2B29FBD963AA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FD57169F-023C-41CA-ADFC-A732BF711804}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F13AABFD-A5D6-4761-BACE-BE6B30F7C6FD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E5267E2-4540-4C0D-96D7-FFFAB9987DB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{01DF8305-38E2-41E6-8375-25226B54879D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3D3C8D33-F996-4FFC-B331-5A5158F8A680}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3C5478D1-5790-4A95-B124-515F2C63E23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6D41B970-576A-443F-988B-9086BAC1FFB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{ADEF62B9-303B-4C24-B96B-30C0A461D481}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{30132B85-D3A0-4D3A-B042-7E67C3FD3199}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E06907C5-5EBE-456D-BA42-60129187F518}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6EED39DB-0587-480D-AF2E-2113D01F7E64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{56037205-15D1-4695-A475-39D7010F415B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8EDCD586-7713-48FC-99A7-A5A37F76101E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{853FC12C-EBE2-473A-9E03-33EDD1339858}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A0697894-6AC1-4896-8798-C6609E340623}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{485A65E2-E06C-42A7-9DC9-45338A28ECAE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00C7275C-D800-4ACF-9BAD-D32457FC6897}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AECB9017-A16D-4F8B-B205-0FD69DAE77B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.126.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

24-08-2024 11:48:32 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/22/2024 09:37:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerRegistrationBackGroundTask.exe, version: 1.0.0.0, time stamp: 0x64375ffb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4780, time stamp: 0xc4a0381f
Exception code: 0xc000041d
Fault offset: 0x00141072
Faulting process id: 0x7720
Faulting application start time: 0x01daf4b19d130c7d
Faulting application path: C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5171cb3a-f632-4c16-b355-07a7e1aca938
Faulting package full name: AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4
Faulting package-relative application ID: Acer.AcerRegistration

Error: (08/22/2024 09:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerRegistrationBackGroundTask.exe, version: 1.0.0.0, time stamp: 0x64375ffb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4780, time stamp: 0xc4a0381f
Exception code: 0xc0020001
Fault offset: 0x00141072
Faulting process id: 0x7720
Faulting application start time: 0x01daf4b19d130c7d
Faulting application path: C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f8ce3232-42fa-49d4-b593-229a01d5bd68
Faulting package full name: AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4
Faulting package-relative application ID: Acer.AcerRegistration

Error: (08/22/2024 09:37:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AcerRegistrationBackGroundTask.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0020001, exception address 76E71072
Stack:
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at System.Environment._Exit(Int32)
   at System.Environment.Exit(Int32)
   at AcerRegistrationBackGroundTask.MainWindow+<closeBackGroundTask>d__24.MoveNext()
   at System.Runtime.CompilerServices.AsyncVoidMethodBuilder.Start[[AcerRegistrationBackGroundTask.MainWindow+<closeBackGroundTask>d__24, AcerRegistrationBackGroundTask, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<closeBackGroundTask>d__24 ByRef)
   at AcerRegistrationBackGroundTask.MainWindow.closeBackGroundTask()
   at AcerRegistrationBackGroundTask.MainWindow.Window_Loaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)
   at System.Windows.Window.ShowHelper(System.Object)
   at System.Windows.Window.Show()
   at System.Windows.Application+<>c.<RunInternal>b__105_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at AcerRegistrationBackGroundTask.Startup.Main(System.String[])

Error: (08/22/2024 09:25:37 AM) (Source: Firefox Default Browser Agent) (EventID: 12002) (User: )
Description: Event-ID 12002

Error: (08/22/2024 09:25:37 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/17/2024 08:28:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACCStd.exe, version: 4.0.3042.0, time stamp: 0x61cc5d9c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4717, time stamp: 0x16b0a901
Exception code: 0xe0434352
Fault offset: 0x000000000003b699
Faulting process id: 0x2d40
Faulting application start time: 0x01daeff4ccf8ef8b
Faulting application path: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: bf2d0d4f-ba94-4e29-b1b1-1936c5a88531
Faulting package full name:
Faulting package-relative application ID:

Error: (08/17/2024 03:05:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACCStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
   at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
   at Acer.CareCenter.Diagnostic.MultiDevicesTests..ctor(DiagnosticPlugin.DeviceManager)
   at Acer.CareCenter.Diagnostic.DiagnosticController.GetAllTestItems()
   at Acer.CareCenter.ACCStd.DiagnosticManager_ACCStd.GetSpecificTestItems(DeviceType)
   at Acer.CareCenter.ACCStd.DiagnosticManager_ACCStd.DeviceInfoUpdate(System.Object, Acer.CareCenter.Diagnostic.DeviceInfoUpdateEventArgs)
   at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.InfoUpdate(System.Object, DiagnosticEvent.InformationUpdateEventArgs)
   at EthernetDevice.EthernetManager.NetworkChange_NetworkAddressChanged(System.Object, System.EventArgs)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (08/16/2024 09:08:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcerRegistrationBackGroundTask.exe, version: 1.0.0.0, time stamp: 0x64375ffb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4780, time stamp: 0xc4a0381f
Exception code: 0xc000041d
Fault offset: 0x00141072
Faulting process id: 0x974
Faulting application start time: 0x01daeff68c8699c3
Faulting application path: C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5c83638a-a2bc-4666-8e6a-476efd8eb6c8
Faulting package full name: AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4
Faulting package-relative application ID: Acer.AcerRegistration


System errors:
=============
Error: (08/24/2024 11:48:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P6PMZTM93LR-Microsoft.6365217CE6EB4.

Error: (08/22/2024 10:03:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/16/2024 08:53:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:48:08 AM on ‎8/‎16/‎2024 was unexpected.

Error: (08/16/2024 08:52:55 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (08/08/2024 03:43:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:37:55 PM on ‎8/‎8/‎2024 was unexpected.

Error: (08/08/2024 03:42:59 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (08/08/2024 08:12:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P6PMZTM93LR-Microsoft.6365217CE6EB4.

Error: (08/07/2024 06:27:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9P6PMZTM93LR-Microsoft.6365217CE6EB4.


Windows Defender:
================
Date: 2024-06-07 22:22:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-06-06 23:13:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-06-06 23:01:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-06-06 22:07:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-06-05 21:35:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-08-05 20:30:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.413.165.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24050.5
Error code: 0x80240017
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2024-04-21 22:10:45
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.409.203.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24030.4
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2024-04-21 22:10:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.409.436.0
Previous security intelligence Version: 1.409.203.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.24030.4
Previous Engine Version: 1.1.24030.4
Error code: 0x80004004
Error description: Operation aborted

Date: 2024-04-21 22:10:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.409.436.0
Previous security intelligence Version: 1.409.203.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.24030.4
Previous Engine Version: 1.1.24030.4
Error code: 0x80004004
Error description: Operation aborted

CodeIntegrity:
===============
Date: 2024-08-24 12:49:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Endpoint Protection SDK\wsc_agent.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-08-24 12:49:19
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.16 12/11/2019
Motherboard: CML Doc_WC
Processor: Intel® Core™ i5-10210U CPU @ 1.60GHz
Percentage of memory in use: 67%
Total physical RAM: 7908.93 MB
Available physical RAM: 2543.63 MB
Total Virtual: 14820.93 MB
Available Virtual: 6029.69 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:49.51 GB) (Model: HFM512GDJTNG-8310A) NTFS

\\?\Volume{9ee5527a-b581-4082-9daa-7bd12ccac72a}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.15 GB) NTFS
\\?\Volume{86c883d1-e40f-4015-83c4-323d74e37997}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Thank you to whomever takes a look at this. Much appreciated.


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,258 posts

Hi, ByronM1759.

 

I'm closing this topic, since you are getting assistance here: Not experienced enough to know what's wrong, but something is. Please help. - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP