Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Chrome to let Isolated Web App access sensitive USB devices

Featured Deal: Block malvertising with $60 off AdGuard ad blocker

Latest Buyer's Guide:    Best web browsers with built in VPN: Boost online privacy

Generic User Avatar

Windows 10 Trojan message

Started by husky1954 , Jun 20 2024 02:29 PM

  • Please log in to reply
67 replies to this topic

#31 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted 21 June 2024 - 07:21 PM

Thank you.

Click Start, type cmd, then select Run as administrator
type sfc /scannow and hit Enter
When completed, let me know what the results say, i.e no integrity violations, could not repair files, etc.


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

BC AdBot (Login to Remove)

 

#32 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 25 June 2024 - 09:17 PM

Hi Gary.    So sorry I did not see your reply until now.   It was put on a 3rd page by it self.

 

Here are the results.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

#33 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 25 June 2024 - 11:39 PM

Hi Gary.  I am having cataract surgery on my left eye tomorrow.  I will have my tablet with me.  However, I will have a hard time reading. I will do the best I can.

Will be staying with my brother, so I won't have access to my computer until Thursday.  If you need something done on my computer let me know.  I may be able 

to get a ride back.


#34 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted 26 June 2024 - 09:33 AM

Take care of yourself first and we can wait on all of this until you are up to it.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#35 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 26 June 2024 - 09:37 AM

TY


#36 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 27 June 2024 - 04:05 PM

Gary,

The surgery went well yesterday.  I am seeing well enough to read with reading glasses.

I am ready to start again when you are.

 

Mike


#37 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted 27 June 2024 - 08:37 PM

Glad to hear that Mike.

Are you able to run a FRST scan in normal boot?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#38 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 28 June 2024 - 04:01 AM

Yes ran FRST from desktop.


#39 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted 28 June 2024 - 07:55 AM

Great, can you copy and paste both reports in your reply?


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#40 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 28 June 2024 - 10:56 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.06.2024
Ran by Main (administrator) on DESKTOP-8JE58SU (HP 750-427c) (28-06-2024 02:56:16)
Running from C:\Users\Main\Desktop\FRST64.exe
Loaded Profiles: Main
Platform: Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhdc.inf_amd64_7f14eb0fd6d4fd5b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21968.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21968.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2018-12-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [1883704 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [423832 2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45626272 2024-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\Run: [MicrosoftEdgeAutoLaunch_76C40646BBD3800935311AFFC2552034] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-06-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\Run: [Opera Browser Assistant] => C:\Users\Main\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3968928 2024-04-11] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31349528 2024-03-20] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\MountPoints2: {f87aa301-59f9-11ed-9672-dcfe07d4fea7} - "F:\LaunchU3.exe" -a
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MX310 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8Z.DLL [27648 2007-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\windows\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX310 series: C:\windows\system32\CNMLM8Z.DLL [258560 2007-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MX310: C:\windows\system32\CNCF2Ld.DLL [183296 2007-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\...\Print\Monitors\LIDIL hpzlllhn: C:\windows\system32\hpzlllhn.dll [58112 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-10-26]
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {EDDB656E-CDE0-4982-8992-D90A71B5CD64} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A4769EED-4961-4E15-909E-5F6733C3692B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {C57ACA29-2F8D-441F-86E0-7D5ECDDD505B} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [5079448 2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {DA9A0344-405D-4D9A-9161-97A7E8262337} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {E69B246B-B3CD-4E84-A946-313E9A6D64C2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {30DF480A-0C8B-46B1-8219-30444B96BFD3} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-06-07] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "c37bd6e1-6ba2-406e-ad25-5ed2e32bef7f" --version "6.25.11093" --silent
Task: {904FF389-292F-43D9-9541-772A5DE8426E} - System32\Tasks\CCleanerSkipUAC - Main => C:\Program Files\CCleaner\CCleaner.exe [39449504 2024-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DC880CD8-F4B3-4BED-9414-D5180410323D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [31000 2024-03-20] (Garmin International, Inc. -> )
Task: {6D809F57-0CA8-4961-BB3D-6162FD285272} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-05-13] (HP Inc. -> HP Inc.)
Task: {5271C275-62DE-402D-9B87-27EBBCA73777} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  -> C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\/f
Task: {B6E30815-376D-484B-8B6D-FB2886F99A9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-05-13] (HP Inc. -> HP Inc.)
Task: {941D26F4-957D-47CA-950D-E1979845F466} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {DF1E0514-6086-4485-BE1B-B4D45420E70A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-18] (HP Inc. -> HP Inc.)
Task: {29C76D5B-AE91-4700-A12B-24E4C791682C} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64472 2024-06-18] (HP Inc. -> HP Inc.)
Task: {F7F315D0-C294-4B62-AFDD-FFEE7730336E} - System32\Tasks\HPEA3JOBS => C:\Program  -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {7E5A751D-55DE-4C6B-922B-29A61B8D28E4} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {0E0EC0F5-D9AA-4804-842F-DF6A371F7B4D} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {808AAD00-8AC4-419C-9501-71740F18C908} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {EA6965C3-928F-4BC9-914B-89E143D2663E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947768 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {C1633AFC-CB21-4F09-B1F9-82F0C40B434C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {436F5C59-BC52-4767-9FFC-DF8453784B97} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5323D2F-D106-4C32-9304-FBDA83B69A17} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [437816 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1192D833-20FE-41DC-98B0-DF1A1515622F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {54965C12-CF64-4E91-BD72-F145E59AD4BC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-07-21] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\Update Core\--logon
Task: {44F4DA27-56A5-4F73-8772-1EBCF3D18C07} - System32\Tasks\Opera scheduled assistant Autoupdate 1703010764 => C:\Users\Main\AppData\Local\Programs\Opera\launcher.exe [1595296 2024-06-27] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Main\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D3F30B85-8E41-4149-938A-71BBA868794B} - System32\Tasks\Opera scheduled Autoupdate 1685974122 => C:\Users\Main\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5749664 2024-06-25] (Opera Norway AS -> Opera Software)
Task: {56FC7D46-A40C-4EC0-A575-1517B778BF46} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2018-12-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1C973358-9213-4806-9355-B4A128F4E57C} - System32\Tasks\update-S-1-5-21-3509614529-1817421791-1398712029-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {BE4B7FE3-521D-4E7C-B9C5-8CB69E14A923} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3509614529-1817421791-1398712029-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4d27ffc8-7ff0-40c1-89b8-cea5d8bc1cbd}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}: [DhcpDomain] lan
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}\033443534454: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}\3456E647572797C496E6B643237313: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}\3456E647572797C496E6B643237313: [DhcpDomain] Home
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}\37861646F677279646765613: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f756bca5-0cd0-45e4-9a88-d4c2124cabc6}\741627975376: [DhcpNameServer] 24.248.131.30
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Main\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-28]
Edge DownloadDir: Default -> C:\Users\Main\Downloads
Edge Notifications: Default -> hxxps://www.jotform.com; hxxps://www.walkfitplatinumsale.com
Edge HomePage: Default -> hxxps://duckduckgo.com/
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Google Docs Offline) - C:\Users\Main\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]
Edge Extension: (Edge relevant text changes) - C:\Users\Main\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-14] (Adobe Inc. -> Adobe Systems Inc.)
 
Opera: 
=======
OPR DefaultProfile: Default
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [9026968 2024-06-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [761752 2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1198488 2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-09-16] (Avast Software s.r.o. -> AVAST Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [895552 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [894416 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [890832 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-06-18] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [894928 2024-03-25] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [181360 2016-06-21] (Intel® RMT -> Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8895072 2024-06-20] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-20] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_7f14eb0fd6d4fd5b\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20424 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229832 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [380360 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292808 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269768 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548808 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97848 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69168 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [941640 2024-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1195464 2024-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203832 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306744 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34952 2016-06-21] (Intel® RMT -> Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221136 2024-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2024-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-06-27] (Malwarebytes Inc. -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-28 02:56 - 2024-06-28 02:56 - 000000000 ____D C:\Users\Main\Desktop\FRST-OlderVersion
2024-06-27 12:03 - 2024-06-27 12:03 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-06-27 12:03 - 2024-06-27 12:03 - 000000000 ___HD C:\ProgramData\temp
2024-06-25 06:28 - 2024-06-25 06:28 - 002511940 _____ C:\WINDOWS\Minidump\062524-9812-01.dmp
2024-06-23 18:04 - 2024-06-23 18:05 - 002412916 _____ C:\WINDOWS\Minidump\062324-7343-01.dmp
2024-06-22 14:20 - 2024-06-22 14:20 - 002488604 _____ C:\WINDOWS\Minidump\062224-7265-01.dmp
2024-06-21 12:55 - 2024-06-21 12:56 - 000037988 _____ C:\Users\Main\Desktop\Addition.txt
2024-06-21 12:54 - 2024-06-28 02:56 - 000029623 _____ C:\Users\Main\Desktop\FRST.txt
2024-06-21 12:54 - 2024-06-28 02:56 - 000000000 ____D C:\FRST
2024-06-21 12:37 - 2024-06-28 02:56 - 002395648 _____ (Farbar) C:\Users\Main\Desktop\FRST64.exe
2024-06-21 09:23 - 2024-06-21 09:23 - 002395648 _____ (Farbar) C:\Users\Main\Downloads\Unconfirmed 172091.crdownload
2024-06-21 06:03 - 2024-06-25 06:28 - 1364358092 _____ C:\WINDOWS\MEMORY.DMP
2024-06-21 06:03 - 2024-06-21 06:03 - 002443996 _____ C:\WINDOWS\Minidump\062124-6968-01.dmp
2024-06-20 22:57 - 2024-06-28 02:48 - 000000000 ____D C:\Users\Main\AppData\Local\Malwarebytes
2024-06-20 22:57 - 2024-06-20 22:57 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-06-20 22:57 - 2024-06-20 22:57 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-06-20 22:57 - 2024-06-20 22:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-06-20 22:57 - 2024-06-20 22:57 - 000000000 ____D C:\Program Files\Malwarebytes
2024-06-20 22:54 - 2024-06-20 22:56 - 277685776 _____ (Malwarebytes) C:\Users\Main\Downloads\MBSetup-076981.076981-5.1.5.116 (1).exe
2024-06-20 20:47 - 2024-06-27 12:03 - 000001624 _____ C:\Users\Main\Desktop\Rkill.txt
2024-06-20 20:47 - 2024-06-20 20:47 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Main\Downloads\rkill.exe
2024-06-20 20:47 - 2024-06-20 20:47 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Main\Downloads\rkill64.exe
2024-06-20 18:26 - 2024-06-20 20:14 - 000000000 ____D C:\Users\Main\AppData\Local\ElevatedDiagnostics
2024-06-20 18:20 - 2024-06-21 12:57 - 000000000 ____D C:\WINDOWS\pss
2024-06-20 18:20 - 2024-06-21 12:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-06-16 21:30 - 2024-06-16 21:30 - 000056256 _____ C:\WINDOWS\system32\lc.dat
2024-06-12 05:44 - 2024-06-12 05:46 - 000000000 ___HD C:\$WinREAgent
2024-06-11 22:44 - 2024-06-11 22:44 - 000315288 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-28 02:40 - 2020-11-06 08:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-28 02:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-27 12:10 - 2020-11-06 08:13 - 000936842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-27 12:10 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-27 12:03 - 2020-11-06 08:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-27 12:03 - 2020-11-06 08:09 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-27 12:03 - 2017-12-30 18:15 - 000000000 ____D C:\ProgramData\AVAST Software
2024-06-27 12:03 - 2017-02-10 15:16 - 000000000 ____D C:\Program Files\CCleaner
2024-06-27 12:03 - 2016-10-26 07:20 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-27 12:02 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-27 11:28 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-27 11:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-27 11:02 - 2023-06-05 08:08 - 000004258 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1685974122
2024-06-27 11:02 - 2023-06-05 08:08 - 000001394 _____ C:\Users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-06-25 22:42 - 2022-11-03 14:22 - 000000000 ____D C:\Users\Main\Documents\Recipes
2024-06-25 06:30 - 2018-05-13 14:05 - 000941640 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-06-25 06:28 - 2024-04-07 07:24 - 000000000 ____D C:\WINDOWS\Minidump
2024-06-24 03:53 - 2018-05-13 14:05 - 001195464 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-06-22 21:14 - 2018-05-13 14:58 - 000000000 ____D C:\Users\Main\AppData\Local\D3DSCache
2024-06-22 08:34 - 2020-06-19 01:17 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-20 22:57 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-06-20 20:57 - 2017-10-19 09:13 - 000000000 ____D C:\Users\Main\AppData\Local\Packages
2024-06-20 20:45 - 2022-09-20 14:05 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-06-20 20:20 - 2021-12-15 19:21 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-20 10:54 - 2022-09-20 14:05 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-06-20 10:54 - 2020-11-06 08:15 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-06-18 08:29 - 2022-01-26 15:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-06-18 08:29 - 2022-01-26 15:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-06-17 12:25 - 2018-05-08 00:55 - 000000000 ____D C:\Users\Main\Documents\Help
2024-06-15 17:14 - 2022-10-11 06:17 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-15 17:14 - 2022-10-11 06:17 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-06-15 17:14 - 2020-11-06 08:15 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-06-11 22:44 - 2020-12-10 05:51 - 000548808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-06-11 22:44 - 2020-11-06 08:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-06-11 22:44 - 2020-02-25 05:05 - 000269768 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-06-11 22:44 - 2019-01-24 17:34 - 000380360 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-06-11 22:44 - 2019-01-18 08:38 - 000292808 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-06-11 22:44 - 2019-01-18 08:38 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-06-11 22:44 - 2019-01-18 08:38 - 000020424 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-06-11 22:44 - 2018-10-23 09:49 - 000028728 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-06-11 22:44 - 2018-05-13 14:05 - 000306744 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-06-11 22:44 - 2018-05-13 14:05 - 000229832 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-06-11 22:44 - 2018-05-13 14:05 - 000097848 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-06-11 22:44 - 2018-05-13 14:05 - 000069168 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-06-11 21:09 - 2020-11-06 08:09 - 000359864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-06-11 21:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-06-11 20:59 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-11 20:56 - 2020-11-06 08:13 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-06-11 20:46 - 2016-12-13 11:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-06-11 20:44 - 2016-12-13 11:49 - 199048176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-06-06 04:50 - 2020-11-06 08:15 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-06 04:50 - 2020-11-06 08:15 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-31 15:20 - 2023-12-19 12:32 - 000003760 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1703010764
2024-05-31 15:20 - 2022-12-04 20:43 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2024-05-31 15:20 - 2021-08-18 16:50 - 000002252 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Main
 
==================== Files in the root of some directories ========
 
2024-04-07 21:51 - 2024-04-07 21:51 - 000003584 _____ () C:\Users\Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-06 16:27 - 2023-08-10 22:52 - 000007605 _____ () C:\Users\Main\AppData\Local\resmon.resmoncfg
2017-07-02 08:50 - 2017-07-02 08:50 - 000000003 _____ () C:\Users\Main\AppData\Local\updater.log
2017-07-02 08:50 - 2017-07-02 08:50 - 000000425 _____ () C:\Users\Main\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

#41 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted 28 June 2024 - 10:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.06.2024
Ran by Main (28-06-2024 02:57:21)
Running from C:\Users\Main\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4529 (X64) (2020-11-06 14:15:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3509614529-1817421791-1398712029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509614529-1817421791-1398712029-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3509614529-1817421791-1398712029-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3509614529-1817421791-1398712029-501 - Limited - Disabled)
Main (S-1-5-21-3509614529-1817421791-1398712029-1001 - Administrator - Enabled) => C:\Users\Main
WDAGUtilityAccount (S-1-5-21-3509614529-1817421791-1398712029-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20857 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ANT Drivers Installer x64 (HKLM\...\{D2B4737B-0A1E-4C5B-AEB9-49A2BBD336ED}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.5.6116 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 6.25 - Piriform)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Elevated Installer (HKLM-x32\...\{5D30B228-8185-473A-A710-59B503D0E631}) (Version: 7.20.3.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Garmin Express (HKLM-x32\...\{c6571d14-572e-41c8-ba10-46a74d5d0e01}) (Version: 7.20.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E57F5608-BBB3-4623-8062-86BA4081C0ED}) (Version: 7.20.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.111.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP Inc.)
HP ePrint SW (HKLM\...\{1B1E721E-4843-465C-867F-E8651E5ABCD1}) (Version: 5.1.19895 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{70FF7FA8-1775-4D18-855B-DDB5AE876486}) (Version: 5.1.19895 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{804E6C19-C29C-4C2A-AB7D-84F657F36A1A}) (Version: 5.1.19895 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{9E79DC8C-9CBD-4BFF-B1C6-DDE56471600E}) (Version: 5.1.19895 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{2460D024-A262-43EE-B83B-D990D7188252}) (Version: 5.1.19895 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{E1FE22DE-22EF-4235-A56A-287CE38AA584}) (Version: 5.1.19895 - HP Inc.) Hidden
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM\...\{1A083C69-5382-4CF9-8074-80EC050D9FC8}) (Version: 3.5.171.271 - HP) Hidden
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Orbit Service (HKLM\...\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}) (Version: 2.5.171.271 - HP Inc) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel® Chipset Device Software (HKLM\...\{94E05108-3E4E-4F2E-AC5F-33A1B22B779C}) (Version: 10.1.1.44 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2026.14.0.1676 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{38311187-61A3-493F-880A-CCA93718AFAE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{941C4885-7886-4BEA-A222-C6A187D5FD9F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{4EAF526C-F3AC-415F-839E-397DD2943BB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{BAD8B014-371F-43A5-9004-FF2078BBDD18}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.1.1020 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{82B8C0DF-94E9-4E42-B132-47F13CD5EE3C}) (Version: 15.9.1.1020 - Intel Corporation) Hidden
Intel® Ready Mode Technology (HKLM\...\{56F58306-9501-4933-8AC5-7079891D5AD0}) (Version: 1.1.70.525 - Intel Corporation)
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{F50984E6-5E69-4A75-B1A5-7F5B4D964EB0}) (Version: 19.11.1641.0703 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 5.1.5.116 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.5.116 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.68 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{22EDC529-0D1F-47E1-938E-6EB6BAB3E573}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{58147998-2831-44F6-B716-E2B25B697A35}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 (HKLM\...\{B0B194F8-E0CE-33FE-AA11-636428A4B73D}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 (HKLM\...\{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 551.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 551.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0516 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0516 - NVIDIA Corporation)
OpenOffice 4.1.4 (HKLM-x32\...\{4138A847-021B-4C26-B6BF-220B2446F603}) (Version: 4.14.9787 - Apache Software Foundation)
Opera Stable 111.0.5168.43 (HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\Opera 111.0.5168.43) (Version: 111.0.5168.43 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8237 - Realtek Semiconductor Corp.)
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0664 - Intuit Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
waziperStateIS (HKLM-x32\...\{CC134703-E6D7-49B5-AD75-FB05BC7D404E}) (Version: 022.000.0109 - Intuit Inc.) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
 
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-15] ()
Drawboard PDF -> C:\Program Files\WindowsApps\DRAWBOARD.DRAWBOARDPDF_6.60.35.0_x64__gqbn7fs4pywxm [2024-06-05] (Drawboard)
Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2023-10-15] (www.facebook.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2024-03-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_154.2.1075.0_x64__v10z8vjag6ke6 [2024-06-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.35.35.0_x64__v10z8vjag6ke6 [2024-05-20] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.10.6191.0_x64__8wekyb3d8bbwe [2024-06-22] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-19] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-23] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-03-06] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3509614529-1817421791-1398712029-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-20] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_7f14eb0fd6d4fd5b\nvshext.dll [2024-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2024-06-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-20] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2024-06-12 09:00 - 2024-06-12 09:00 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\634ad225fcdc6c63108ca5ff6a7bdfb7\BRIDGECommon.ni.dll
2024-05-15 09:47 - 2024-05-15 09:47 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\fab9f855c4072461fc63ccab9eb60cf6\BridgeExtension.ni.dll
2024-05-15 09:47 - 2024-05-15 09:47 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\4d31e69d4af3d9287f0943556ccd642b\CleanStartController.ni.dll
2024-05-15 09:47 - 2024-05-15 09:47 - 000135168 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\22ce440df0c4bdb2a454e4fda375a097\CommonPortable.ni.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {27F5BC6B-277A-43CC-B862-657877A6DF8B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {27F5BC6B-277A-43CC-B862-657877A6DF8B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3509614529-1817421791-1398712029-1001 -> {27F5BC6B-277A-43CC-B862-657877A6DF8B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-05-13] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-05-13] (HP Inc. -> HP Inc.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 05:47 - 2019-01-04 02:10 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2017-11-11 23:54 - 2017-11-11 23:55 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3509614529-1817421791-1398712029-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3509614529-1817421791-1398712029-1001\...\StartupApproved\Run: => "GarminExpress"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{70FBBAFF-20D0-4049-8A47-B63786FCE310}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{46767D32-3020-4E38-AFEB-4DA4A82FBB0F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{21459643-9A4C-47A2-A3A5-0977BF21D74D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{FB932164-9613-4FA1-9B00-24CBAB594058}] => (Allow) LPort=13148
FirewallRules: [{EE6EC17E-C737-44C9-84A2-3FD4A64F2836}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{942B64D2-C685-4949-BF5E-FB5E06A2BD48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{69239499-EF66-4708-B3E0-7BF3DB8C87EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{413BD4CC-F008-4FD3-A456-D85B7758650D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B32382F5-8D3B-4A9C-BF08-C96A0AE38C73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4B8D1F70-AFE1-4496-9D4F-6E3E89DF4C09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{70402FE2-CA65-4AF0-A5B9-F35EA17D50AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C32A8119-3420-492F-9212-F40BAEC35922}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F654A43-AAE2-4C89-AF85-639B5969D1C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CD3E50A-26F1-460F-927D-3C20D3797224}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C14479AF-DCC3-4A57-AB38-52F630B8C776}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1A8B0C72-B442-4561-BF8B-51AD5B769B4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C452E1FE-7FDC-47FE-9438-BA439F06B676}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{A5850618-5026-4DBF-832B-CAF3F4E0A33F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{5F5652EE-5733-4976-A462-55210727D1A1}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{907292D4-25C6-4B70-9DB4-D0D0CDE9B0D7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{8820F8A3-21C7-474A-AF43-1AB7EAF30134}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{C5D86ADF-883D-4197-AD4D-40A097D74CEB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{4C5E0C7F-CA65-4850-9B81-4105EF9F39CE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{8DC7BFAF-678F-4E7A-A95C-93A51EEC9EDA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{A5373CC8-D2E3-4198-A652-884D103B02F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [TCP Query User{2EF360C7-59A6-4268-A26C-7964E9C4D3FB}C:\users\main\appdata\local\programs\opera\opera.exe] => (Block) C:\users\main\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{930209A5-6110-401C-A9EF-52CA790B58A6}C:\users\main\appdata\local\programs\opera\opera.exe] => (Block) C:\users\main\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{44254165-B4C6-4DF7-B63F-1424ECA33A22}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D1BFD09-66CD-46E8-820A-76B0581862B3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25BF7A95-5727-4C21-A5E6-315F633C852A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F2A36A7-A8B0-4A23-A694-EE76B2971835}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.122.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB4D3E76-FFF0-4AE0-B946-C10B87DCB48C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
20-06-2024 13:48:20 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/27/2024 05:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.19041.4355, time stamp: 0x9ce47784
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x1844
Faulting application start time: 0x01dac8bc448f1e3b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: d0abf411-3411-49d4-aa39-2c0f4a60a880
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2024 05:06:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 10.0.19041.4355, time stamp: 0x9ce47784
Faulting module name: ntdll.dll, version: 10.0.19041.4522, time stamp: 0x8a1bb6f3
Exception code: 0xc0000005
Fault offset: 0x000000000002f23f
Faulting process id: 0x1844
Faulting application start time: 0x01dac8bc448f1e3b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 08ab6d3c-9a7e-407c-a3b7-96acac6c61d6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-8JE58SU.local already in use; will try DESKTOP-8JE58SU-2.local instead
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-8JE58SU.local. Addr 192.168.1.22
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.22:5353   16 DESKTOP-8JE58SU.local. AAAA 2605:59C8:0089:3A10:6D11:DC15:4BC5:E9CC
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8JE58SU.local. AAAA FE80:0000:0000:0000:D4DE:6820:8BF3:4503
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.22:5353   16 DESKTOP-8JE58SU.local. AAAA 2605:59C8:0089:3A10:6D11:DC15:4BC5:E9CC
 
Error: (06/27/2024 12:20:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 DESKTOP-8JE58SU.local. AAAA FD27:9EDD:78B7:0010:F80C:7AE3:54A6:6BF9
 
 
System errors:
=============
Error: (06/27/2024 05:06:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/27/2024 04:40:28 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
Error: (06/27/2024 04:40:28 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
Error: (06/27/2024 11:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
Access is denied.
 
Error: (06/25/2024 10:24:04 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
Error: (06/25/2024 10:24:04 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
Error: (06/25/2024 12:39:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error: 
Access is denied.
 
Error: (06/25/2024 06:43:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
 
CodeIntegrity:
===============
Date: 2024-06-27 12:05:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
Date: 2024-06-27 12:05:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
 
Date: 2024-06-27 12:04:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-06-27 12:04:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: AMI F.45 05/22/2019
Motherboard: HP 828A
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 16329.56 MB
Available physical RAM: 10807.04 MB
Total Virtual: 18761.56 MB
Available Virtual: 11565.19 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:450.81 GB) (Free:362.61 GB) (Model: CT500MX500SSD1) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.7 GB) (Free:4.76 GB) (Model: CT500MX500SSD1) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{685f49dd-25d3-435d-a448-5814b8782297}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{2db22ce2-6a5e-44ff-8039-34ef351b887a}\ (Windows RE tools) (Fixed) (Total:0.46 GB) (Free:0.01 GB) NTFS
\\?\Volume{8bea5e7e-17f6-424b-bce1-e6982152061a}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 066C2D81)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

#42 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted 28 June 2024 - 09:26 PM

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
S3 WinRing0_1_2_0; \??\C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.sys [X] 
Task: {EDDB656E-CDE0-4982-8992-D90A71B5CD64} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {941D26F4-957D-47CA-950D-E1979845F466} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File) 
Task: {0E0EC0F5-D9AA-4804-842F-DF6A371F7B4D} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe (No File) 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File 
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) 
2024-06-27 12:03 - 2020-11-06 08:09 - 000008192 ___SH C:\DumpStack.log.tmp 
2024-06-21 09:23 - 2024-06-21 09:23 - 002395648 _____ (Farbar) C:\Users\Main\Downloads\Unconfirmed 172091.crdownload 
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs () [File not signed] 
2024-06-21 09:23 - 2024-06-21 09:23 - 002395648 _____ (Farbar) C:\Users\Main\Downloads\Unconfirmed 172091.crdownload
Zip: C:\WINDOWS\Minidump
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please upload the file here.
===================================================

Please run Windows Update until there are no more updates available or you receive an error message. If your receive an error, provide the error information in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog
  • Uploaded zip file
  • Windows Update results

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#43 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted Yesterday, 01:19 AM

Ok Gary. I copied the code you posted.

And ran FRST64.

You are a great and mighty cyber warrior.

it did not give me the option to click fix.


Edited by husky1954, Yesterday, 01:22 AM.

#44 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,110 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:08:31 PM

Posted Yesterday, 07:52 AM

Thank you for your kindness.

You need to right click on FRST64.exe, select Run as administrator, copy the text from Start:: to End:: then click Fix on the FRST window. Are you saying you did that, in that order, but you didn't see a Fix button on the FRST window?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#45 husky1954

husky1954
  • Topic Starter

  • Avatar image
  • Members
  • 83 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Eagle, CO
  • Local time:08:31 PM

Posted Yesterday, 08:35 AM

yes

 

I will try to run it again if you want.  I think i clicked scan.


Edited by husky1954, Yesterday, 08:38 AM.

Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·