potential hacked computer/malware/virus combination. request help

[JoshuaCM]

Note: I have run farbar back in November. Today, I tested running the program as an administrator. When i did, it automatically updated, and here is what happened:
Avast detected something called IDP.HELU.AID15 and quarantined it. Supposedly this is some kind of bad virus. I do think farbar is known to be detected as a false positive, but not with this. I wonder if you can advise how to get FARBAR without this. I have also had Microsoft software that was uploaded to their servers with a trojan before. If you can help me know where i can get farbar without some virus in it, this will be helpful. My system has all kinds of activity on it for several months, and it seems very odd to me, since i did not have this happening. I do not know whether i can get it online, or I need to take it in. It appears like there is probably a combination of installed viruses/malware that is programed to run like some sort of mouse clicking and scrolling by itself, and then a hacker will navigate throughout the screen and highlight things and click things, delete things, and type things. It shows manual and automatic things, but it is not on specific schedule. Something that a person would need to run on their own time. Please advise. I can describe this in more detail, and suspicions based on research and people's opinions, but I understand that you prefer farbar logs. However, as i said, this program has shown to be infected. I could remove it from quarantine, but i think this particular infection is likely not a false positive.

 

[Gary R]

It is highly unlikely that the copy of FRST you have downloaded is infected, and it is much more likely that this is just a false positive from Avast.

If you are in any doubt, download FRST using a different (clean) computer, and transfer it to your infected machine using a USB drive.

• If you have a 32 bit system Download FRST
• If you have a 64 bit system Download FRST64
• If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.

Once it's on your infected machine ....

• Double click Frst.exe to launch it.
• FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

 

[JoshuaCM]

Something I am concerned about though, is I do not know if I ran the program correctly. It ran automatic fixes but it didn't the last time i ran it


Loaded Profiles: Joshua
Platform: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acresso Software Inc. -> Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <36>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Updater\Updater\EPNetUpdater.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam6\YouCamService6.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Greatis Software LLC -> Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(NETGEAR -> ) C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(VirtualShield LLC -> ) C:\Program Files\VirtualShield\VirtualShield.exe
(VirtualShield LLC -> ) C:\Program Files\VirtualShield\VirtualShieldSvc.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9186816 2017-05-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [157464 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [VirtualShield] => C:\Program Files\VirtualShield\VirtualShield.exe [16780304 2021-11-03] (VirtualShield LLC -> )
HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [2023552 2021-10-22] (RCS LT, UAB -> RCS LT)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate Technology, LLC -> Seagate LLC)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4231392 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326152 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\RunOnceEx\@UnHackMe: [1] => C:\PROGRA~2\UnHackMe\UnHackMe.exe /p Partizan
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [AvastBrowserAutoLaunch_C883A7524CEADD572682E14163823878] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31171504 2021-07-02] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [Spotify] => C:\Users\Joshua\AppData\Roaming\Spotify\Spotify.exe [23592304 2021-01-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joshua\AppData\Local\Microsoft\Teams\Update.exe [2459344 2021-12-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3270737401-2542335873-2474156572-1004\...\Run: [MicrosoftEdgeAutoLaunch_E1A6AC1962D73EF70792D4A67BDCCE42] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\WINDOWS\system32\hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\WSPDFelementMonitor.dll [271360 2017-10-19] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\92.2.11577.159\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-01] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\Installer\chrmstp.exe [2021-12-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\87.0.7478.88\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-07-01] (CyberLink Corp. -> CyberLink)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2021-11-07]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (NETGEAR -> )
BootExecute: autocheck autochk * sdnclean64.exePartizan
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {24050E27-1806-4B07-997D-1B1658EB2E84} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {269CFCDF-17BB-4778-A8C3-589D17449FEB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {337F0B6F-E1A8-46DE-9E52-B6D545A397CC} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {3627C56B-32E9-4440-9EB7-207FD7D5236D} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-3270737401-2542335873-2474156572-1004_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [421376 2021-11-03] (Microsoft Windows -> Microsoft Corporation)
Task: {36EAEA9B-5DE2-4930-9F4F-5ABDF4FA02F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A40FDB0-00C3-4D9A-A08E-45A9129586E5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {533CBE0A-AE30-41C4-B79B-992BD5E47FA2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {55C5089C-9B2D-4F12-BC80-6E089D9703B9} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
Task: {585D66F1-65FF-4F11-B699-8654BF426CA7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {65FAB8F9-644D-4984-A546-A8DF0D7264A4} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {6E2EBAD4-4BAD-4059-852F-84780E997EEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148080 2021-10-27] (HP Inc. -> HP Inc.)
Task: {71FC8F73-D911-4DD4-8F1D-1E4E4EE615A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {75172C9B-5C68-471B-B396-C243496A0B2D} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {762A137E-4F46-4C90-B81E-9C4BCDE371F1} - System32\Tasks\Opera scheduled Autoupdate 1638909102 => C:\Users\Joshua\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {7AE51A50-7D20-4B7E-8314-011A19B45592} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1148080 2021-10-27] (HP Inc. -> HP Inc.)
Task: {7DB616B1-10F6-4A56-9443-1A9540F4B309} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GarminUpdaterTask" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7b0bdc32d6e20" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1001" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1002" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1004" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1638909102" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\UnHackMe Task Scheduler" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\YCMServiceAgent" /ENABLE
Task: {825C6F37-76E6-4392-8AF1-7BA3AA302E0E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {894EFFDC-51E4-4B8D-ADF7-9E22F751E8C1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {93AF12C8-446D-43B4-89C2-46361686C271} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
Task: {947D87CC-510D-4689-A087-8D65ECEB3B40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-10-27] (HP Inc. -> HP Inc.)
Task: {983CAFAA-57A1-4CAD-9EEE-111C455FCCBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {9AE07BF1-6BC4-4450-AE5F-CC8FE7DC86F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2021-10-27] (HP Inc. -> HP Inc.)
Task: {9DE5FD1C-C085-442F-BE61-EEE6E9AB94AB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4969240 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
Task: {A4327696-AEC0-4B42-81AA-4609F9C0BFA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A57FEE02-BEAA-4F2F-BEB4-EECD62D160F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AE78882E-D28E-46FA-BCBC-66446DF50764} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {B612ADBA-05A6-4B57-B2E8-9710679DE898} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3151AF4-991A-4AD6-840C-758B87F4EA37} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {C3EA9680-6CEF-4BD8-8809-78AD3FE56A71} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {D7474179-1B4D-43B8-ACEF-1A47F221372D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
Task: {D9F1DDEB-2119-45D0-A043-1ADF87404D17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E1ED1521-0747-4DD2-883F-840D2541FAE8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\HPDIAGS-ffd3431d-4d9c-4c82-83a2-23abc7f977a4 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [62037168 2019-04-03] (HP Inc. -> )
Task: {E1F88DFD-83BB-4A45-BEFD-BD7B1E89D5BF} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-2016B3GJ-Joshua => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E358EC1D-C1A0-4F22-9F16-94171EB05936} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {EAA67AEA-5D14-46A7-8EE7-A38C399BE30F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {ED33A3BE-CDDA-4498-811A-0B2DC99F0B26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-07-02] (Garmin International, Inc. -> )
Task: {F255C411-2D3D-4BAE-91F0-5531403F5ED1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {F38FD90C-ED43-4845-B51F-47FEB0B28190} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111032 2021-12-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3DC88B3-389A-418F-A1E9-4852413BFCC2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {F53AC649-2087-429A-BA24-68670AB0F673} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [5079904 2021-12-07] (Greatis Software LLC -> Greatis Software)
Task: {FC492CB1-46FE-46D6-AB8F-C11C2967BC78} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FE4AB7FA-559C-4C6E-AA78-44B042BE789F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\Joshua\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: C:\WINDOWS\Tasks\EOSv3 Scheduler onTime.job => C:\Users\Joshua\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{158fa440-5993-40c0-ad3b-b54f7783ca5e}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{163d0074-9fb2-47fd-8452-17843aaac670}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{248657bc-e7b7-40ce-94d9-b83e13a52576}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{248657bc-e7b7-40ce-94d9-b83e13a52576}: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{30c90d2f-2204-499f-9f6a-c56f5b8cf68e}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{40c7cea8-499e-4ab8-a5ac-2ccc21c53eb6}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{67d6d511-6e13-48be-b1af-839921e49981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6a58121f-fc15-4f28-a66c-d42846b46403}: [DhcpNameServer] 192.168.39.1
Tcpip\..\Interfaces\{8482639b-7bf6-43e9-8d46-bfa433dea6f0}: [NameServer] 8.8.8.8
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\Joshua\Downloads
Edge Notifications: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> hxxps://helpx.adobe.com
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-12-06]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-19]
Edge NewTab: Default -> Not-active:"chrome-extension://ohpagamjnemfmmgildfkjgbnabhojcdj/newtab.html"
Edge Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
Edge Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2021-08-08]
Edge Extension: (Save Tabs) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dhgkdkollobnolailbckohhaikklnnki [2021-08-08]
Edge Extension: (Avast Online Security & Privacy) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2021-10-29]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-12-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-17]
Edge Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2021-12-17]
Edge Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2021-08-08]
Edge Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2021-08-08]
Edge Extension: (Speed Dial 2 New tab) - C:\Users\Joshua\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ohpagamjnemfmmgildfkjgbnabhojcdj [2021-08-08]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-25] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-11-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-11-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-07] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-06-14] (WildTangent Inc -> )
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2021-12-19]
CHR Notifications: Default -> hxxps://chatsupport.apple.com; hxxps://meet.google.com; hxxps://www.dmv.com; hxxps://www.instantcheckmate.com; hxxps://www.otterbox.com; hxxps://www.reddit.com; hxxps://www.theepochtimes.com
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://topsites.me/"
CHR NewTab: Default -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-18]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-06-01]
CHR Extension: (Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-06-01]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-06-01]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
CHR Extension: (HelloFax) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2019-03-01]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2021-08-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-04]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-08-15]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-06-01]
CHR Extension: (Save Tabs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgkdkollobnolailbckohhaikklnnki [2021-08-08]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2020-05-16]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-06-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-04]
CHR Extension: (Speed Dial 2 New tab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2020-04-25]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2021-08-15]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-06-01]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-06-01]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2020-07-06]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-06-01]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-15]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy [2017-06-01] <==== ATTENTION
CHR HomePage: Default - Copy -> hxxp://www.facebook.com/
CHR StartupUrls: Default - Copy -> "hxxp://topsites.me/"
CHR NewTab: Default - Copy -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-06-01]
CHR Extension: (Google Slides) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-01]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-06-01]
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-01]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-06-01]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-06-01]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2017-06-01]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-06-01]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-06-01]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-06-01]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-06-01]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-06-01]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-01]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Sheets) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-06-01]
CHR Extension: (Speed Dial 2) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-06-01]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-06-01]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-06-01]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-06-01]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2017-06-01]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-06-01]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default - Copy\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-01]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1 [2017-06-01] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-01]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-01]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold [2017-06-01] <==== ATTENTION
CHR HomePage: defaultold -> hxxp://www.facebook.com/
CHR StartupUrls: defaultold -> "hxxp://topsites.me/"
CHR NewTab: defaultold -> Active:"chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Extension: (Google Translate) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-09]
CHR Extension: (Google Slides) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-19]
CHR Extension: (Entanglement Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-01-09]
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-20]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-19]
CHR Extension: (UJAM - Make your music.) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-01-09]
CHR Extension: (Session Manager) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-01-09]
CHR Extension: (Audiotool) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-01-09]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-19]
CHR Extension: (HelloFax: 5 Free Fax Pages) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2017-01-09]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-05-05]
CHR Extension: (Adblock Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (OneTab) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-13]
CHR Extension: (Weebly - Website Builder) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-01-09]
CHR Extension: (Session Buddy) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-05-08]
CHR Extension: (Google Calendar) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-09]
CHR Extension: (Avast SafePrice) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-31]
CHR Extension: (Google Sheets) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-20]
CHR Extension: (Avast Online Security) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-23]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2017-04-17]
CHR Extension: (Speed Dial 2) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2017-01-09]
CHR Extension: (Google Voice (by Google)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-01-09]
CHR Extension: (WordPress.com) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-01-09]
CHR Extension: (Until AM Web App) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2017-01-09]
CHR Extension: (Adblock Plus development build) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\ldcecbkkoecffmfljeihcmifjjdoepkn [2017-05-31]
CHR Extension: (Poppit!) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-01-09]
CHR Extension: (AppLauncher) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\mnbfkkkpphlcbeaeemeblclibjnofamn [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (SEO for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2017-01-09]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\defaultold\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-07]
CHR HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hpacaholihkepnhgeeiipghhgonbhdfb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8480848 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [452888 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [452888 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\elevation_service.exe [1721904 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-04] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129160 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
S4 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [143488 2021-10-22] (RCS LT, UAB -> RCS LT)
S4 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [151168 2021-10-22] (RCS LT, UAB -> RCS LT)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3274432 2021-04-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399208 2017-06-14] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [755704 2021-10-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [754184 2021-10-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [751104 2021-10-27] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-11-20] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [754688 2021-10-27] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
S4 hshld_10.22.4; C:\Program Files (x86)\Hotspot Shield\10.22.4\bin\cmw_srv.exe [242776 2021-10-22] (Pango Inc. -> Pango Inc.)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-22] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-03-29] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-03] (ADLICE (ASCOET JULIEN) -> )
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [137920 2021-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 VirtualShieldService; C:\Program Files\VirtualShield\VirtualShieldSvc.exe [624656 2021-11-03] (VirtualShield LLC -> )
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4575688 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] (NETGEAR -> )
S2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [51936 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [129216 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [222128 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [368152 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [251928 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [185216 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538992 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852752 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [544096 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214352 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317680 2021-12-09] (Avast Software s.r.o. -> AVAST Software)
S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-29] (CyberLink Corp. -> CyberLink Corporation)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [83248 2020-09-03] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [153040 2021-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [135984 2020-12-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [195224 2020-09-03] (Bitdefender SRL -> BitDefender LLC)
R3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [1044768 2021-09-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-28] (Malwarebytes Inc -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [94600 2021-10-22] (Pango Inc. -> Pango Inc)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [25312 2007-01-19] (NETGEAR -> Windows (R) Codename Longhorn DDK provider)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2021-11-02] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [641736 2021-02-26] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 iswSvc; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-19 21:16 - 2021-12-20 09:18 - 000000000 ____D C:\Users\Joshua\Downloads\FRST-OlderVersion
2021-12-19 20:37 - 2021-12-19 20:37 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\D3DSCache
2021-12-19 19:02 - 2021-12-19 19:02 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\HP_Inc
2021-12-19 18:49 - 2021-12-19 18:49 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3270737401-2542335873-2474156572-1004
2021-12-19 18:39 - 2021-12-19 18:39 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\CrashDumps
2021-12-19 18:37 - 2021-12-19 18:37 - 000000000 ___HD C:\OneDriveTemp
2021-12-19 18:09 - 2021-12-19 18:09 - 000004040 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-3270737401-2542335873-2474156572-1004_0
2021-12-19 18:08 - 2021-12-19 18:42 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\UnHackMe
2021-12-19 17:39 - 2021-12-19 17:39 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\HP
2021-12-19 17:32 - 2021-12-19 17:32 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\VirtualShield
2021-12-17 09:40 - 2021-12-17 09:41 - 018678228 _____ C:\Users\Joshua\Downloads\Hope. Peace. Joy. Love. _ Christmas prayer guide for Myanmar (4-Dec to 4-Jan).pdf
2021-12-15 20:04 - 2021-12-15 20:04 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3270737401-2542335873-2474156572-1001
2021-12-14 16:15 - 2021-12-14 16:15 - 005198336 _____ (AVAST Software) C:\Users\Joshua\Documents\aswMBR.exe
2021-12-14 13:27 - 2021-12-14 13:27 - 000572138 _____ C:\Users\Joshua\Documents\facetofacewithGod.pdf
2021-12-09 10:03 - 2021-12-09 10:02 - 000214352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-12-09 10:03 - 2021-12-09 10:01 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-12-08 10:31 - 2021-12-08 10:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-12-08 10:31 - 2021-12-08 10:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-12-08 10:06 - 2021-12-08 10:06 - 000034405 _____ C:\Users\Joshua\Documents\Scan Results.211208-1006.txt
2021-12-07 13:32 - 2021-12-07 13:35 - 000000000 ____D C:\Users\Joshua\AppData\Local\Opera Software
2021-12-07 13:31 - 2021-12-14 18:30 - 000003610 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638909102
2021-12-07 13:22 - 2021-12-07 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2021-12-07 13:22 - 2021-12-07 13:22 - 000000000 ____D C:\Users\Joshua\AppData\Local\Safer-Networking Ltd
2021-12-07 13:22 - 2021-12-07 13:22 - 000000000 ____D C:\Safer-Networking Ltd
2021-12-07 13:22 - 2021-12-07 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2021-12-07 13:21 - 2021-12-19 18:29 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-12-07 13:21 - 2021-12-07 13:45 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-12-07 13:21 - 2021-12-07 13:35 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Opera Software
2021-12-07 13:21 - 2021-12-07 13:21 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-12-07 13:21 - 2021-12-07 13:21 - 000001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2021-12-07 13:21 - 2021-12-07 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-12-07 13:21 - 2021-12-07 13:21 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2021-12-07 13:21 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2021-12-07 13:21 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2021-12-07 00:24 - 2021-12-07 00:30 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Joshua\Downloads\spybotsd-2.8.68.0 (1).exe
2021-12-06 21:15 - 2021-12-06 21:15 - 000000000 ____D C:\Users\Joshua\Documents\swsetup
2021-12-01 15:30 - 2021-12-01 15:30 - 000023415 _____ C:\Users\Joshua\Documents\Call-In Notice.pdf
2021-11-28 16:22 - 2021-11-28 16:22 - 000001231 _____ C:\Users\Joshua\Documents\newmalwarebytes.txt
2021-11-28 14:54 - 2021-11-28 14:54 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-20 09:24 - 2021-11-09 16:33 - 000068909 _____ C:\Users\Joshua\Downloads\FRST.txt
2021-12-20 09:21 - 2021-11-09 16:28 - 000000000 ____D C:\FRST
2021-12-20 09:15 - 2020-09-17 11:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-19 23:12 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-19 21:16 - 2021-11-09 15:51 - 002311168 _____ (Farbar) C:\Users\Joshua\Downloads\FRST64.exe
2021-12-19 20:59 - 2021-11-08 15:31 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2021-12-19 20:57 - 2021-08-05 15:40 - 000000000 ____D C:\Users\Joshua\Documents\YouCam
2021-12-19 20:57 - 2020-09-17 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-12-19 20:50 - 2016-10-19 10:35 - 000000000 __SHD C:\Users\Joshua\IntelGraphicsProfiles
2021-12-19 20:43 - 2020-09-17 12:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-19 20:43 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-19 20:42 - 2021-11-08 16:34 - 000000254 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2021-12-19 20:42 - 2020-09-17 11:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-19 20:39 - 2020-09-17 12:02 - 000000000 ____D C:\Users\Joshua
2021-12-19 20:34 - 2020-09-17 12:18 - 000007318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-19 18:49 - 2021-08-07 16:54 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1004
2021-12-19 18:49 - 2021-08-07 16:54 - 000000000 ___RD C:\Users\JoshuaCM\OneDrive
2021-12-19 18:49 - 2021-08-07 16:06 - 000002399 _____ C:\Users\JoshuaCM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-19 18:44 - 2021-08-07 16:17 - 000000000 ____D C:\Users\JoshuaCM\Documents\YouCam
2021-12-19 18:42 - 2021-11-08 15:33 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2021-12-19 18:32 - 2021-08-07 16:06 - 000000000 __SHD C:\Users\JoshuaCM\IntelGraphicsProfiles
2021-12-19 18:30 - 2021-08-07 16:06 - 000000000 ____D C:\Users\JoshuaCM
2021-12-19 18:24 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-19 18:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-19 18:08 - 2021-08-07 16:06 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\ConnectedDevicesPlatform
2021-12-19 18:07 - 2021-08-07 17:17 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\Comms
2021-12-19 17:48 - 2015-11-02 11:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-12-19 17:45 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-19 17:39 - 2021-08-07 16:06 - 000000000 ____D C:\Users\JoshuaCM\AppData\Roaming\Hewlett-Packard
2021-12-19 17:38 - 2021-08-07 16:06 - 000000000 ____D C:\Users\JoshuaCM\AppData\Local\Packages
2021-12-19 17:07 - 2020-09-17 12:57 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-12-16 17:14 - 2016-10-19 23:27 - 000000000 ____D C:\ProgramData\AVAST Software
2021-12-16 17:07 - 2019-12-07 02:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-12-16 13:46 - 2018-05-25 14:52 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-12-16 13:46 - 2018-05-25 14:52 - 000002470 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-12-15 20:04 - 2020-09-17 12:57 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1001
2021-12-15 20:04 - 2020-09-17 12:02 - 000002393 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-14 18:45 - 2021-10-05 08:48 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7b0bdc32d6e20
2021-12-14 18:45 - 2020-09-17 12:57 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-14 18:39 - 2021-11-07 17:26 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-12-14 18:37 - 2020-10-10 12:32 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-14 18:36 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-14 18:30 - 2021-11-08 15:32 - 000002608 _____ C:\WINDOWS\system32\Tasks\UnHackMe Task Scheduler
2021-12-14 18:30 - 2021-05-24 16:38 - 000002490 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent
2021-12-14 18:30 - 2021-05-03 09:51 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3270737401-2542335873-2474156572-1002
2021-12-14 18:30 - 2020-09-17 12:57 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-14 18:30 - 2020-09-17 12:57 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-14 18:30 - 2020-09-17 12:57 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-14 18:30 - 2020-09-17 12:57 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-12-14 18:29 - 2016-10-19 09:55 - 001932008 ____N C:\WINDOWS\Minidump\121421-63140-01.dmp
2021-12-10 10:06 - 2020-09-17 12:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-12-10 09:58 - 2016-04-01 11:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-12-09 10:03 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-09 10:02 - 2019-02-23 00:35 - 000251928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-12-09 10:02 - 2019-02-23 00:35 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-12-09 10:02 - 2018-05-25 01:58 - 000317680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-12-09 10:01 - 2020-10-25 21:49 - 000185216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-12-09 10:01 - 2020-05-22 23:37 - 000544096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-12-09 10:01 - 2020-05-22 23:37 - 000538992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-12-09 10:01 - 2020-05-22 23:37 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-12-09 10:01 - 2020-05-22 23:37 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-12-09 10:01 - 2018-05-25 01:58 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-12-09 10:00 - 2020-05-22 23:37 - 000852752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-12-09 10:00 - 2020-05-22 23:37 - 000222128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-12-09 10:00 - 2019-02-23 00:35 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-12-09 09:59 - 2020-05-22 23:37 - 000368152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-12-08 22:48 - 2017-02-18 20:44 - 000000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2021-12-08 13:13 - 2021-11-08 15:32 - 000000000 ____D C:\Users\Joshua\AppData\Local\UnHackMe
2021-12-08 13:07 - 2021-11-08 15:31 - 000001087 _____ C:\Users\Joshua\Desktop\UnHackMe.lnk
2021-12-08 13:07 - 2021-11-08 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2021-12-08 12:08 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-07 13:22 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-12-06 22:19 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2021-12-06 22:13 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-06 21:58 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\registration
2021-12-06 18:33 - 2018-06-28 16:27 - 000000000 ____D C:\Users\Joshua\Downloads\HP Downloads
2021-12-05 13:33 - 2016-11-10 14:10 - 000000000 ____D C:\Users\Joshua\AppData\Local\ElevatedDiagnostics
2021-12-02 19:35 - 2021-11-04 11:35 - 000002380 _____ C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-12-02 19:35 - 2021-11-04 11:35 - 000002372 _____ C:\Users\Joshua\Desktop\Microsoft Teams.lnk
2021-11-28 16:28 - 2021-11-07 17:23 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-28 16:23 - 2021-10-30 15:44 - 003966894 _____ C:\WINDOWS\ntbtlog.txt
2021-11-28 14:55 - 2018-07-25 17:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-11-22 23:06 - 2020-07-24 11:15 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-22 23:06 - 2019-07-07 09:13 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-22 23:05 - 2019-07-07 09:13 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-11-22 22:58 - 2017-10-01 15:10 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-22 22:58 - 2016-10-21 14:16 - 000000000 ____D C:\ProgramData\Malwarebytes

==================== Files in the root of some directories ========

2017-01-17 10:29 - 2017-01-18 10:43 - 001221397 _____ () C:\Users\Joshua\AppData\Local\ars.cache
2017-01-17 10:31 - 2017-01-17 10:31 - 001286928 _____ () C:\Users\Joshua\AppData\Local\census.cache
2017-01-17 09:34 - 2017-01-17 09:34 - 000000036 _____ () C:\Users\Joshua\AppData\Local\housecall.guid.cache
2017-02-15 20:35 - 2017-02-15 20:35 - 000000600 _____ () C:\Users\Joshua\AppData\Local\PUTTY.RND
2017-01-17 09:56 - 2017-01-17 11:17 - 000000010 _____ () C:\Users\Joshua\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by Joshua (20-12-2021 09:25:52)
Running from C:\Users\Joshua\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2020-09-17 20:00:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3270737401-2542335873-2474156572-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3270737401-2542335873-2474156572-503 - Limited - Disabled)
Guest (S-1-5-21-3270737401-2542335873-2474156572-501 - Limited - Disabled)
Joshua (S-1-5-21-3270737401-2542335873-2474156572-1001 - Administrator - Enabled) => C:\Users\Joshua
JoshuaCM (S-1-5-21-3270737401-2542335873-2474156572-1004 - Administrator - Enabled) => C:\Users\JoshuaCM
musta (S-1-5-21-3270737401-2542335873-2474156572-1002 - Administrator - Enabled) => C:\Users\musta
WDAGUtilityAccount (S-1-5-21-3270737401-2542335873-2474156572-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-0a78c7b1-669e-4f9e-ac17-1f28212573b6) (Version: 3.0.2.118 - WildTangent) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (HKLM\...\{A3454894-144A-4D80-B605-C128FE0D7329}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_f21eef46ea86aded9ca3b6b966d08f5) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Illustrator CS4 (HKLM-x32\...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated)
Adobe InDesign CS5 (HKLM-x32\...\{F9766AC1-1461-1033-B862-DF8FE1C033BE}) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{CBEE7F70-D77E-46DB-BB02-B64147DD6453}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnthemScore (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\{cc7b5290-b051-49d5-a512-7a358e8c30b0}) (Version: 1.0.1 - Lunaverus)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.10.2498 - Avast Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Awakening: The Dreamless Castle (HKLM-x32\...\WTA-f84eb1b5-630a-489f-afc9-4bc13edf4512) (Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-8b3300fe-dd94-4484-9246-35cf5acf668b) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-35834c66-4765-4da3-b3c3-bb89e4146468) (Version: 3.0.2.48 - WildTangent) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Check Point SBA (HKLM\...\{405209A1-63AA-4AB5-A6A9-4F088BA951A3}) (Version: 86.6.8560 - Check Point Software Technologies Ltd.) Hidden
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.56.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.56.0 - RCS LT)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-b5c2f850-4a02-44f6-9c14-57c255fbd94b) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Elevated Installer (HKLM-x32\...\{0F6C59A2-5F1D-4D7C-BC90-A0A1A75F4EE9}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-2f4b574c-be67-42a2-993d-7d1c787a60cd) (Version: 3.0.2.59 - WildTangent) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.00 - NCH Software)
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
Garmin Express (HKLM-x32\...\{50DF005C-1D2C-467A-A39E-10ADEFA83A96}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{9e0ef45d-b10c-42da-9aab-16200df39d95}) (Version: 7.7.1.0 - Garmin Ltd or its subsidiaries)
Glary Undelete 5.0.1.19 (HKLM-x32\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Green City: Go South (HKLM-x32\...\WTA-22174663-277b-4633-9cbc-f78e60a05a85) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-6f0c77f0-c3d3-4a97-8c6c-a354db55df4c) (Version: 3.0.2.59 - WildTangent) Hidden
Hotspot Shield 10.22.4 (HKLM-x32\...\{4de134ec-1612-4548-bed4-35bf05f8cfe2}) (Version: 10.22.4.12022 - Pango Inc.)
Hotspot Shield 10.22.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925F287F119}) (Version: 10.22.4.12022 - Pango Inc.) Hidden
Hotspot Shield 10.22.4 (HKLM-x32\...\HotspotShield) (Version: 10.22.4 - Pango Inc.) Hidden
HotspotShield TAP-Windows 9.24.4 (HKLM\...\HotspotShield TAP-Windows) (Version: 9.24.4 - Pango Inc.) Hidden
Hoyle Illusions Mahjongg (HKLM-x32\...\WTA-320c3904-8380-4507-b121-7bf385dbde1e) (Version: 3.0.2.59 - WildTangent) Hidden
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{DF16F6E3-6550-468A-9C0C-306B4F60D501}) (Version: 1.5.8.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
IGT Slots Fire Rubies (HKLM-x32\...\WTA-eb2b4463-2adb-43a2-9b96-c2b19204c6c8) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-fed1670c-2eb5-49ba-8a5e-04a0a9038ddf) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.7.1051 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-87bd5869-8fd9-4a59-9e1b-68f630a053f7) (Version: 3.0.2.118 - WildTangent) Hidden
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Little Boy: Walter's Scooter (HKLM-x32\...\WTA-b69331d4-e992-441d-bc2a-a7a5f55b65c3) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-db7d8fac-a7ee-44ec-951c-3dbeaad8fd69) (Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-f700b5d2-fd93-4939-b81d-35d043ae1e37) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-98976e78-b6fd-4583-a34c-12ffe54a8dcc) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1002\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3270737401-2542335873-2474156572-1004\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Teams) (Version: 1.4.00.31569 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20210 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFtoMusic (HKLM-x32\...\PDFtoMusic) (Version: 1.6.2 - Myriad SARL)
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Plagiarii (HKLM-x32\...\WTA-e081b8eb-5a30-4e6d-861e-4931f50ca85d) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-a046ea40-c158-4605-8cd1-09c483ac5e32) (Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (HKLM-x32\...\WTA-afc05c19-8b00-451e-8256-4cc27fe4208f) (Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (HKLM-x32\...\WTA-aef96e02-0d2c-4648-8717-142b57b7d123) (Version: 3.0.2.59 - WildTangent) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8023 - Realtek Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\WTA-dceacd7e-f704-453f-888b-c1dbb95cd56b) (Version: 3.0.2.126 - WildTangent) Hidden
Roblox Player for Joshua (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\roblox-player) (Version: - Roblox Corporation)
RogueKiller version 15.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.2.0 - Adlice Software)
Runefall (HKLM-x32\...\WTA-846a3fa5-38fa-41bc-8b26-9e3c99c83611) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-38e4de1a-16a7-4ef9-a697-d8f2ad47f828) (Version: 3.0.2.59 - WildTangent) Hidden
Seagate Manager Installer (HKLM-x32\...\{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Sky High Farm (HKLM-x32\...\WTA-11acfc19-2dac-440a-9118-4e8e5305ef96) (Version: 3.0.2.59 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\Spotify) (Version: 1.1.48.625.g1c87c7f7 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
Tasty Blue (HKLM-x32\...\WTA-edb5e308-daa5-44f4-9927-d681eea01e61) (Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (HKLM-x32\...\WTA-49767db4-87ed-450e-99db-535f65bc94dc) (Version: 1.1.2.4 - WildTangent) Hidden
UnHackMe 13.20 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
VirtualShield (HKLM\...\VirtualShield) (Version: 3.3.1 - VirtualShield LLC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-4) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-5) (Version: 1.0.42.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Weeny Free PDF Password Remover 1.1 (HKLM-x32\...\Weeny Free PDF Password Remover_is1) (Version: - Weeny Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.30 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.3.3) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.3.3.2780 - Wondershare Software Co.,Ltd.)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.004.7033 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{7B46F664-5425-45D9-8761-E506F5D71D12}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.169.18768 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DD4F2B05-0B5A-4C76-AEFE-3C85E1064E57}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-12-06] (eyeo GmbH)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.205.200.0_x86__kgqvnymyfvs32 [2021-12-06] (king.com)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.10.85.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-12-19] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.55.42923.0_x64__8wekyb3d8bbwe [2021-12-06] (Microsoft Corporation) [Startup Task]
Movie Maker : Free Video Editor -> C:\Program Files\WindowsApps\39691Videopix.MovieMakerFreeVideoEditor_1.1.81.0_x64__dxz7h1qnd1pge [2021-12-06] (Videopix)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-12-06] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-12-19] (Random Salad Games LLC)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2021-12-06] (Snapfish)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-12-06] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Joshua\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-02-16] () [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}] -> {C95FFEAE-A32E-4122-A5C4-49B5BFB69795} => C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll [2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-02-16] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Joshua\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2019-02-16 13:17 - 2019-02-16 13:17 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2021-11-07 15:36 - 2010-07-09 16:38 - 000331776 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2021-11-07 15:36 - 2010-02-03 11:31 - 000282624 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2007-01-19 04:23 - 2007-05-10 23:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2006-10-23 00:19 - 2006-10-23 00:19 - 000019968 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.DEU
2006-10-23 00:10 - 2006-10-23 00:10 - 000019968 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA
2006-08-02 07:52 - 2006-08-02 07:52 - 000126976 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000212992 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
2006-09-14 23:46 - 2006-09-14 23:46 - 000208896 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000346112 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
2008-08-14 07:15 - 2008-08-14 07:15 - 000481792 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2021-11-07 15:36 - 2010-02-03 11:21 - 000204800 _____ (Broadcom Corporation) [File not signed] C:\Program Files (x86)\NETGEAR\WNA3100\wps_api.dll
2021-07-02 09:07 - 2021-07-02 09:07 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-07-02 09:01 - 2021-07-02 09:01 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2016-10-19 12:12 - 2016-10-04 07:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2006-09-15 13:58 - 2006-09-15 13:58 - 000934400 _____ (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
2021-05-18 09:17 - 2021-05-18 09:17 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2020-09-17 12:06 - 2020-09-17 12:06 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-09-17 12:06 - 2020-09-17 12:06 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2021-04-19 06:12 - 2021-04-19 06:12 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\x86\SQLite.Interop.dll
2021-03-29 13:26 - 2021-03-29 13:26 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2021-07-02 09:04 - 2021-07-02 09:04 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2017-11-07 17:59 - 2017-10-19 10:17 - 000271360 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=chrf-iryus&type=ypi_znlrm_00_00_ie
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {2233F36F-8694-4A10-BA05-24726E79E791} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> {1AF7E331-D02A-419B-A537-337B148FBCAB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=chrf-iryus&type=ypi_znlrm_00_00_ie
SearchScopes: HKU\S-1-5-21-3270737401-2542335873-2474156572-1001 -> {2233F36F-8694-4A10-BA05-24726E79E791} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2021-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2021-10-27] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2019-08-13 18:36 - 000001367 ____N C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3270737401-2542335873-2474156572-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3270737401-2542335873-2474156572-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\JoshuaCM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.39.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

Network Binding:
=============
Ethernet: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Local Area Connection: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Ethernet 3: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)
Wi-Fi: General NDIS Protocol Driver -> SCM_NDISPROT (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ComboCleaner.Guard => 2
MSCONFIG\Services: ComboCleaner.WinService => 2
MSCONFIG\Services: hshld_10.22.4 => 2
HKLM\...\StartupApproved\Run: => "Combo Cleaner"
HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3270737401-2542335873-2474156572-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{EDD5C8AD-1648-468A-9F50-9C71D60AE204}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{1DDA231A-E59B-4FD4-9EFE-BA7DD2AE6A67}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{846319F1-2155-4A4A-BA94-FA6411C67B20}] => (Allow) LPort=5353
FirewallRules: [{AE4A418C-F13C-42C1-B962-DEA6DFB32979}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File
FirewallRules: [{EA003B25-F32A-4797-BD18-9A27D79B8078}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File
FirewallRules: [{2618A073-E039-4D7A-9D0F-3C8B811B9E25}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File
FirewallRules: [{907837F9-09C2-4EE5-8DBD-6D9B01BB5209}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File
FirewallRules: [{4385A0AF-E86E-4568-A21F-03BFBB1F25BD}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{A2015C8D-A9DE-4A20-AFF2-6D8D46F54C66}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{2EED8105-B297-4E28-9319-0144E1745619}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E6C2AA2-3424-4120-827B-ED23DD9C26E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E04A979-7A89-4A42-AC8B-B272C713AC98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9D1C72FF-2FE3-4B14-86EF-1E9ECBF76FFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7359BE22-9A57-4340-8245-31944C1DD017}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2981CD2E-92C2-4080-AD50-499B1FD050CE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C0577731-6849-496F-9E4F-9EBCF4CDBACD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{A8B49718-4DC4-46F1-A573-99F1E8430E03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{6E87650F-8C75-4D4D-A0E9-152F64978EAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{49779CF9-2316-4D34-B69E-79B452163541}] => (Block) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{EA1729C9-2C05-4489-80A8-1794616EF433}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CS4\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Incorporated -> Adobe Systems Inc.)
FirewallRules: [{8D69910A-3C45-47F5-9488-86C57F2CC348}] => (Block) C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems Incorporated -> Adobe Systems, Inc.)
FirewallRules: [{8D9B3B54-EC5D-46C5-983E-99D83CDACEF9}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{FCBF538E-5081-4297-9DF6-D295D2E7E340}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{05FE341D-F79B-4F3B-BACF-60BAFD3CBC8D}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{CDF1094B-CA15-49E8-BD31-DDEFAF820AC2}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{F25D9D7A-D123-462A-9D70-92604289F4EE}C:\users\joshua\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\joshua\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [UDP Query User{0D04B413-2BC0-4535-BF87-C94307C0BC8B}C:\users\joshua\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\joshua\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{D39EE741-7955-4878-9BB2-A2DE19CB3A25}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3F87442-BB6F-496F-9EFB-EF94628DE9B0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46F397D8-5CB1-4193-AB98-C0E21298CF0B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{64F94B27-3379-4B7C-A1EB-BEDBA502FA6F}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{32845121-7AC0-4048-9E18-8D08AB0CC880}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6891CC8A-DD29-45D9-A0D4-7C1F21257B86}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1BBF807F-A43C-4DF8-AEAA-3583A61260CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B476B8D-F02D-4C47-9467-65D41123E6FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FD0C4512-220A-4EEA-A0B2-26F2EA11AABC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{07923603-A7BF-4138-9628-B2028FEF5914}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6EF085B-7D11-4261-AC15-321300623B47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{284143B4-6704-4C03-BDA5-1EE57C5D2217}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47FB16DB-FB46-49F3-A6E0-7CD614FC8B7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DD662B0D-8BCD-49CA-9395-395549DDDEC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F37EC8C8-5B8A-47E0-B001-D87FF06D2D59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{80C14DBA-76D2-40E1-9C58-63DC59C643BB}] => (Allow) C:\Users\TEMP\AppData\Local\Programs\Fiddler\Fiddler.exe => No File
FirewallRules: [{F199E468-5EAE-4E14-AAC0-183AA40A4396}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{69311BBF-82B2-49E1-A468-B57CBFB1567A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{4356C251-2997-4229-9835-3A73A3381BC2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9916C7FD-B699-4591-BF6B-6E6DF42405CF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{37B33414-4697-4B08-9C5D-AA844C7DBCE5}] => (Allow) LPort=57209
FirewallRules: [{31FBF2B2-EFCC-4D2B-BF0E-9C04B7A3D050}] => (Allow) LPort=57209
FirewallRules: [{3FB5E1AD-37AB-43EE-8494-75B17DFE22A5}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2FE183F7-E8FC-4F2C-BA3E-F8504189C712}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4A8BA1CA-D15E-4B4D-8870-9B51B3775437}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7DB4C7AC-A3D9-4801-B3D9-8B6288A1DB22}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{AFB856C0-56E4-403D-B1F3-CA03290BA1C9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.40\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2CA63D2-5DCA-4E02-8BB5-E78FCAE8A5B0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5860F3F-3C82-4438-9CDF-07A80C13DAEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2482B2A-E8D7-401B-9A1C-1E8401B4698C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8346E007-936B-4DEF-8B7B-93A4F850126A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33A9EF43-238F-4DA2-B0CA-65995BD92673}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{3562B4F3-95FD-44EF-AE85-1E1D39906D0F}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{7B0497EC-2FC6-4F11-8EF7-4C27E7477304}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{30DF26CB-6DF5-41E7-9604-E48FBF5780BA}] => (Allow) C:\Program Files\VirtualShield\VirtualShield.exe (VirtualShield LLC -> )
FirewallRules: [{3D2E529B-5AA1-40AC-88E7-FD62CF3ADEAF}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{D192103A-704A-444B-9FB2-0E7D8CA10A68}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{2550D2C3-6523-4949-BE53-97B27E317ED0}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{56DDA718-FABC-46DB-970F-EDC0ABCB3B0E}] => (Allow) C:\Program Files\VirtualShield\VirtualShieldSvc.exe (VirtualShield LLC -> )
FirewallRules: [{A3E31E51-7E4C-4B62-9C51-95A38FD88E5A}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{07C9DC81-A46B-4912-A3A5-B78CC9EF1776}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{CFF49608-034B-4723-BAEA-6B4B129268E3}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{0AB0898B-8194-4559-98CB-9711B8AA9AFB}] => (Allow) C:\Program Files\VirtualShield\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{36BCC70B-0E81-474D-BE21-151593909423}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33FF9FD9-C372-4A82-BB53-71E7C45A02FD}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E734FB6E-8387-44C2-86C4-038D4A386DC0}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{EE03D086-E4C5-4B93-9764-E8369DD74B16}] => (Allow) C:\Users\Joshua\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe => No File
FirewallRules: [{F1AB6F96-28E8-4EBC-856E-DCB6D3B4D684}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A5DC719E-A809-4EEA-978D-DEC4DF90D627}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BA57F744-9AD2-4860-92C9-DE734C947671}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

28-11-2021 17:39:31 Scheduled Checkpoint
06-12-2021 21:11:47 prior to touchpad driver update
06-12-2021 21:47:06 Restore Operation
14-12-2021 19:07:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/20/2021 09:22:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x4774
Faulting application start time: 0x01d7f5bdcd9df115
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 1bef8a24-7af7-40b2-a56d-879daa96e4af
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 11:12:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x518
Faulting application start time: 0x01d7f565cb0fd459
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: cf38b22e-591f-4340-86c7-6852fef72c26
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 10:52:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x518
Faulting application start time: 0x01d7f565cb0fd459
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 78e05671-41dd-4645-ae3a-28e36b5d6589
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 10:43:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x2e08
Faulting application start time: 0x01d7f55a9e0a612d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: d0c22dc9-7ea7-4e25-bd27-048c03dae763
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 09:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2e08
Faulting application start time: 0x01d7f55a9e0a612d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 4896a881-bfaa-405c-ab59-b789fd429e1b
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 09:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x12cc
Faulting application start time: 0x01d7f559386adec1
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: d982645e-8278-4d66-8d54-0535d5347801
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 09:17:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x3218
Faulting application start time: 0x01d7f557d2c954f0
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: a8ad82b0-1470-46be-a141-40177749aa2c
Faulting package full name:
Faulting package-relative application ID:

Error: (12/19/2021 09:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3218
Faulting application start time: 0x01d7f557d2c954f0
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: ba74ed22-0973-4c9b-8a7b-eaa1ff83cc2f
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/19/2021 09:22:45 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (12/19/2021 08:56:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Check Point SandBlast Agent Threat Emulation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

Error: (12/19/2021 08:54:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (12/19/2021 08:51:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/19/2021 08:51:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect.

Error: (12/19/2021 08:50:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/19/2021 08:46:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (12/19/2021 08:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
================
Date: 2021-12-19 22:36:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-19 21:12:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-18 21:12:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-17 21:12:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-15 20:35:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-11-28 14:54:53
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-11-16 15:53:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1059.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2021-11-16 15:43:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-11-16 15:26:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1992.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2021-11-16 15:16:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.323.1992.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17400.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-12-20 09:19:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\setup\uat_3828.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-12-20 09:19:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-12-19 22:42:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-12-19 22:42:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.56 12/22/2020
Motherboard: HP 820B
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 12177.91 MB
Available physical RAM: 4874.48 MB
Total Virtual: 24465.91 MB
Available Virtual: 16129.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:670.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7fa2447e-8971-47d6-b319-bab457e9d71c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{2eb2561d-35a1-42b7-ae9b-56b280e0f6dc}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 775F3BD2)

Partition: GPT.

==================== End of Addition.txt =======================[/Spotify]

 

[Gary R]

There are no automatic fixes with FRST, it is an analytical tool. The only time it fixes things is when you supply it with an appropriate fixlist.

OK your logs are incomplete, so you need to attach both the FRST.txt and Addition.txt logs to your next reply.

 

[JoshuaCM]

i did notice that when i opened the tool, it was set to whitelist drivers, registry, 30 days, and some other things. it also had an option for 90 days. i will upload them, but i basically copied and pasted the files.

 

[Gary R]

Looking over your logs now.

Dependent on how much I need to research I may be a while, and as it's getting late where I am, it may be tomorrow morning (my time GMT) before I get back to you.

 

[Gary R]

You have far too many "protection" programs installed, which is quite honestly a recipe for conflicts. You do not need all these programs to protect your machine.

In any case they will potentially interfere with any removals we might have to make.

So before we start cleaning your machine, I'd first like you to uninstall the following programs ....

Avast Free Antivirus
Avast Update Helper
Check Point SBA
Combo Cleaner
Bitdefender Agent
Spybot - Search & Destroy
Spybot Anti-Beacon
ZoneAlarm Anti-Ransomware
ZoneAlarm Firewal
ZoneAlarm Free Firewall
ZoneAlarm Security

.... you can re-install them when we've finished if you wish, but personally I would recommend that you don't re-install all of them.

Once you've uninstalled them all, reboot your computer then run a new scan with FRST, and attach the new FRST.txt and Addition.txt

 

[Gary R]

It has come to my attention that you are being assisted with your problem at a number of forums.

This is not advisable.

Removing Malware is a potentially hazardous enterprise at the best of times, but when you're following advice from a number of people each of whom is unaware of the instructions that the others are giving you, the risk of something going wrong multiplies greatly.

For that reason I am closing this topic.

What I advise you to do, is to decide which one of the remaining forums you're receiving help from you wish to continue with, and follow only their instructions.