[RESOLVED] Just need a check up on my laptop
Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: [RESOLVED] Just need a check up on my laptop

  1. #1
    Join Date
    May 2005
    Posts
    122

    Resolved [RESOLVED] Just need a check up on my laptop

    Hi there, I just wanted to get my laptop checked up.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2021
    Ran by c (administrator) on LLM-WIN8-LAPTOP (TOSHIBA Satellite P55t-A) (12-02-2021 12:49:35)
    Running from C:\Users\c\Desktop
    Loaded Profiles: c
    Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Python27\python.exe <2>
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
    (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\DSDFunctionKeyCtlService.exe <2>
    (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\RMService.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
    (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe <2>
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (AlcorMicro, Corp. -> Alcor Micro Corp.)
    HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    HKLM-x32\...\Run: [Win8PDF] => C:\Program Files\PDF Printer for Windows 8\PDF.exe [484352 2011-10-21] (Vivid Document Imaging Technologies) [File not signed]
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [File not signed]
    HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2015-04-26] (Adobe Systems Incorporated) [File not signed]
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Google Update] => C:\Users\c\AppData\Local\Google\Update\1.3.36.72\GoogleUpdateCore.exe [216392 2021-02-05] (Google LLC -> Google LLC)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
    HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
    HKLM\...\Print\Monitors\HP DD11 Status Monitor: C:\WINDOWS\system32\hpinkstsDD11LM.dll [392192 2019-03-15] (HP Inc -> HP Inc.)
    HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5660 series): C:\WINDOWS\system32\HPDiscoPMDD11.dll [751624 2014-08-22] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKLM\...\Print\Monitors\PDF Printer 8 Monitor: C:\WINDOWS\system32\PDFVC64.DLL [134144 2009-07-19] (Vivid Document Imaging Technologies) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-02-10]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-02-10]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-02-10]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
    BootExecute: autocheck autochk * icarus_rvrt.exe
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {052F7AEA-D841-4335-8B2B-EBF3577F8FA6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0704FE91-F09C-411E-9D29-5FDB171E71E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [564536 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {0AAD944F-9A53-49EC-8333-40AA93AFFD12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.)
    Task: {0AB64EC2-019F-4BC7-9E11-F3A3AB91B706} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {1B18BF41-17F0-4F14-B499-35B20ADB7A30} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {21CB89DA-B90C-4869-88C2-904A9E2169F6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {229F78F0-9E30-4E3D-8BCD-87583E70311B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-02-08] (Avast Software s.r.o. -> Avast Software)
    Task: {269B3759-3480-4327-8DC5-20C0BD6401C3} - System32\Tasks\KALite => "C:\Program Files (x86)\KA Lite\ka-lite\scripts\..\bin\windows\kalite.bat" [Argument = start] <==== ATTENTION
    Task: {2795C7FE-2827-4E75-88FB-9D151628FFDA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1001 -> No File <==== ATTENTION
    Task: {2DF084BD-598B-495D-BA10-B5273E7118F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {2EFCD059-0721-4456-8EC3-40AF629951C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {2F6C63AE-A3A2-4FF9-BACA-033A04B29CE2} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {38B0F723-A6B4-48DF-A649-E31C1A113476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3977E8C7-1A45-4E9C-9D72-F3B6EE8571DE} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - c) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {40DE327B-A87E-42CC-9839-070E2F2D13E1} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4665568 2021-02-10] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid bd9a6823-bf43-4de6-a2a4-07fa0c6079fb
    Task: {43F45DB2-EF73-475C-932C-DD4BF06AD6E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {48F60FB5-6C0A-488C-915B-3F8E735A6102} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
    Task: {49DE272C-639F-426C-8947-C3B5AA0890A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4E8C3FEE-58AA-4F00-A5BE-642F04E4C377} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {574A20D3-D6CB-4917-8276-6B7FFC6C329F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    Task: {57664E51-3EC5-4956-B519-950A4A5A7910} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {5884939A-2069-4421-A31A-720A38DA1F81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5BFCC6C3-B78F-488A-A52C-50B56428E64A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {5FCBB816-4AD0-4FE7-BA32-D2653B340BDC} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [5853704 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {6568BBDE-E827-42B3-83A3-641362C50DCF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core1d25803fdb326f1 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
    Task: {74072700-7314-4B0B-9BDE-7AEFBD5CEAB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {74582111-DE72-4122-B0F7-16FD01B2CFB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {76A4E1E6-56B9-4345-8C59-0CD35BB3A3A1} - System32\Tasks\{D833A93D-B5D2-470A-9ED3-2C5738F4D819} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe"
    Task: {7C7DFBF8-239A-4D57-96AA-19A39181CC31} - System32\Tasks\HP AR Program Upload - 568a98c258d343cebf9a05fa2aa4fe0f59af08290a5e4df1aecfa22536a2948a => C:\Program Files\HP\HP ENVY 5660 series\bin\HPRewards.exe [3528200 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {7EAF3850-0ED9-437C-95EE-78622F56E699} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {85A166D5-B36B-4D6A-9148-ACA9F46BB8AC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe [186368 2015-10-10] (Visan Industries -> )
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
    Task: {8A4FA215-5D9D-4787-8E67-48FBCDD5DAA7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {8F8BCC9B-9D98-43D7-8E6B-D121E223D8F6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {94F4EA41-6A4D-4CFB-9B73-9D22BF82E6BD} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1191136 2021-02-10] (Avast Software s.r.o. -> AVAST Software)
    Task: {96D84201-BD6A-4644-83AE-7823A900ACB0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    Task: {97F2C7D6-3CE2-45A5-905B-5C70FA9A0517} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2018-06-26] (Apple Inc. -> Apple Inc.)
    Task: {9C04CE76-891E-48D1-844B-60D70B0225D8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {A58F3D95-929F-41B1-96E0-9EE2BE7B991A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
    Task: {A66AC908-D8F5-4896-802B-969D677E89BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {AB16BB19-879C-4CAB-8C8F-4DECEE589358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {ABE2A860-82E7-4A15-8C94-544A371EA65D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {AC75ED32-22BE-48FD-8729-953A740541FA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1004 -> No File <==== ATTENTION
    Task: {C4DDAE6E-75EE-42C1-B81B-1B6F048A5FBA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {C641CA4A-DC81-4DDC-9EFF-FD9DB7AA6FF1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-10] (Adobe Inc. -> Adobe)
    Task: {C9CC714D-946C-484F-9158-1639D904EA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {CFA30ADC-CF1A-4734-B305-173132409B3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D07662DD-BB68-4958-9B4E-6EF87F6CEB8E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D17853-2A32-420E-BEA3-A8BCC650BA28} - System32\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {E11E87C2-B77C-41F7-8E49-1B1DEE740A26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EEE6BD68-79C7-4186-B763-35B113CBA4DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EF76D0D3-33BA-4234-9BE9-4C971D5F0B65} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EFB08E03-FB87-4F69-A127-E05F35718C8D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {EFBF0FBC-7039-4716-B6B5-8E94AB2AE821} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
    Task: {F3BC4D12-91FC-49F4-9738-8D371CBFC7E1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {F5437C33-8B51-4DDE-880A-76549891BCFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA1d25803fdc7a053 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {FA797F60-0088-4F0E-A423-8A226BB28D13} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {FB981D17-97B1-4A67-A4B2-C4CA21BC1C87} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-10] (Adobe Inc. -> Adobe)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupload.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - c).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    AutoConfigURL: [S-1-5-21-2517961349-2002184368-2333218459-1001] => hxxp://localhost:54382/redirect.pac
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{79d92ee1-68bc-4a3b-877d-225e497e73d4}: [DhcpNameServer] 127.0.0.1
    Tcpip\..\Interfaces\{925159be-dd25-4955-a81a-2b4fe34a3082}: [DhcpNameServer] 192.168.1.254
    ManualProxies: 0hxxp://localhost:54382/redirect.pac

    Edge:
    =======
    Edge HomeButtonPage: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> hxxp://yahoo.com/
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\c\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-11]

    FireFox:
    ========
    FF DefaultProfile: 7sjsvts8.default-1544474668277
    FF ProfilePath: C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\7sjsvts8.default-1544474668277 [2021-02-11]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-10] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-10] (Adobe Inc. -> )
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin HKU\S-1-5-21-2517961349-2002184368-2333218459-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\c\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (Visan Industries -> RocketLife, LLP)

    Chrome:
    =======
    CHR DefaultProfile: Profile 2
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Default [2021-02-11]
    CHR DownloadDir: C:\Users\c\Desktop
    CHR NewTab: Default -> "active": false,
    "entry": "chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
    ,
    "active": false,
    "entry": "chrome-extension://enjhholhglnfgjmbpnimdpnlelanhkhg/newtab/quicktab.html"

    CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
    CHR DefaultSearchKeyword: Default -> ecosia
    CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
    CHR Extension: (Honey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-07-07]
    CHR Extension: (Ecosia Search) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2020-01-09]
    CHR Extension: (Find Forms) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjhholhglnfgjmbpnimdpnlelanhkhg [2018-04-11]
    CHR Extension: (Wyzant Screen Sharing) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbjpoaaoeklmpdfjcbgenmbdjhecjjp [2020-01-09]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-03]
    CHR Extension: (Search Encrypt) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmmejfijcoadonhfnlnmcgleppjhjkk [2018-05-05]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-09-04]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-01]
    CHR Extension: (SaveFrom.net helper) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2020-09-03] [UpdateUrl:hxxp://download.sf-helper.com/chrome/updates-3.xml] <==== ATTENTION
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-07]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-07]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-03]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-11]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-02-11]
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-04]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-04]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-04]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-04]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-04]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-13]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-02-12]
    CHR Notifications: Profile 2 -> hxxps://meet.google.com
    CHR HomePage: Profile 2 -> hxxp://www.google.com/
    CHR StartupUrls: Profile 2 -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com"
    CHR DefaultSearchURL: Profile 2 -> hxxps://s.yimg.com/cv/apiv2/09062018/manifest/yahoo_install_48.png
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-17]
    CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-12-14]
    CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-12-14]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-12-14]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-17]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-02-04]
    CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-12-14]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-17]
    CHR Extension: (Yahoo) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bnpnjbjealcpabcenanokcflffolchnm [2020-12-14]
    CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
    CHR Extension: (Auto Admit for Google Meet) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\epemkdedgaoeeobdjmkmhhhbjemckmgb [2021-02-09]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-17]
    CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-12-14]
    CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
    CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-02-05]
    CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\glcimepnljoholdmjchkloafkggfoijh [2020-12-14]
    CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-14]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-12-14]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-02]
    CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-12-14]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-12]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-12-14]
    CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-12-14]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
    CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-12-14]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3 [2021-02-11]
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-23]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-23]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-02-11]
    CHR HomePage: Profile 4 -> hxxp://www.google.com/
    CHR StartupUrls: Profile 4 -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://start.mysearchdial.com/?f=1&a=cmi_14_18_ch&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyC0ByByEyBtCyD0F0A0CtCtN0D0Tzu0SzzyDyEtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyE0E0D0CyE0A0DtGyE0E0F0CtGyC0DtA0AtGtAyCyBtCtGtAtB0EyC0BzytC0BtA0D0AyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCzzyE0ByD0B0EtG0ByCzz0BtGtD0DyByDtGtB0EyCtAtGtDyCyDzztCtAzy0CtC0DyB0A2Q&cr=179754203&ir=","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com","hxxp://google.com/"
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
    CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-11-23]
    CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-11-23]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-11-23]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
    CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-11-23]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
    CHR Extension: (Online Security Pro) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ffjgpapimgnmibnacmeilgjefnoofefp [2020-11-23]
    CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-11-23]
    CHR Extension: (securyBrowse) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fojomppheellamdaddnbgommepnlkooh [2020-12-06]
    CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2020-11-23]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2020-12-06]
    CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\glcimepnljoholdmjchkloafkggfoijh [2020-11-23]
    CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-10]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-11-23]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
    CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-11-23]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-14]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-23]
    CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-11-23]
    CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-11-23]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-14]
    CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-11-23]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-11]
    CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
    CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki]
    CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
    CHR HKLM-x32\...\Chrome\Extension: [mdpljndcmbeikfnlflcggaipgnhiedbl] - hxxp://sf-addon.com/helper/chrome/updates-3.xml
    CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb]

  2. #2
    Join Date
    May 2005
    Posts
    122
    continuing with FRST.txt

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe Version Cue CS3; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2015-04-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-10] (Adobe Inc. -> Adobe)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\DSDFunctionKeyCtlService.exe [615768 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-04-26] (Macrovision Europe Ltd.) [File not signed]
    R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7936736 2021-02-10] (Avast Software s.r.o. -> AVAST Software)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
    S2 TSDHDDProtectService; C:\WINDOWS\System32\DriverStore\FileRepository\thpevm.inf_amd64_e37a98374075e5b1\dynabookHDDProtection.exe [425792 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\dynabookSystemService.exe [44767040 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\TOSTABSYSSVC.exe [254792 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\RMService.exe [446240 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59312 2020-09-24] (Avast Software s.r.o. -> Avast Software)
    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation -> Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation -> Symantec Corporation)
    R3 MpKslcf699829; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65EF171A-C9B3-4B69-8C7F-CFD65A41C866}\MpKslDrv.sys [47344 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
    R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    R0 Thpevm; C:\WINDOWS\System32\drivers\Thpevm.SYS [27384 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\TosSrvCtlDrv.sys [25832 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2016-07-16] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-12 12:35 - 2021-02-12 12:49 - 000070643 _____ C:\Users\c\Desktop\Addition.txt
    2021-02-12 12:35 - 2021-02-12 12:49 - 000070643 _____ C:\Users\c\Desktop\Addition.txt
    2021-02-12 12:35 - 2021-02-12 12:49 - 000070643 _____ C:\Users\c\Desktop\Addition.txt
    2021-02-12 12:29 - 2021-02-12 12:51 - 000053813 _____ C:\Users\c\Desktop\FRST.txt
    2021-02-12 12:29 - 2021-02-12 12:51 - 000053813 _____ C:\Users\c\Desktop\FRST.txt
    2021-02-12 12:29 - 2021-02-12 12:51 - 000053813 _____ C:\Users\c\Desktop\FRST.txt
    2021-02-12 12:29 - 2021-02-12 12:51 - 000000000 ____D C:\FRST
    2021-02-12 12:28 - 2021-02-12 12:28 - 002297344 _____ (Farbar) C:\Users\c\Desktop\FRST64.exe
    2021-02-12 12:28 - 2021-02-12 12:28 - 002297344 _____ (Farbar) C:\Users\c\Desktop\FRST64.exe
    2021-02-12 12:28 - 2021-02-12 12:28 - 002297344 _____ (Farbar) C:\Users\c\Desktop\FRST64.exe
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019739 _____ C:\Users\c\Desktop\SPRING 2021 SM 103 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019739 _____ C:\Users\c\Desktop\SPRING 2021 SM 103 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019739 _____ C:\Users\c\Desktop\SPRING 2021 SM 103 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019469 _____ C:\Users\c\Desktop\SPRING 2021 SM 201 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019469 _____ C:\Users\c\Desktop\SPRING 2021 SM 201 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019469 _____ C:\Users\c\Desktop\SPRING 2021 SM 201 CLASS ROSTER 2.11.21.xlsx
    2021-02-10 15:17 - 2021-02-10 15:17 - 000002148 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
    2021-02-10 15:17 - 2021-02-10 15:17 - 000002148 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
    2021-02-10 15:17 - 2021-02-10 15:17 - 000002148 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
    2021-02-10 14:27 - 2021-02-10 14:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2021-02-10 14:27 - 2021-02-10 14:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2021-02-10 14:27 - 2021-02-10 14:27 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-02-10 14:27 - 2021-02-10 14:27 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-02-10 14:26 - 2021-02-10 14:26 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
    2021-02-09 16:43 - 2021-02-09 16:43 - 000002325 _____ C:\Users\c\Desktop\Miro.lnk
    2021-02-09 16:43 - 2021-02-09 16:43 - 000002325 _____ C:\Users\c\Desktop\Miro.lnk
    2021-02-09 16:43 - 2021-02-09 16:43 - 000002325 _____ C:\Users\c\Desktop\Miro.lnk
    2021-02-08 13:16 - 2021-02-08 13:18 - 320844785 _____ C:\Users\c\Desktop\Final minute and celebration of super bowl 55.mp4
    2021-02-08 13:16 - 2021-02-08 13:18 - 320844785 _____ C:\Users\c\Desktop\Final minute and celebration of super bowl 55.mp4
    2021-02-08 13:16 - 2021-02-08 13:18 - 320844785 _____ C:\Users\c\Desktop\Final minute and celebration of super bowl 55.mp4
    2021-02-03 12:30 - 2021-02-03 12:30 - 001034782 _____ C:\Users\c\Desktop\unit_7_shm_waves_practice_questions_2017_answers.pdf
    2021-02-03 12:30 - 2021-02-03 12:30 - 001034782 _____ C:\Users\c\Desktop\unit_7_shm_waves_practice_questions_2017_answers.pdf
    2021-02-03 12:30 - 2021-02-03 12:30 - 001034782 _____ C:\Users\c\Desktop\unit_7_shm_waves_practice_questions_2017_answers.pdf
    2021-02-03 12:29 - 2021-02-03 12:29 - 000044234 _____ C:\Users\c\Desktop\Oscillations.pdf
    2021-02-03 12:29 - 2021-02-03 12:29 - 000044234 _____ C:\Users\c\Desktop\Oscillations.pdf
    2021-02-03 12:29 - 2021-02-03 12:29 - 000044234 _____ C:\Users\c\Desktop\Oscillations.pdf
    2021-02-02 08:18 - 2021-02-02 08:18 - 000000000 ____D C:\Users\c\Desktop\LIUNA
    2021-02-02 08:18 - 2021-02-02 08:18 - 000000000 ____D C:\Users\c\Desktop\LIUNA
    2021-02-02 08:18 - 2021-02-02 08:18 - 000000000 ____D C:\Users\c\Desktop\LIUNA
    2021-02-01 18:45 - 2021-02-01 18:45 - 001031820 _____ C:\Users\c\Desktop\Quiz10-Ch.10.pdf
    2021-02-01 18:45 - 2021-02-01 18:45 - 001031820 _____ C:\Users\c\Desktop\Quiz10-Ch.10.pdf
    2021-02-01 18:45 - 2021-02-01 18:45 - 001031820 _____ C:\Users\c\Desktop\Quiz10-Ch.10.pdf
    2021-02-01 18:32 - 2021-02-02 08:16 - 000125707 _____ C:\Users\c\Desktop\2021-02-02.pdf
    2021-02-01 18:32 - 2021-02-02 08:16 - 000125707 _____ C:\Users\c\Desktop\2021-02-02.pdf
    2021-02-01 18:32 - 2021-02-02 08:16 - 000125707 _____ C:\Users\c\Desktop\2021-02-02.pdf
    2021-02-01 17:21 - 2021-02-01 17:21 - 008934877 _____ C:\Users\c\Desktop\Blue Oyster Cult - (Don't Fear) The Reaper (Audio).mp4
    2021-02-01 17:21 - 2021-02-01 17:21 - 008934877 _____ C:\Users\c\Desktop\Blue Oyster Cult - (Don't Fear) The Reaper (Audio).mp4
    2021-02-01 17:21 - 2021-02-01 17:21 - 008934877 _____ C:\Users\c\Desktop\Blue Oyster Cult - (Don't Fear) The Reaper (Audio).mp4
    2021-02-01 13:21 - 2021-02-01 13:21 - 000117832 _____ C:\Users\c\Desktop\AP PHYSICS B_ Period 6 HW before 1st test.pdf
    2021-02-01 13:21 - 2021-02-01 13:21 - 000117832 _____ C:\Users\c\Desktop\AP PHYSICS B_ Period 6 HW before 1st test.pdf
    2021-02-01 13:21 - 2021-02-01 13:21 - 000117832 _____ C:\Users\c\Desktop\AP PHYSICS B_ Period 6 HW before 1st test.pdf
    2021-02-01 13:13 - 2021-02-01 13:13 - 001332288 _____ C:\Users\c\Desktop\Scanned+Documents.pdf
    2021-02-01 13:13 - 2021-02-01 13:13 - 001332288 _____ C:\Users\c\Desktop\Scanned+Documents.pdf
    2021-02-01 13:13 - 2021-02-01 13:13 - 001332288 _____ C:\Users\c\Desktop\Scanned+Documents.pdf
    2021-02-01 12:27 - 2021-02-01 12:30 - 310285594 _____ C:\Users\c\Desktop\So Close 2002 Full Movie - Best Martial Arts Action Movies 2020.mp4
    2021-02-01 12:27 - 2021-02-01 12:30 - 310285594 _____ C:\Users\c\Desktop\So Close 2002 Full Movie - Best Martial Arts Action Movies 2020.mp4
    2021-02-01 12:27 - 2021-02-01 12:30 - 310285594 _____ C:\Users\c\Desktop\So Close 2002 Full Movie - Best Martial Arts Action Movies 2020.mp4
    2021-01-28 09:01 - 2021-01-28 09:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-01-27 13:45 - 2021-01-27 13:45 - 000433893 _____ C:\Users\c\Desktop\2020 Form 1099.pdf
    2021-01-27 13:45 - 2021-01-27 13:45 - 000433893 _____ C:\Users\c\Desktop\2020 Form 1099.pdf
    2021-01-27 13:45 - 2021-01-27 13:45 - 000433893 _____ C:\Users\c\Desktop\2020 Form 1099.pdf
    2021-01-27 10:34 - 2021-01-27 10:34 - 005482843 _____ C:\Users\c\Desktop\Pavement_Rehabilitation_Manual.pdf
    2021-01-27 10:34 - 2021-01-27 10:34 - 005482843 _____ C:\Users\c\Desktop\Pavement_Rehabilitation_Manual.pdf
    2021-01-27 10:34 - 2021-01-27 10:34 - 005482843 _____ C:\Users\c\Desktop\Pavement_Rehabilitation_Manual.pdf
    2021-01-27 05:31 - 2021-01-27 05:31 - 000000000 ____D C:\Users\c\Desktop\Bugs vs Bull
    2021-01-27 05:31 - 2021-01-27 05:31 - 000000000 ____D C:\Users\c\Desktop\Bugs vs Bull
    2021-01-27 05:31 - 2021-01-27 05:31 - 000000000 ____D C:\Users\c\Desktop\Bugs vs Bull
    2021-01-26 18:25 - 2021-01-26 18:25 - 000671381 _____ C:\Users\c\Desktop\W9 signed.pdf
    2021-01-26 18:25 - 2021-01-26 18:25 - 000671381 _____ C:\Users\c\Desktop\W9 signed.pdf
    2021-01-26 18:25 - 2021-01-26 18:25 - 000671381 _____ C:\Users\c\Desktop\W9 signed.pdf
    2021-01-26 09:33 - 2021-01-26 09:33 - 000081319 _____ C:\Users\c\Desktop\3797529472_receipt_26.1.2021.pdf
    2021-01-26 09:33 - 2021-01-26 09:33 - 000081319 _____ C:\Users\c\Desktop\3797529472_receipt_26.1.2021.pdf
    2021-01-26 09:33 - 2021-01-26 09:33 - 000081319 _____ C:\Users\c\Desktop\3797529472_receipt_26.1.2021.pdf
    2021-01-25 14:41 - 2021-01-25 14:41 - 000001497 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 14:41 - 2021-01-25 14:41 - 000001497 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 14:41 - 2021-01-25 14:41 - 000001497 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:33 - 2021-01-25 13:33 - 000000000 ____D C:\Users\c\AppData\Local\4kdownload.com
    2021-01-25 13:33 - 2021-01-25 13:33 - 000000000 ____D C:\Users\c\AppData\Local\4kdownload.com
    2021-01-25 13:33 - 2021-01-25 13:33 - 000000000 ____D C:\Users\c\AppData\Local\4kdownload.com
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000000 ____D C:\Program Files\4KDownload
    2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\c\AppData\LocalO
    2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\c\AppData\LocalO
    2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\c\AppData\LocalO
    2021-01-19 09:00 - 2021-01-19 09:00 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
    2021-01-19 08:59 - 2021-01-19 08:59 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
    2021-01-19 08:59 - 2021-01-19 08:59 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2021-01-19 08:59 - 2021-01-19 08:59 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
    2021-01-19 08:59 - 2021-01-19 08:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
    2021-01-19 08:59 - 2021-01-19 08:59 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2021-01-19 08:59 - 2021-01-19 08:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
    2021-01-19 08:59 - 2021-01-19 08:59 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2021-01-19 08:59 - 2021-01-19 08:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2021-01-19 08:59 - 2021-01-19 08:59 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
    2021-01-19 08:58 - 2021-01-19 08:58 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2021-01-19 08:58 - 2021-01-19 08:58 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
    2021-01-19 08:58 - 2021-01-19 08:58 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2021-01-19 08:57 - 2021-01-19 08:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2021-01-19 08:57 - 2021-01-19 08:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2021-01-19 08:57 - 2021-01-19 08:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2021-01-19 08:57 - 2021-01-19 08:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
    2021-01-19 08:56 - 2021-01-19 08:56 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
    2021-01-19 08:56 - 2021-01-19 08:56 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
    2021-01-19 08:56 - 2021-01-19 08:56 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
    2021-01-19 08:55 - 2021-01-19 08:55 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2021-01-19 08:55 - 2021-01-19 08:55 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2021-01-19 08:55 - 2021-01-19 08:55 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
    2021-01-19 08:54 - 2021-01-19 08:54 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
    2021-01-19 08:54 - 2021-01-19 08:54 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
    2021-01-19 08:53 - 2021-01-19 08:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
    2021-01-19 08:53 - 2021-01-19 08:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
    2021-01-19 08:53 - 2021-01-19 08:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
    2021-01-19 08:52 - 2021-01-19 08:52 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2021-01-19 08:52 - 2021-01-19 08:52 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
    2021-01-19 08:52 - 2021-01-19 08:52 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
    2021-01-19 08:51 - 2021-01-19 08:51 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2021-01-19 08:51 - 2021-01-19 08:51 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
    2021-01-19 08:51 - 2021-01-19 08:51 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
    2021-01-19 08:51 - 2021-01-19 08:51 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2021-01-19 08:51 - 2021-01-19 08:51 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
    2021-01-15 17:59 - 2021-01-15 17:59 - 000147425 _____ C:\Users\c\Desktop\fw9 cmg.pdf
    2021-01-15 17:59 - 2021-01-15 17:59 - 000147425 _____ C:\Users\c\Desktop\fw9 cmg.pdf
    2021-01-15 17:59 - 2021-01-15 17:59 - 000147425 _____ C:\Users\c\Desktop\fw9 cmg.pdf
    2021-01-15 17:54 - 2021-01-15 17:54 - 000132144 _____ C:\Users\c\Desktop\fw9.pdf
    2021-01-15 17:54 - 2021-01-15 17:54 - 000132144 _____ C:\Users\c\Desktop\fw9.pdf
    2021-01-15 17:54 - 2021-01-15 17:54 - 000132144 _____ C:\Users\c\Desktop\fw9.pdf
    2021-01-14 19:59 - 2021-01-14 19:59 - 000001418 _____ C:\ProgramData\Desktop\WinX DVD Ripper Platinum.lnk
    2021-01-14 19:59 - 2021-01-14 19:59 - 000001418 _____ C:\ProgramData\Desktop\WinX DVD Ripper Platinum.lnk
    2021-01-14 19:59 - 2021-01-14 19:59 - 000001418 _____ C:\ProgramData\Desktop\WinX DVD Ripper Platinum.lnk
    2021-01-13 08:37 - 2021-01-13 08:37 - 000000000 ____D C:\Users\c\AppData\Local\ElevatedDiagnostics
    2021-01-13 08:37 - 2021-01-13 08:37 - 000000000 ____D C:\Users\c\AppData\Local\ElevatedDiagnostics
    2021-01-13 08:37 - 2021-01-13 08:37 - 000000000 ____D C:\Users\c\AppData\Local\ElevatedDiagnostics

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-12 12:10 - 2020-09-03 11:20 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C0982E36-30E1-41C9-A994-41EFFC416BD3}
    2021-02-12 11:29 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-02-12 11:29 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-02-12 11:29 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-02-12 09:10 - 2016-03-28 11:58 - 000000000 ____D C:\Program Files\CCleaner
    2021-02-12 08:58 - 2020-09-03 10:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-02-12 07:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-02-12 07:14 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-02-12 06:04 - 2018-06-03 21:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-02-12 06:01 - 2020-12-23 15:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2021-02-12 06:01 - 2020-12-23 15:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2021-02-12 06:01 - 2020-12-23 15:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2021-02-12 05:59 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
    2021-02-12 05:55 - 2015-08-15 08:25 - 000000000 __SHD C:\Users\c\IntelGraphicsProfiles
    2021-02-12 05:55 - 2015-08-15 08:25 - 000000000 __SHD C:\Users\c\IntelGraphicsProfiles
    2021-02-12 05:55 - 2015-08-15 08:25 - 000000000 __SHD C:\Users\c\IntelGraphicsProfiles
    2021-02-12 05:54 - 2020-09-23 14:30 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
    2021-02-12 05:54 - 2020-09-03 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-02-12 05:54 - 2020-09-03 10:43 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-02-12 05:54 - 2017-08-06 14:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2021-02-11 19:49 - 2019-12-07 01:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-02-11 14:24 - 2020-09-03 11:20 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
    2021-02-11 11:11 - 2017-11-30 23:33 - 000000000 ____D C:\Users\c\AppData\Local\Packages
    2021-02-11 11:11 - 2017-11-30 23:33 - 000000000 ____D C:\Users\c\AppData\Local\Packages
    2021-02-11 11:11 - 2017-11-30 23:33 - 000000000 ____D C:\Users\c\AppData\Local\Packages
    2021-02-11 05:52 - 2020-09-03 11:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-02-10 18:30 - 2020-09-03 11:04 - 002316746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-02-10 18:30 - 2020-09-03 09:39 - 000784294 _____ C:\WINDOWS\system32\perfh00A.dat
    2021-02-10 18:30 - 2020-09-03 09:39 - 000152874 _____ C:\WINDOWS\system32\perfc00A.dat
    2021-02-10 18:30 - 2020-09-03 09:29 - 000427366 _____ C:\WINDOWS\system32\prfh0804.dat
    2021-02-10 18:30 - 2020-09-03 09:29 - 000132888 _____ C:\WINDOWS\system32\prfc0804.dat
    2021-02-10 15:18 - 2020-09-03 10:43 - 002448520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-02-10 15:14 - 2020-09-03 09:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\es-MX
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-02-10 15:14 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
    2021-02-10 14:36 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-02-10 14:11 - 2020-09-23 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
    2021-02-10 14:11 - 2020-09-23 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
    2021-02-10 14:11 - 2020-09-23 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
    2021-02-09 20:39 - 2014-04-20 05:32 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-02-09 20:35 - 2014-04-20 05:32 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-02-09 18:37 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\RealtimeBoard
    2021-02-09 18:37 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\RealtimeBoard
    2021-02-09 18:37 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\RealtimeBoard
    2021-02-09 16:43 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miro
    2021-02-09 16:43 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miro
    2021-02-09 16:43 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miro
    2021-02-09 16:43 - 2020-12-09 12:55 - 000000000 ____D C:\Users\c\AppData\Local\RealtimeBoard
    2021-02-09 16:43 - 2020-12-09 12:55 - 000000000 ____D C:\Users\c\AppData\Local\RealtimeBoard
    2021-02-09 16:43 - 2020-12-09 12:55 - 000000000 ____D C:\Users\c\AppData\Local\RealtimeBoard
    2021-02-09 14:31 - 2014-04-12 07:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-02-09 14:31 - 2014-04-12 07:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-02-09 14:31 - 2014-04-12 07:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-02-09 14:29 - 2013-08-22 05:25 - 000000167 _____ C:\WINDOWS\win.ini
    2021-02-08 12:33 - 2020-09-08 15:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-02-08 12:33 - 2020-09-08 15:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-02-08 12:33 - 2020-09-08 15:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-02-08 12:26 - 2020-09-08 15:52 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-02-08 12:26 - 2020-09-08 15:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-02-08 12:21 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2021-02-08 02:56 - 2020-09-24 06:51 - 000081632 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
    2021-02-05 12:01 - 2020-09-03 11:20 - 000003704 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA1d25803fdc7a053
    2021-02-05 12:01 - 2020-09-03 11:20 - 000003436 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core1d25803fdb326f1
    2021-02-05 12:00 - 2020-09-03 11:20 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-02-05 12:00 - 2020-09-03 11:20 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-02-05 08:13 - 2020-09-03 12:42 - 000000000 ____D C:\Users\c\Desktop\Bin
    2021-02-05 08:13 - 2020-09-03 12:42 - 000000000 ____D C:\Users\c\Desktop\Bin
    2021-02-05 08:13 - 2020-09-03 12:42 - 000000000 ____D C:\Users\c\Desktop\Bin
    2021-02-04 12:52 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2021-01-25 13:25 - 2014-03-06 04:53 - 000000000 ____D C:\ProgramData\Package Cache
    2021-01-25 13:25 - 2014-03-06 04:53 - 000000000 ____D C:\ProgramData\Package Cache
    2021-01-25 13:25 - 2014-03-06 04:53 - 000000000 ____D C:\ProgramData\Package Cache
    2021-01-25 11:33 - 2015-08-15 10:28 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2021-01-19 16:08 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2021-01-19 16:08 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
    2021-01-19 08:51 - 2020-09-03 10:54 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

    ==================== Files in the root of some directories ========

    2017-08-01 10:25 - 2017-08-01 10:25 - 003599032 _____ (COMODO) C:\ProgramData\cis86FC.exe
    2017-08-01 10:25 - 2017-08-01 10:25 - 003599032 _____ (COMODO) C:\ProgramData\cis86FC.exe
    2017-08-01 10:25 - 2017-08-01 10:25 - 003599032 _____ (COMODO) C:\ProgramData\cis86FC.exe
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0003.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0003.tmp_r.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0005.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0005.tmp_r.bat
    2014-04-12 14:26 - 2014-04-12 14:26 - 000004096 ____H () C:\Users\c\AppData\Local\keyfile3.drm
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000484 _____ () C:\Users\c\AppData\Local\LMIR0001.tmp_r.bat
    2020-12-24 11:41 - 2020-12-24 11:41 - 000000000 _____ () C:\Users\c\AppData\Local\oobelibMkey.log
    2015-05-30 04:12 - 2015-05-30 04:12 - 000000017 _____ () C:\Users\c\AppData\Local\resmon.resmoncfg
    2016-03-28 08:30 - 2016-03-28 08:30 - 000000000 _____ () C:\Users\c\AppData\Local\{39FC4BF6-EBE5-4C6D-8CD0-523D736C319D}
    2017-06-27 10:24 - 2017-06-27 10:24 - 000000000 _____ () C:\Users\c\AppData\Local\{A55F7BDC-57B6-4276-977C-E81965031F88}
    2016-03-28 11:53 - 2016-03-28 11:53 - 000000000 _____ () C:\Users\c\AppData\Local\{B38E1236-81DE-47E1-92DD-9878900B5276}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  3. #3
    Join Date
    May 2005
    Posts
    122
    ADDITION.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021
    Ran by c (12-02-2021 12:55:15)
    Running from C:\Users\c\Desktop
    Windows 10 Home Version 2004 19041.804 (X64) (2020-09-03 19:24:01)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2517961349-2002184368-2333218459-500 - Administrator - Disabled)
    c (S-1-5-21-2517961349-2002184368-2333218459-1001 - Administrator - Enabled) => C:\Users\c
    DefaultAccount (S-1-5-21-2517961349-2002184368-2333218459-503 - Limited - Disabled)
    Guest (S-1-5-21-2517961349-2002184368-2333218459-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2517961349-2002184368-2333218459-1003 - Limited - Enabled)
    lillian3443 (S-1-5-21-2517961349-2002184368-2333218459-1004 - Limited - Enabled) => C:\Users\lillian3443
    WDAGUtilityAccount (S-1-5-21-2517961349-2002184368-2333218459-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4K Video Downloader (HKLM\...\{19BDF435-8F4A-4AFC-80AE-AF007BD67A8E}) (Version: 4.14.2.4070 - Open Media LLC) Hidden
    4K Video Downloader (HKLM-x32\...\{86b588ff-78bb-4251-85d5-56f2450b123a}) (Version: 4.14.2.4070 - Open Media LLC)
    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
    Adobe Connect (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
    AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    Atom (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\atom) (Version: 1.29.0 - GitHub Inc.)
    Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.9.5357.1746 - Avast Software)
    Aventail Access Manager (HKLM-x32\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc) Hidden
    Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
    Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
    Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.64.241 - SonicWALL Inc)
    CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
    Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
    Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
    DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Video Support Plugin (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
    GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
    GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
    Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    HP ENVY 5660 series Basic Device Software (HKLM\...\{2C0721C5-0CD8-46BC-9D7D-666D3B171CFF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
    HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
    HP Photo Creations (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
    iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
    IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
    Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    KA Lite version 0.14.0 (HKLM-x32\...\KA Lite-Foundation for Learning Equality_is1) (Version: 0.14.0 - Foundation for Learning Equality)
    KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Miro (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\RealtimeBoard) (Version: 0.4.7 - Miro)
    Movavi Video Editor 14 Plus (x64) (HKLM\...\Movavi Video Editor 14 Plus (x64)) (Version: 14.3.0 - Movavi)
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
    Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Product Improvement Study for HP ENVY 5660 series (HKLM\...\{03EDBA70-A4E9-4AC9-A76A-8EE5172684BF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
    Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
    Python 3.6.5 (32-bit) (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
    Python 3.6.5 Add to Path (32-bit) (HKLM-x32\...\{1D3BE06D-5E44-48FF-8D61-B744808EBE46}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    ScottradeELITE 2013 (HKLM-x32\...\{33B2F0C4-FBCE-4CDB-B98D-6D945068A150}) (Version: 5.2.0.0 - Scottrader)
    ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
    Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
    TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
    WinX DVD Ripper Platinum 8.20.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    Zoom (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2015-09-20] (Adobe Systems Incorporated)
    Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_2.0.3615.0_x64__vwcaa66y1ah8t [2014-06-05] (K-NFB Reading Technologies, Inc.)
    Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.8.4.0_x86__q4d96b2w5wcc2 [2021-02-11] (Evernote)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-11] (HP Inc.)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-01-09] (Hulu.)
    iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.47.0_x64__a76a11dkgb644 [2020-07-07] (iHeartMedia.)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-07-07] (Instagram)
    Khan Academy -> C:\Program Files\WindowsApps\KhanAcademy.KhanAcademy_1.4.0.0_neutral__h7gxd2e83qjmg [2015-09-20] (Khan Academy)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-09-20] (AMZN Mobile LLC)
    Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-20] (sMedio)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-07] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-03-28] (Ennova Research)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-09-03] (Netflix, Inc.)
    Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-09-20] (Toshiba America Information Systems, Inc.)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
    Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-04-21] (Zinio LLC)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\c\AppData\Local\GoToMeeting\9167\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (chi.ming.gong@lacity.org) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\cmg7590@gmail.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
    ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
    ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

    ==================== Loaded Modules (Whitelisted) =============

    2014-03-06 05:03 - 2013-07-02 14:29 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2015-05-23 08:40 - 2015-05-23 08:40 - 000088064 _____ () [File not signed] C:\Python27\DLLs\_ctypes.pyd
    2015-05-23 08:41 - 2015-05-23 08:41 - 000910336 _____ () [File not signed] C:\Python27\DLLs\_hashlib.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 000046080 _____ () [File not signed] C:\Python27\DLLs\_socket.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 000048128 _____ () [File not signed] C:\Python27\DLLs\_sqlite3.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 001315328 _____ () [File not signed] C:\Python27\DLLs\_ssl.pyd
    2015-05-23 08:41 - 2015-05-23 08:41 - 000010240 _____ () [File not signed] C:\Python27\DLLs\select.pyd
    2015-05-23 08:39 - 2015-05-23 08:39 - 000426496 _____ () [File not signed] C:\Python27\DLLs\sqlite3.dll
    2015-05-23 08:40 - 2015-05-23 08:40 - 000686080 _____ () [File not signed] C:\Python27\DLLs\unicodedata.pyd
    2014-03-06 05:03 - 2012-04-20 13:17 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\xerces-c_3_1.dll
    2014-03-06 05:03 - 2012-04-20 13:17 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icudt48.dll
    2014-03-06 05:03 - 2012-04-20 13:17 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icuuc48.dll
    2014-04-20 06:21 - 2009-07-19 13:48 - 000134144 _____ (Vivid Document Imaging Technologies) [File not signed] C:\WINDOWS\System32\PDFVC64.DLL

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPWia2_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4474.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4549.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4201.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4B89.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET55ED.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET5A0B.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET90D7.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET93E9.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET94F6.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9684.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9B8F.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9C5D.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D59.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D8A.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo63.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\danim.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRT.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRTREND.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz.drv:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qcut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6078.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6C72.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET7F22.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET85C0.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\strmdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\tm20dec.ax:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TWUNK_32.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\unam4ie.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\vidx16.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET1B24.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET3F40.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC0BE.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\cis86FC.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\read.oxps:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx:$CmdZnID [26]
    AlternateDataStreams: C:\ProgramData\cis86FC.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\read.oxps:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx:$CmdZnID [26]
    AlternateDataStreams: C:\ProgramData\cis86FC.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\read.oxps:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx:$CmdZnID [26]

  4. #4
    Join Date
    May 2005
    Posts
    122
    More ADDITION.txt

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {D30688FC-DCE4-4925-BDF6-DB294B4743F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> DefaultScope {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-10-13] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
    BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2009-11-27] (International Business Machines Corporation -> IBM Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2020-11-12] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
    Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2019-01-20 12:15 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2018-02-16 12:07 - 2018-02-16 12:07 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
    192.168.137.1 LLM-Win8-Laptop.mshome.net # 2023 2 3 15 20 7 56 742

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Python35-32;C:\Python35-32\Lib\site-packages\;C:\Python35-32\Scripts\;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Apple\Internet Services\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
    HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
    HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
    HKLM\...\StartupApproved\Run32: => "Win8PDF"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe_ID0EYTHM"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_48555157F9018AAD449F1763D57508C7"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "OneDriveSetup"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BEE0F98F-DCB6-4574-A1DC-D3E3A0155B09}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [{48A9D528-6086-4A31-A0D7-D93C3E065EA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{CE2909F8-452C-4C08-A59A-8C5248FEE6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{7AD7C4DD-2039-4C55-AC3C-0522552238C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C518D753-6F95-4129-A31A-66A8C1547EB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{79DAB9F0-EB65-44E0-8A43-318DDAD2768D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{7DB25458-3272-42FA-843C-44598FF0CF6B}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [{FE036410-4852-40D3-9C13-677A4210730D}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [{78D21A4D-7FD4-4D40-9A8B-20433D883741}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    FirewallRules: [{F750F970-6BF7-4542-9555-0663101006A2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    FirewallRules: [{E18F9BD0-6BF9-47F1-A4A9-F6AF19A8BBA1}] => (Allow) LPort=50901
    FirewallRules: [{5A49BF34-9E5A-45BF-9086-31DD2D37DB8A}] => (Allow) LPort=50900
    FirewallRules: [{C3C2F011-164C-4F8E-8B96-95C76C1B1FDF}] => (Allow) LPort=3704
    FirewallRules: [{BA2D35C1-868E-4F7B-8B29-0150CCAECBAF}] => (Allow) LPort=3703
    FirewallRules: [{0968D024-C3E0-47B7-A9C0-E394358C59FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{14A3CE72-FE99-4384-ABAD-635F5584D247}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [TCP Query User{7A0ECF99-CDDF-4C43-A312-608D8A33DBD6}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
    FirewallRules: [UDP Query User{0D417FD2-EDA2-4CCF-90BF-C5982F229714}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
    FirewallRules: [TCP Query User{7AD940C2-4F49-43D5-A6D4-EA0034552F6A}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{88648E0D-AE57-403A-8FE4-7D80E799C03D}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{4AAFDDAF-9205-4D1E-B676-1BE72F8FB82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{DF2707EC-50E2-40D0-A18E-747B3FE4DB3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{378DEC0E-047C-418A-B875-46198049F501}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{13B4907F-EC5F-4704-A9D2-D5D7EB45D3A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{834452D9-7981-4CE6-8482-4E1A3B76A895}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{006929CD-8219-4B7F-A0AE-97D04593D25C}] => (Allow) LPort=5357
    FirewallRules: [{F1F5D1F9-46F6-4E79-8E2E-4E3FBEE4FF4A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [TCP Query User{0DE31E68-45F7-491A-94F0-4B9AA29172BB}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{D690D24F-9CE5-48BC-BE2B-2ED78C77E241}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{78FF71A2-12EE-4E15-A5DF-ECB5D5240681}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{AD4CE048-DB8A-4136-89E7-E28B7948FF4E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{96596EC8-7E9F-417F-AF78-E4B1C1B9BE3E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{00559030-10B6-4F49-96FF-0E1B4BE6061A}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{650F5F0E-7F4E-47D4-A7F2-B082FD5C993D}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{63FADE1C-C387-4F6B-ACCE-C3C8A621D335}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{B8FBFF0B-C6C0-4CB1-B09A-EAEBBEC592BF}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{D55D7F0A-8563-4411-B526-219B85A10008}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{629B5330-96A5-466C-9442-23BE4063725C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7B27641A-2992-40E3-AA56-98E9F745894F}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{C6C25CFD-E570-486E-A066-558B40B7E26A}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{657104BE-515C-4CC2-A78B-088D6E82D667}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{ECDD8879-CDBC-400A-80B0-5B4B23DC4DE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{136E9FA3-E8B4-4308-890B-694AA75DD203}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1913DF20-0659-4CB2-B00C-50F299679D70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3C956F09-9960-4BE2-967A-0E05EF505404}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{CB667020-5CE2-43AB-B87D-1EB0FB32913C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DBCB7E27-93BF-4D74-B4FC-45D3A503C4CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{6DD307BD-8B8A-4D00-9278-3966F5A81E4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{28DB4011-C656-4EB2-BCA9-3957B33F681E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A4F98D0C-9D93-4FC9-B8CA-B0D5EA10F88E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{E78F839B-1205-45F6-BB1A-0BFBFFD7679A}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe (Realtimeboard, Inc. -> Miro)
    FirewallRules: [UDP Query User{EA34BE96-5177-45C3-B2EE-8AB88252F9FB}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe (Realtimeboard, Inc. -> Miro)

    ==================== Restore Points =========================

    29-01-2021 11:51:18 Scheduled Checkpoint
    08-02-2021 14:28:32 Scheduled Checkpoint
    09-02-2021 20:39:08 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (02/10/2021 05:52:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ShellExperienceHost.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 144c

    Start Time: 01d6ffb3d6705204

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

    Report Id: 4323b2c8-9845-403e-9eb8-9733df1543ea

    Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: App

    Hang type: Quiesce

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (02/09/2021 06:42:45 PM) (Source: Service1) (EventID: 0) (User: )
    Description: Service cannot be started. A system shutdown is in progress

    Error: (02/09/2021 06:42:44 PM) (Source: ThpSrv) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (02/09/2021 03:28:46 PM) (Source: Service1) (EventID: 0) (User: )
    Description: Service cannot be started. A system shutdown is in progress


    System errors:
    =============
    Error: (02/11/2021 07:49:22 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (02/11/2021 07:49:22 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (02/11/2021 07:41:42 PM) (Source: DCOM) (EventID: 10000) (User: LLM-WIN8-LAPTOP)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "2147942767"
    Happened while starting this command:
    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (02/10/2021 03:17:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\WINDOWS\System32\IWMSSvc.dll
    Error Code: 258

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TSDSettingService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (45000 milliseconds) while waiting for the TSDSettingService service to connect.

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ZeroConfigService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (45000 milliseconds) while waiting for the ZeroConfigService service to connect.

    Windows Defender:
    =================

    Date: 2021-02-12 12:35:53.8970000Z
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...7&enterprise=0
    Name: PUA:Win32/PiriformBundler
    ID: 277517
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\lillian3443\Downloads\ccsetup516.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: Real-Time Protection
    Process Name: C:\Users\c\Desktop\FRST64.exe
    Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
    Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

    Date: 2021-02-11 14:21:36.2970000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {1DCC1969-75E5-4C4E-AFC2-C29BB39268DE}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-09 15:24:10.6220000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {295A5E7B-FA5D-44BE-BCAF-2B74B7AC99DD}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-08 13:56:31.6540000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {C301C658-F804-473F-84CD-E05BB1C6F989}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-05 15:04:23.7330000Z
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan ID: {53BA6B33-71C6-4034-8299-428748BAB2D3}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-11 05:59:44.7980000Z
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.708.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-08 13:52:11.1160000Z
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2021-02-05 11:36:00.2450000Z
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.231.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-05 07:51:30.2350000Z
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.231.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-02 05:37:55.2210000Z
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.26.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    CodeIntegrity:
    =================

    ==================== Memory info ===========================

    BIOS: TOSHIBA 1.60 01/16/2014
    Motherboard: TOSHIBA VG10ST
    Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
    Percentage of memory in use: 84%
    Total physical RAM: 8104.14 MB
    Available physical RAM: 1243.29 MB
    Total Virtual: 9384.14 MB
    Available Virtual: 1332.46 MB

    ==================== Drives ================================

    Drive c: (TI10684700A) (Fixed) (Total:920.33 GB) (Free:705.8 GB) NTFS
    Drive f: () (Fixed) (Total:0.82 GB) (Free:0.25 GB) NTFS

    \\?\Volume{0e4900f6-53b7-11e3-adbb-0c54a51af203}\ (System) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
    \\?\Volume{2096407d-a532-11e3-9fb2-202564469259}\ (Recovery) (Fixed) (Total:9.14 GB) (Free:0.77 GB) NTFS
    \\?\Volume{0e4900fe-53b7-11e3-adbb-0c54a51af203}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===================================

    Any particular problems?

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  6. #6
    Join Date
    May 2005
    Posts
    122
    Nothing in particular, just wanted to see how my laptop is.

    Rogue Killer:

    RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19041) 64 bits
    Started in : Normal mode
    User : c [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20210211_144935, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2021/02/13 08:45:46 (Duration : 00:33:50)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.SlimCleaner|PUP.Slimware (Potentially Malicious)] C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - c).job -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [ /doScheduledScan] -> Found
    [PUP.SlimCleaner|PUP.Slimware (Potentially Malicious)] \SlimCleaner Plus (Scheduled Scan - c) -- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [/doScheduledScan] -> Found
    [PUP.Gen1 (Potentially Malicious)] (Microsoft Windows) \{D833A93D-B5D2-470A-9ED3-2C5738F4D819} -- C:\Windows\system32\pcalua.exe [-a "C:\Program Files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe"] -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    >>>>>> XX - Software
    [PUP.CleanMyPC (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\CleanMyPC -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\WebDiscoverBrowser -- N/A -> Found
    [PUP.WinZipDiskTools (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Nico Mak Computing -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\WebDiscoverBrowser -- N/A -> Found
    [PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\ByteFence -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\iLivid -- N/A -> Found
    [PUP.WinZipDiskTools (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Nico Mak Computing -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\SlimWare Utilities Inc -- N/A -> Found
    [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\WebDiscoverBrowser -- N/A -> Found
    [PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\ByteFence -- N/A -> Found
    >>>>>> XX - Uninstall
    [PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate -- N/A -> Found
    [PUP.SlimCleaner|PUP.Slimware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SlimCleaner Plus -- N/A -> Found
    >>>>>> R5 - Proxy
    [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigURL -- http://localhost:54382/redirect.pac -> Found
    [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 0http://localhost:54382/redirect.pac -> Found
    >>>>>> O87 - Firewall
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7DB25458-3272-42FA-843C-44598FF0CF6B} -- v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe|Name=iLivid| (C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe) (missing) -> Found
    [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FE036410-4852-40D3-9C13-677A4210730D} -- v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe|Name=iLivid| (C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe) (missing) -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.OnlineIO (Potentially Malicious)] (folder) AGData -- C:\Users\c\AppData\Roaming\AGData -> Found
    [PUP.CleanMyPC (Potentially Malicious)] (folder) CleanMyPC -- C:\Users\c\AppData\Roaming\CleanMyPC -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) SlimWare Utilities Inc -- C:\Users\c\AppData\Local\SlimWare Utilities Inc -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) YSearchUtil -- C:\Users\c\AppData\Local\YSearchUtil -> Found
    [PUP.OnlineIO|PUP.Gen1 (Potentially Malicious)] (folder) AnonymizerGadget -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) PCAcceleratePro -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCAcceleratePro -> Found
    [PUP.CleanMyPC (Potentially Malicious)] (folder) CleanMyPC -- C:\Program Files\CleanMyPC -> Found
    [PUP.OnlineIO|PUP.Gen1 (Potentially Malicious)] (folder) AnonymizerGadget -- C:\Program Files (x86)\AnonymizerGadget -> Found
    [PUP.Gen1 (Potentially Malicious)] (folder) WebDiscoverBrowser -- C:\Program Files (x86)\WebDiscoverBrowser -> Found

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


    Malwarebytes:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/13/21
    Scan Time: 9:35 AM
    Log File: d1e3a8fc-6e21-11eb-b98a-202564469259.json

    -Software Information-
    Version: 4.3.0.98
    Components Version: 1.0.1173
    Update Package Version: 1.0.37075
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19041.804)
    CPU: x64
    File System: NTFS
    User: LLM-Win8-Laptop\c

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 388368
    Threats Detected: 107
    Threats Quarantined: 0
    Time Elapsed: 9 min, 38 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 11
    PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimCleaner Plus (Scheduled Scan - c), No Action By User, 8003, 334098, , , , , ,
    PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3977E8C7-1A45-4E9C-9D72-F3B6EE8571DE}, No Action By User, 8003, 334098, , , , , ,
    PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3977E8C7-1A45-4E9C-9D72-F3B6EE8571DE}, No Action By User, 8003, 334098, , , , , ,
    PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\PCAccelPro, No Action By User, 5200, 500818, 1.0.37075, , ame, , ,
    PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, No Action By User, 5233, 253915, 1.0.37075, , ame, , ,
    Adware.SearchHijacker, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mdpljndcmbeikfnlflcggaipgnhiedbl, No Action By User, 11985, 893084, , , , , ,
    PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, No Action By User, 2001, 341522, 1.0.37075, , ame, , ,
    PUP.Optional.InstallCore, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\ICSW1.22, No Action By User, 112, 239562, 1.0.37075, , ame, , ,
    PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\WebDiscoverBrowser, No Action By User, 5233, 253912, 1.0.37075, , ame, , ,
    PUP.Optional.CleanMyPC, HKLM\SOFTWARE\CleanMyPC, No Action By User, 8231, 423644, 1.0.37075, , ame, , ,
    PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, No Action By User, 5233, 253915, 1.0.37075, , ame, , ,

    Registry Value: 7
    PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, No Action By User, 5200, 255023, 1.0.37075, , ame, , ,
    PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3977E8C7-1A45-4E9C-9D72-F3B6EE8571DE}|PATH, No Action By User, 8003, 334102, 1.0.37075, , ame, , ,
    Adware.SearchHijacker, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mdpljndcmbeikfnlflcggaipgnhiedbl, No Action By User, 11985, 893084, , , , , ,
    PUP.Optional.PCAcceleratePro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCACCELERATEPRO.EXE, No Action By User, 5200, 315965, 1.0.37075, , ame, , ,
    PUP.Optional.Spigot.Generic, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|enjhholhglnfgjmbpnimdpnlelanhkhg, No Action By User, 8440, 454579, , , , , ,
    PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ghmmejfijcoadonhfnlnmcgleppjhjkk, No Action By User, 9442, 448980, , , , , ,
    PUP.Optional.SecuryBrowse, HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 4\extensions.settings|fojomppheellamdaddnbgommepnlkooh, No Action By User, 11960, 657125, , , , , ,

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 26
    PUP.Optional.PCAcceleratePro, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PCACCELERATEPRO, No Action By User, 5200, 181160, 1.0.37075, , ame, , ,
    PUP.Optional.Webbar, C:\PROGRAM FILES (X86)\WEBDISCOVERBROWSER, No Action By User, 8176, 348279, 1.0.37075, , ame, , ,
    PUP.Optional.PCAP, C:\PROGRAM FILES (X86)\INSTALLER_P.C.A.P, No Action By User, 8746, 383709, 1.0.37075, , ame, , ,
    PUP.Optional.CleanMyPC, C:\PROGRAM FILES\CLEANMYPC, No Action By User, 8231, 855194, 1.0.37075, , ame, , ,
    Adware.SearchHijacker, C:\USERS\LILLIAN3443\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl, No Action By User, 11985, 893084, , , , , ,
    Adware.SearchHijacker, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\mdpljndcmbeikfnlflcggaipgnhiedbl, No Action By User, 11985, 893084, 1.0.37075, , ame, , ,
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg, No Action By User, 8440, 454579, , , , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 8440, 454579, , , , , ,
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENJHHOLHGLNFGJMBPNIMDPNLELANHKHG, No Action By User, 8440, 454579, 1.0.37075, , ame, , ,
    PUP.Optional.SearchEncrypt.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 9442, 448980, , , , , ,
    PUP.Optional.SearchEncrypt.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GHMMEJFIJCOADONHFNLNMCGLEPPJHJKK, No Action By User, 9442, 448980, 1.0.37075, , ame, , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Extensions\fojomppheellamdaddnbgommepnlkooh, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.WinYahoo.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 8943, 622075, , , , , ,
    PUP.Optional.WinYahoo.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 8943, 622075, , , , , ,
    PUP.Optional.WinYahoo.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Data\LevelDB, No Action By User, 8943, 622075, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Data\LevelDB, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.MySearchDial, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 2097, 663899, , , , , ,
    PUP.Optional.MySearchDial, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, No Action By User, 2097, 663899, , , , , ,
    PUP.Optional.MySearchDial, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Sync Data\LevelDB, No Action By User, 2097, 663899, , , , , ,

    File: 63
    PUP.Optional.SlimCleanerPlus, C:\WINDOWS\TASKS\SlimCleaner Plus (Scheduled Scan - c).job, No Action By User, 8003, 331621, 1.0.37075, , ame, , 16965E4329022A390AFE0BFC910573B8, BD38420B7C6290CC71EC6CAD5A1E239CDC1182E09FD5FE4111F9E0E86721AB07
    PUP.Optional.SlimCleanerPlus, C:\WINDOWS\SYSTEM32\TASKS\SlimCleaner Plus (Scheduled Scan - c), No Action By User, 8003, 334098, 1.0.37075, , ame, , FCC2978DE062355AFF58796FA197852A, BB8F601536D48E7379E01E948898A26C5B7E8E2F44BBD9034400BED4E9A11034
    Adware.SearchHijacker, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, 11985, 893084, , , , , A51DA3D84E12FF3B76DB7E421BABCBA6, 64EB28816E83E5E59F6DD796582FDF4F92827391CB88F8255156215DED35E270
    Adware.SearchHijacker, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 11985, 893084, , , , , 88192B2ACD8B47FAACF7B8F6EA2B7867, 403A7678599C39CB675E590561CE1C659495DA80A8B76BBA90E0204BD48E075D
    Adware.SearchHijacker, C:\USERS\LILLIAN3443\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 11985, 893084, , , , , 22FE1643536E28B65B46A003B73F1228, 8F55C433F91133B92F04E5AC25495F05BF856CCBDE5E8144727956604C348846
    Adware.SearchHijacker, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 11985, 893084, , , , , 5A1B90848CD7969254840D5B7F0DB1A3, C1D3F6E9CE3F103BD88262B1287B95526DA01BBC2A202FFDCAB19BC1E638A6CD
    Adware.SearchHijacker, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, No Action By User, 11985, 893084, , , , , 18EB288C9156243705626070D48DC230, C4C1A5924D2A764FDED3687554E5AE372D79890CFB637477A2AE1594E52CBFA2
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 8440, 454579, , , , , 88192B2ACD8B47FAACF7B8F6EA2B7867, 403A7678599C39CB675E590561CE1C659495DA80A8B76BBA90E0204BD48E075D
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 8440, 454579, , , , , 5A1B90848CD7969254840D5B7F0DB1A3, C1D3F6E9CE3F103BD88262B1287B95526DA01BBC2A202FFDCAB19BC1E638A6CD
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\000003.log, No Action By User, 8440, 454579, , , , , B269713BA4FC5C6E78A6D4A21BD13E32, 22CA2514FDA5720C0D13C6A4C9646F485BE9657A4A821C3407E4EE3F8B5407E4
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\CURRENT, No Action By User, 8440, 454579, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\LOCK, No Action By User, 8440, 454579, , , , , ,
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\LOG, No Action By User, 8440, 454579, , , , , 2C1DB137D1A57C6461FA36C59A5EEB10, 438F5F288F0D5C07240464250AB74B89000F622A24FE7C8E32B9B61A614DA22F
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\LOG.old, No Action By User, 8440, 454579, , , , , 3748A290E219C4C16623073289A66113, 2C56A922542AD9632C991AF0863EA71617C0C92FC861CAEF4D60D116B5EA61B8
    PUP.Optional.Spigot.Generic, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\enjhholhglnfgjmbpnimdpnlelanhkhg\MANIFEST-000001, No Action By User, 8440, 454579, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
    PUP.Optional.Spigot.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ENJHHOLHGLNFGJMBPNIMDPNLELANHKHG\1.2_0\CHROMERESTORE.JS, No Action By User, 8440, 454579, 1.0.37075, , ame, , BA12E50806690AB3E36189A2773BAB4B, E2C56D7548635542BE44542CCE14B8BF997802AA5AD95BF1F526BF21B8E013C7
    PUP.Optional.SearchEncrypt.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 9442, 448980, , , , , 88192B2ACD8B47FAACF7B8F6EA2B7867, 403A7678599C39CB675E590561CE1C659495DA80A8B76BBA90E0204BD48E075D
    PUP.Optional.SearchEncrypt.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 9442, 448980, , , , , 5A1B90848CD7969254840D5B7F0DB1A3, C1D3F6E9CE3F103BD88262B1287B95526DA01BBC2A202FFDCAB19BC1E638A6CD
    PUP.Optional.SearchEncrypt.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GHMMEJFIJCOADONHFNLNMCGLEPPJHJKK\2.2.19_0\MANIFEST.JSON, No Action By User, 9442, 448980, 1.0.37075, , ame, , CC11EC9D487CCE53553BEE2A84747D54, 0DCDA918DA290B38E6CF1CEE6D6109FECA4BA8F03723FD0C9988EE6F6B1914AC
    PUP.Optional.DriverUpdate, C:\USERS\C\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, No Action By User, 2001, 533640, 1.0.37075, , ame, , 16EAA2636C6B9C7AE0FE1F035150B453, C838B7362BADA26EEABD577645ABFB097BE4A7E4CEF849A353AEE3D4874EA52C
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Secure Preferences, No Action By User, 11960, 657125, , , , , B172D58FB628D6EC73F972B4821F6832, 3BAE04CD12098E2413E5A90141D0810B67135ADF3505FA0CC118D3AC6C96D680
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Preferences, No Action By User, 11960, 657125, , , , , 0DC4F1EAEA86073E120608A30D53B538, F920E17F4FD571EBC049A7ADEBD2CBA7D269F6D0DB3554ED62397F0263DE5053
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\000003.log, No Action By User, 11960, 657125, , , , , 705E05F07BB2923CFA664A861169EF17, 2BCD6027E4F26337F638933A980CDA2B9C448F4C2C23C598FFDE9137DB1B73D6
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\CURRENT, No Action By User, 11960, 657125, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\LOCK, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\LOG, No Action By User, 11960, 657125, , , , , 9FB0E94D01A552EB26A0DEFD0C73BF93, 67AB79E9D852812153BE2ACD4A0ED8FDCAA492897276F7165B30999389778D08
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\LOG.old, No Action By User, 11960, 657125, , , , , 682B37A49937722EB3B502CBF069EE92, 0656B88391A24585B54A545243B03017F5BA4505BFAE3FC98DD421D110521676
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Extension Settings\fojomppheellamdaddnbgommepnlkooh\MANIFEST-000001, No Action By User, 11960, 657125, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\000005.ldb, No Action By User, 11960, 657125, , , , , 3AC319A387360BFD99907635773ABC56, 1C771C419835CE2086415FDB46B632F43A6755F8C760B766EB481A747D72D0DA
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\000029.ldb, No Action By User, 11960, 657125, , , , , 292BF28001D2BFD06D82DD6379D9976C, 5C4D96B8A33008575B9405DC90992D4F5917C1B010978645EFE0CEBCC1162C5D
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\000031.log, No Action By User, 11960, 657125, , , , , 9271F8734E0D765AFD004EB805B129DC, CBB525661932A6C0E1E945E93349AEECCBB08DE8F7020CEA75DDFCD6D72B7A04
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\000032.ldb, No Action By User, 11960, 657125, , , , , 8D060651B54E3A4045864F528ABC4229, 3DF7A1F0599389D263AE2E26147B0A464BBA2D3CCC54B97A00A851E57AFDB86B
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\CURRENT, No Action By User, 11960, 657125, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\LOCK, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\LOG, No Action By User, 11960, 657125, , , , , 266BB3D2281796A81BBFB70CADEDEF0F, 503717F380B9DF188E695FDA75A13EC7351147D68A6FEDE4C890A17942197A99
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\LOG.old, No Action By User, 11960, 657125, , , , , A1E718CF06784794DC5D9D56A4EF70DC, 161FE5E8C0E962860DF98AD1E7A8A7146A3FC1AC3934C70D363206BDC2F6989C
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 11960, 657125, , , , , 762152CD94EF5F51D5F10DA7694BC71D, 81C1D4CD1EF4BA80D69FB929A14C1915C2099F1EF1E24894BEFC30C85246F058
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 11960, 657125, , , , , 7FBDE77E3CF4B94BB7AA10C808AF83B8, F36019709BC60C5AFB74A221D91437136F82C55A5A93E61CB278C02ED98BE26F
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000024.ldb, No Action By User, 11960, 657125, , , , , 793EE82BB397D910A6A740D9EC348938, C990D38C254D551F6E3BBE810A26C8CCC97C8648942D289EBA3002F67083CEE7
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000027.ldb, No Action By User, 11960, 657125, , , , , B412705C96AEB0B72AEC73947B1D13CF, 56AAC39AA4BF503631A74D0032996E9F22E52AD4656EB6B3E18740603A8BA941
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000030.ldb, No Action By User, 11960, 657125, , , , , B304BFA15F4DBB72ED233F6B1FA3BFC8, 921815DA01A21F188D5FD00728216F098817EE117FD57A11EFD8F4BF953FF4EC
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000032.log, No Action By User, 11960, 657125, , , , , 4962E500066189053AF68DA043D2D4F8, 10EA8F9CABBE4DF594FB9169E6C1546D3B4EA49534C620BB435E0FE770E6A689
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000033.ldb, No Action By User, 11960, 657125, , , , , 8EB944505D02211F7DB72A170F1BB363, C7DA710DDF744C47946B87B579489478735D7D915746EE06BFAF24EF4E685BD6
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 11960, 657125, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 11960, 657125, , , , , 717FF91505D09AC0AF6B090CB1D0B034, 89A25AAE45A79306A1F9DABF045D1BE190C58443183CB93FDA6F64DF932C69E4
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 11960, 657125, , , , , 2C7165CD2D128E9FF946BB3BE1894095, 69AB7818AD763B182B4332CC30191DE120167E4F696A881E531B14D5D2E8F1DD
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 11960, 657125, , , , , 7827803606C4CCB9A7E834E4CE8BE7D3, 74C13B32ED0EE99280BC8CD6CF8AA7D69C7346BBA8AFD81FE28E77C30A65B913
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000005.ldb, No Action By User, 11960, 657125, , , , , 99F5C39140E79ABE736172CEEE305765, 8EC2A9AF573F9CA5D7366815F515EADAD296B0F8DEDD0BDBDF47A2A12E7C42A7
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000931.ldb, No Action By User, 11960, 657125, , , , , 859EC429635B14D641A902BA63C8E661, D74875C7100B65E3AF8EF7CE7259E60FFEA008A0F5F20424B839966666B98363
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000934.ldb, No Action By User, 11960, 657125, , , , , DE4575B252279A4BDDFD7BD1B6EE156B, 56DF9E9EC3FF9B8D9EC7E54ABFEB74B1C441E056FE4915BE6C443CDF26CD41D8
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000936.ldb, No Action By User, 11960, 657125, , , , , A00F942F63AD7DCBC0CCA2CB4D77C632, BCB21637291529B0ADCA8DA56ED8ECF01D34C591E7028B4EE96AD0132B4AE003
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000938.log, No Action By User, 11960, 657125, , , , , D40A61A5A91120B56748E99DC8099150, A376739BBC7A05808ECD40C5FC83DACB345B92A02715986136187A70672128DB
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000939.ldb, No Action By User, 11960, 657125, , , , , 70CE0E869CF7D97F15E6ED1CE0F6164C, 88C5FA2F5C1E9BED2E9CB454D87A60112E526F09D053C173E6C123C8E6F5CD6A
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\CURRENT, No Action By User, 11960, 657125, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOCK, No Action By User, 11960, 657125, , , , , ,
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG, No Action By User, 11960, 657125, , , , , 8C44E241931C89E2FB4FB958CF9C98DE, 071FAA12E81C9822168633664A7E6B3B0716D2F09332674B4EA4A6970758EF00
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG.old, No Action By User, 11960, 657125, , , , , 1577CB97ED61587A5FC25FE4B2347E71, 3904ED156F6999E975C68EAE65A741C3D4D36004D36B1CD5E793F60E717584E1
    PUP.Optional.SecuryBrowse, C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 11960, 657125, , , , , A4EC1E18774263CAC33066B7421EC0A4, 861C98DCCF3F288D26829C35A008CC08694255FD33CADF3B8F4C02BB69B47142
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Secure Preferences, No Action By User, 11960, 657125, 1.0.37075, , ame, , B172D58FB628D6EC73F972B4821F6832, 3BAE04CD12098E2413E5A90141D0810B67135ADF3505FA0CC118D3AC6C96D680
    PUP.Optional.WinYahoo.Generic, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Web Data, No Action By User, 8943, 622075, 1.0.37075, , ame, , 3127B2B071263A9CA046D38C1891FF91, AAD67A0290B3A0A5A7027E04E1A3E695029B2EBCE6D28FCF4A8B90543AC740B1
    PUP.Optional.SecuryBrowse, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Secure Preferences, No Action By User, 11960, 657125, 1.0.37075, , ame, , B172D58FB628D6EC73F972B4821F6832, 3BAE04CD12098E2413E5A90141D0810B67135ADF3505FA0CC118D3AC6C96D680
    PUP.Optional.MySearchDial, C:\USERS\C\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 4\Secure Preferences, No Action By User, 2097, 663899, 1.0.37075, , ame, , B172D58FB628D6EC73F972B4821F6832, 3BAE04CD12098E2413E5A90141D0810B67135ADF3505FA0CC118D3AC6C96D680

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  7. #7
    Join Date
    May 2005
    Posts
    122
    Adware Cleaner

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.8.0
    # -------------------------------
    # Build: 10-08-2020
    # Database: 2020-09-29.1 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-13-2021
    # Duration: 00:00:56
    # OS: Windows 10 Home
    # Scanned: 31837
    # Detected: 64


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.AnonymizerGadget C:\Users\c\AppData\Roaming\AGData
    PUP.Optional.CleanMyPC C:\Users\c\AppData\Roaming\CleanMyPC
    PUP.Optional.Legacy C:\Program Files (x86)\AnonymizerGadget
    PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
    PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
    PUP.Optional.Legacy C:\Users\c\AppData\Local\YSearchUtil
    PUP.Optional.Legacy C:\Users\lillian3443\AppData\Local\iLivid
    PUP.Optional.Legacy C:\Users\lillian3443\AppData\Local\torch
    PUP.Optional.SlimCleanerPlus C:\Users\c\AppData\Local\slimware utilities inc

    ***** [ Files ] *****

    PUP.Optional.Legacy C:\Windows\System32\wsusnative64.exe

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.DriverUpdate HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SlimCleaner Plus
    PUP.Optional.Legacy HKCU\Software\ilivid
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7DB25458-3272-42FA-843C-44598FF0CF6B}
    PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FE036410-4852-40D3-9C13-677A4210730D}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
    PUP.Optional.SlimCleanerPlus HKCU\Software\SlimWare Utilities Inc
    PUP.Optional.SlimCleanerPlus HKLM\Software\SlimWare Utilities Inc
    PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
    PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
    PUP.Optional.WinZipMalwareProtector HKCU\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
    PUP.Optional.WinZipMalwareProtector HKLM\Software\Wow6432Node\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
    PUP.Optional.WinZipMalwareProtector HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
    Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}
    Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
    Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
    Preinstalled.Pokki File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
    Preinstalled.TOSHIBAPasswordUtility Folder C:\Program Files (x86)\TOSHIBA\PASSWORDUTILITY
    Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|1.TPUReg
    Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|1.TPUReg
    Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
    Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
    Preinstalled.TOSHIBAQualityApplication Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAFB
    Preinstalled.TOSHIBAQualityApplication Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E69992ED-A7F6-406C-9280-1C156417BC49}
    Preinstalled.TOSHIBARegistration Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAREGISTRATION
    Preinstalled.TOSHIBARegistration Folder C:\ProgramData\TOSHIBA\TOSHIBAREGISTRATION
    Preinstalled.TOSHIBARegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5AF550B4-BB67-4E7E-82F1-2C4300279050}
    Preinstalled.TOSHIBASystemSettings Folder C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING
    Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TCrdMain
    Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TSSSrv
    Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain
    Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TSSSrv
    Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0}
    Preinstalled.TOSHIBAUser'sGuide Folder C:\Program Files (x86)\TOSHIBA\DOCUMENTATION
    Preinstalled.TOSHIBAUser'sGuide Folder C:\ProgramData\TOSHIBA\DOCUMENTATION
    Preinstalled.TOSHIBAUser'sGuide Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}
    Preinstalled.TOSHIBAUtilities Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES
    Preinstalled.ToshibaAppPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA APP PLACE
    Preinstalled.ToshibaAppPlace Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ToshibaAppPlace
    Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ToshibaAppPlace
    Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}
    Preinstalled.ToshibaBookPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA BOOK PLACE
    Preinstalled.ToshibaBookPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{11244D6B-9842-440F-8579-6A4D771A0D9B}
    Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit
    Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft
    Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres
    Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
    Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
    Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  8. #8
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  9. #9
    Join Date
    May 2005
    Posts
    122
    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2021
    Ran by c (administrator) on LLM-WIN8-LAPTOP (TOSHIBA Satellite P55t-A) (13-02-2021 19:11:25)
    Running from C:\Users\c\Desktop\VirtualDr 2-12-2021
    Loaded Profiles: c
    Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Python27\python.exe <2>
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
    (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\DSDFunctionKeyCtlService.exe <2>
    (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\RMService.exe
    (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
    (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe <2>
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (AlcorMicro, Corp. -> Alcor Micro Corp.)
    HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    HKLM-x32\...\Run: [Win8PDF] => C:\Program Files\PDF Printer for Windows 8\PDF.exe [484352 2011-10-21] (Vivid Document Imaging Technologies) [File not signed]
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [File not signed]
    HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2015-04-26] (Adobe Systems Incorporated) [File not signed]
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Google Update] => C:\Users\c\AppData\Local\Google\Update\1.3.36.72\GoogleUpdateCore.exe [216392 2021-02-05] (Google LLC -> Google LLC)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-10] (Adobe Inc. -> Adobe)
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google Inc -> Google)
    HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
    HKLM\...\Print\Monitors\HP DD11 Status Monitor: C:\WINDOWS\system32\hpinkstsDD11LM.dll [392192 2019-03-15] (HP Inc -> HP Inc.)
    HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5660 series): C:\WINDOWS\system32\HPDiscoPMDD11.dll [751624 2014-08-22] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    HKLM\...\Print\Monitors\PDF Printer 8 Monitor: C:\WINDOWS\system32\PDFVC64.DLL [134144 2009-07-19] (Vivid Document Imaging Technologies) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2021-02-10]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
    BootExecute: autocheck autochk * icarus_rvrt.exe
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {052F7AEA-D841-4335-8B2B-EBF3577F8FA6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0704FE91-F09C-411E-9D29-5FDB171E71E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [564536 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
    Task: {0AAD944F-9A53-49EC-8333-40AA93AFFD12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-10-12] (Apple Inc. -> Apple Inc.)
    Task: {0AB64EC2-019F-4BC7-9E11-F3A3AB91B706} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {1B18BF41-17F0-4F14-B499-35B20ADB7A30} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {21CB89DA-B90C-4869-88C2-904A9E2169F6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {229F78F0-9E30-4E3D-8BCD-87583E70311B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [5493472 2021-02-08] (Avast Software s.r.o. -> Avast Software)
    Task: {269B3759-3480-4327-8DC5-20C0BD6401C3} - System32\Tasks\KALite => "C:\Program Files (x86)\KA Lite\ka-lite\scripts\..\bin\windows\kalite.bat" [Argument = start] <==== ATTENTION
    Task: {2795C7FE-2827-4E75-88FB-9D151628FFDA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1001 -> No File <==== ATTENTION
    Task: {2DF084BD-598B-495D-BA10-B5273E7118F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {2EFCD059-0721-4456-8EC3-40AF629951C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {2F6C63AE-A3A2-4FF9-BACA-033A04B29CE2} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {38B0F723-A6B4-48DF-A649-E31C1A113476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {40DE327B-A87E-42CC-9839-070E2F2D13E1} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4665568 2021-02-10] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid bd9a6823-bf43-4de6-a2a4-07fa0c6079fb
    Task: {43F45DB2-EF73-475C-932C-DD4BF06AD6E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {48F60FB5-6C0A-488C-915B-3F8E735A6102} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
    Task: {49DE272C-639F-426C-8947-C3B5AA0890A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4E8C3FEE-58AA-4F00-A5BE-642F04E4C377} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {574A20D3-D6CB-4917-8276-6B7FFC6C329F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    Task: {57664E51-3EC5-4956-B519-950A4A5A7910} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {5884939A-2069-4421-A31A-720A38DA1F81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5BFCC6C3-B78F-488A-A52C-50B56428E64A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {5FCBB816-4AD0-4FE7-BA32-D2653B340BDC} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [5853704 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {6568BBDE-E827-42B3-83A3-641362C50DCF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core1d25803fdb326f1 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
    Task: {74072700-7314-4B0B-9BDE-7AEFBD5CEAB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {74582111-DE72-4122-B0F7-16FD01B2CFB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {76A4E1E6-56B9-4345-8C59-0CD35BB3A3A1} - System32\Tasks\{D833A93D-B5D2-470A-9ED3-2C5738F4D819} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe"
    Task: {7C7DFBF8-239A-4D57-96AA-19A39181CC31} - System32\Tasks\HP AR Program Upload - 568a98c258d343cebf9a05fa2aa4fe0f59af08290a5e4df1aecfa22536a2948a => C:\Program Files\HP\HP ENVY 5660 series\bin\HPRewards.exe [3528200 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    Task: {7EAF3850-0ED9-437C-95EE-78622F56E699} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {85A166D5-B36B-4D6A-9148-ACA9F46BB8AC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe [186368 2015-10-10] (Visan Industries -> )
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
    Task: {8F8BCC9B-9D98-43D7-8E6B-D121E223D8F6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {94F4EA41-6A4D-4CFB-9B73-9D22BF82E6BD} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1191136 2021-02-10] (Avast Software s.r.o. -> AVAST Software)
    Task: {96D84201-BD6A-4644-83AE-7823A900ACB0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    Task: {97F2C7D6-3CE2-45A5-905B-5C70FA9A0517} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2018-06-26] (Apple Inc. -> Apple Inc.)
    Task: {9C04CE76-891E-48D1-844B-60D70B0225D8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {A58F3D95-929F-41B1-96E0-9EE2BE7B991A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
    Task: {A66AC908-D8F5-4896-802B-969D677E89BB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {AB16BB19-879C-4CAB-8C8F-4DECEE589358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {ABE2A860-82E7-4A15-8C94-544A371EA65D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {AC75ED32-22BE-48FD-8729-953A740541FA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1004 -> No File <==== ATTENTION
    Task: {C4DDAE6E-75EE-42C1-B81B-1B6F048A5FBA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {C641CA4A-DC81-4DDC-9EFF-FD9DB7AA6FF1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-10] (Adobe Inc. -> Adobe)
    Task: {C9CC714D-946C-484F-9158-1639D904EA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
    Task: {CD88D095-566D-4498-B42F-1E1BA983353F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-07] (Mozilla Corporation -> Mozilla Foundation)
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {CFA30ADC-CF1A-4734-B305-173132409B3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D07662DD-BB68-4958-9B4E-6EF87F6CEB8E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D1D17853-2A32-420E-BEA3-A8BCC650BA28} - System32\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-28] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {EFB08E03-FB87-4F69-A127-E05F35718C8D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {EFBF0FBC-7039-4716-B6B5-8E94AB2AE821} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
    Task: {F3BC4D12-91FC-49F4-9738-8D371CBFC7E1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {F5437C33-8B51-4DDE-880A-76549891BCFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA1d25803fdc7a053 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {FA797F60-0088-4F0E-A423-8A226BB28D13} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {FB981D17-97B1-4A67-A4B2-C4CA21BC1C87} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-10] (Adobe Inc. -> Adobe)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19228\g2mupload.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    AutoConfigURL: [S-1-5-21-2517961349-2002184368-2333218459-1001] => hxxp://localhost:54382/redirect.pac
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{79d92ee1-68bc-4a3b-877d-225e497e73d4}: [DhcpNameServer] 127.0.0.1
    Tcpip\..\Interfaces\{925159be-dd25-4955-a81a-2b4fe34a3082}: [DhcpNameServer] 192.168.1.254
    ManualProxies: 0hxxp://localhost:54382/redirect.pac

    Edge:
    =======
    Edge HomeButtonPage: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> hxxp://yahoo.com/
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\c\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-13]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: 7sjsvts8.default-1544474668277
    FF ProfilePath: C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\7sjsvts8.default-1544474668277 [2021-02-13]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-10] (Adobe Inc. -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-10] (Adobe Inc. -> )
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin HKU\S-1-5-21-2517961349-2002184368-2333218459-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\c\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (Visan Industries -> RocketLife, LLP)

    Chrome:
    =======
    CHR DefaultProfile: Profile 2
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Default [2021-02-11]
    CHR DownloadDir: C:\Users\c\Desktop
    CHR Notifications: Default -> hxxps://www.thesun.co.uk
    CHR NewTab: Default -> Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
    CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
    CHR DefaultSearchKeyword: Default -> ecosia
    CHR DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
    CHR Extension: (Honey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-07-07]
    CHR Extension: (Ecosia Search) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2020-01-09]
    CHR Extension: (Wyzant Screen Sharing) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbjpoaaoeklmpdfjcbgenmbdjhecjjp [2020-01-09]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-03]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-09-04]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-07]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-07-07]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-03]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-11]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-02-11]
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-04]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-04]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-04]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-04]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-04]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-13]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-02-13]
    CHR Notifications: Profile 2 -> hxxps://meet.google.com
    CHR HomePage: Profile 2 -> hxxp://www.google.com/
    CHR StartupUrls: Profile 2 -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com"
    CHR DefaultSearchURL: Profile 2 -> hxxps://s.yimg.com/cv/apiv2/09062018/manifest/yahoo_install_48.png
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-17]
    CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-12-14]
    CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-12-14]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-12-14]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-17]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-02-04]
    CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-12-14]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-17]
    CHR Extension: (Yahoo) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bnpnjbjealcpabcenanokcflffolchnm [2020-12-14]
    CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
    CHR Extension: (Auto Admit for Google Meet) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\epemkdedgaoeeobdjmkmhhhbjemckmgb [2021-02-09]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-17]
    CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-12-14]
    CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
    CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-02-05]
    CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\glcimepnljoholdmjchkloafkggfoijh [2020-12-14]
    CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-14]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-12-14]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-02]
    CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-12-14]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-12]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-12-14]
    CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-12-14]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25]
    CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-12-14]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3 [2021-02-11]
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-23]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-23]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-02-11]
    CHR Notifications: Profile 4 -> hxxps://meet.google.com
    CHR HomePage: Profile 4 -> hxxp://www.google.com/
    CHR StartupUrls: Profile 4 -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com","hxxp://google.com/"
    CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
    CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-11-23]
    CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-11-23]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-11-23]
    CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
    CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
    CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-11-23]
    CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
    CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
    CHR Extension: (Online Security Pro) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ffjgpapimgnmibnacmeilgjefnoofefp [2020-11-23]
    CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-11-23]
    CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2020-11-23]
    CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-23]
    CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2020-12-06]
    CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\glcimepnljoholdmjchkloafkggfoijh [2020-11-23]
    CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-10]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-11-23]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
    CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-11-23]
    CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-14]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-23]
    CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-11-23]
    CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-11-23]
    CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
    CHR Extension: (Chrome Media Router) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-14]
    CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-11-23]
    CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-11]
    CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
    CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki]
    CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
    CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe Version Cue CS3; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2015-04-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-10] (Adobe Inc. -> Adobe)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\DSDFunctionKeyCtlService.exe [615768 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-04-26] (Macrovision Europe Ltd.) [File not signed]
    R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe [7936736 2021-02-10] (Avast Software s.r.o. -> AVAST Software)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
    S2 TSDHDDProtectService; C:\WINDOWS\System32\DriverStore\FileRepository\thpevm.inf_amd64_e37a98374075e5b1\dynabookHDDProtection.exe [425792 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\dynabookSystemService.exe [44767040 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\TOSTABSYSSVC.exe [254792 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\RMService.exe [446240 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

  10. #10
    Join Date
    May 2005
    Posts
    122
    Part 2 of FRST.txt:

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [59312 2020-09-24] (Avast Software s.r.o. -> Avast Software)
    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation -> Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation -> Symantec Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-13] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-13] (Malwarebytes Inc -> Malwarebytes)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
    R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    R0 Thpevm; C:\WINDOWS\System32\drivers\Thpevm.SYS [27384 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
    R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_652655c5335c62da\TosSrvCtlDrv.sys [25832 2020-11-18] (Dynabook Inc. -> Dynabook Inc.)
    S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2016-07-16] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-13 19:12 - 2021-02-13 19:12 - 000000000 ____D C:\Users\c\AppData\LocalLow\IGDump
    2021-02-13 10:03 - 2021-02-13 10:06 - 000000000 ____D C:\AdwCleaner
    2021-02-13 09:35 - 2021-02-13 09:35 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2021-02-13 09:34 - 2021-02-13 09:34 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-02-13 09:34 - 2021-02-13 09:34 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-02-13 09:33 - 2021-02-13 09:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-02-13 09:33 - 2021-02-13 09:33 - 000000000 ____D C:\Users\c\AppData\Local\mbam
    2021-02-13 09:32 - 2021-02-13 09:32 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-02-13 09:32 - 2021-02-13 09:32 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-02-13 09:32 - 2021-02-13 09:32 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2021-02-13 09:32 - 2021-02-13 09:32 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2021-02-13 09:32 - 2021-02-13 09:32 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2021-02-13 09:31 - 2021-02-13 09:31 - 000000000 ____D C:\Program Files\Malwarebytes
    2021-02-13 08:44 - 2021-02-13 08:50 - 000000000 ____D C:\ProgramData\RogueKiller
    2021-02-13 08:44 - 2021-02-13 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2021-02-13 08:44 - 2021-02-13 08:44 - 000000000 ____D C:\Program Files\RogueKiller
    2021-02-12 13:20 - 2021-02-13 19:11 - 000000000 ____D C:\Users\c\Desktop\VirtualDr 2-12-2021
    2021-02-12 12:29 - 2021-02-13 19:12 - 000000000 ____D C:\FRST
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019739 _____ C:\Users\c\Desktop\SPRING 2021 SM 103 CLASS ROSTER 2.11.21.xlsx
    2021-02-11 10:48 - 2021-02-11 10:48 - 000019469 _____ C:\Users\c\Desktop\SPRING 2021 SM 201 CLASS ROSTER 2.11.21.xlsx
    2021-02-10 15:17 - 2021-02-10 15:17 - 000002148 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
    2021-02-10 14:27 - 2021-02-10 14:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2021-02-10 14:27 - 2021-02-10 14:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2021-02-10 14:27 - 2021-02-10 14:27 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-02-10 14:27 - 2021-02-10 14:27 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-02-10 14:26 - 2021-02-10 14:26 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
    2021-02-09 16:43 - 2021-02-09 16:43 - 000002325 _____ C:\Users\c\Desktop\Miro.lnk
    2021-02-08 13:16 - 2021-02-08 13:18 - 320844785 _____ C:\Users\c\Desktop\Final minute and celebration of super bowl 55.mp4
    2021-02-03 12:30 - 2021-02-03 12:30 - 001034782 _____ C:\Users\c\Desktop\unit_7_shm_waves_practice_questions_2017_answers.pdf
    2021-02-03 12:29 - 2021-02-03 12:29 - 000044234 _____ C:\Users\c\Desktop\Oscillations.pdf
    2021-02-02 08:18 - 2021-02-02 08:18 - 000000000 ____D C:\Users\c\Desktop\LIUNA
    2021-02-01 18:45 - 2021-02-01 18:45 - 001031820 _____ C:\Users\c\Desktop\Quiz10-Ch.10.pdf
    2021-02-01 18:32 - 2021-02-02 08:16 - 000125707 _____ C:\Users\c\Desktop\2021-02-02.pdf
    2021-02-01 17:21 - 2021-02-01 17:21 - 008934877 _____ C:\Users\c\Desktop\Blue Oyster Cult - (Don't Fear) The Reaper (Audio).mp4
    2021-02-01 13:21 - 2021-02-01 13:21 - 000117832 _____ C:\Users\c\Desktop\AP PHYSICS B_ Period 6 HW before 1st test.pdf
    2021-02-01 13:13 - 2021-02-01 13:13 - 001332288 _____ C:\Users\c\Desktop\Scanned+Documents.pdf
    2021-02-01 12:27 - 2021-02-01 12:30 - 310285594 _____ C:\Users\c\Desktop\So Close 2002 Full Movie - Best Martial Arts Action Movies 2020.mp4
    2021-01-28 09:01 - 2021-01-28 09:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-01-27 13:45 - 2021-01-27 13:45 - 000433893 _____ C:\Users\c\Desktop\2020 Form 1099.pdf
    2021-01-27 10:34 - 2021-01-27 10:34 - 005482843 _____ C:\Users\c\Desktop\Pavement_Rehabilitation_Manual.pdf
    2021-01-27 05:31 - 2021-01-27 05:31 - 000000000 ____D C:\Users\c\Desktop\Bugs vs Bull
    2021-01-26 18:25 - 2021-01-26 18:25 - 000671381 _____ C:\Users\c\Desktop\W9 signed.pdf
    2021-01-26 09:33 - 2021-01-26 09:33 - 000081319 _____ C:\Users\c\Desktop\3797529472_receipt_26.1.2021.pdf
    2021-01-25 14:41 - 2021-01-25 14:41 - 000001497 _____ C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:33 - 2021-01-25 13:33 - 000000000 ____D C:\Users\c\AppData\Local\4kdownload.com
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
    2021-01-25 13:25 - 2021-01-25 13:25 - 000000000 ____D C:\Program Files\4KDownload
    2021-01-19 11:57 - 2021-01-19 11:57 - 000000000 ____D C:\Users\c\AppData\LocalO
    2021-01-19 09:00 - 2021-01-19 09:00 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
    2021-01-19 08:59 - 2021-01-19 08:59 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
    2021-01-19 08:59 - 2021-01-19 08:59 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2021-01-19 08:59 - 2021-01-19 08:59 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
    2021-01-19 08:59 - 2021-01-19 08:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
    2021-01-19 08:59 - 2021-01-19 08:59 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2021-01-19 08:59 - 2021-01-19 08:59 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
    2021-01-19 08:59 - 2021-01-19 08:59 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2021-01-19 08:59 - 2021-01-19 08:59 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2021-01-19 08:59 - 2021-01-19 08:59 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
    2021-01-19 08:58 - 2021-01-19 08:58 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2021-01-19 08:58 - 2021-01-19 08:58 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
    2021-01-19 08:58 - 2021-01-19 08:58 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2021-01-19 08:57 - 2021-01-19 08:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2021-01-19 08:57 - 2021-01-19 08:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2021-01-19 08:57 - 2021-01-19 08:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2021-01-19 08:57 - 2021-01-19 08:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
    2021-01-19 08:56 - 2021-01-19 08:56 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
    2021-01-19 08:56 - 2021-01-19 08:56 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
    2021-01-19 08:56 - 2021-01-19 08:56 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
    2021-01-19 08:55 - 2021-01-19 08:55 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2021-01-19 08:55 - 2021-01-19 08:55 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2021-01-19 08:55 - 2021-01-19 08:55 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
    2021-01-19 08:55 - 2021-01-19 08:55 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
    2021-01-19 08:54 - 2021-01-19 08:54 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
    2021-01-19 08:54 - 2021-01-19 08:54 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
    2021-01-19 08:53 - 2021-01-19 08:53 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
    2021-01-19 08:53 - 2021-01-19 08:53 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
    2021-01-19 08:53 - 2021-01-19 08:53 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
    2021-01-19 08:52 - 2021-01-19 08:52 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2021-01-19 08:52 - 2021-01-19 08:52 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
    2021-01-19 08:52 - 2021-01-19 08:52 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
    2021-01-19 08:51 - 2021-01-19 08:51 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2021-01-19 08:51 - 2021-01-19 08:51 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
    2021-01-19 08:51 - 2021-01-19 08:51 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
    2021-01-19 08:51 - 2021-01-19 08:51 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2021-01-19 08:51 - 2021-01-19 08:51 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
    2021-01-15 17:59 - 2021-01-15 17:59 - 000147425 _____ C:\Users\c\Desktop\fw9 cmg.pdf
    2021-01-15 17:54 - 2021-01-15 17:54 - 000132144 _____ C:\Users\c\Desktop\fw9.pdf
    2021-01-14 19:59 - 2021-01-14 19:59 - 000001418 _____ C:\ProgramData\Desktop\WinX DVD Ripper Platinum.lnk

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-02-13 19:09 - 2020-09-03 11:20 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C0982E36-30E1-41C9-A994-41EFFC416BD3}
    2021-02-13 19:07 - 2016-03-28 11:58 - 000000000 ____D C:\Program Files\CCleaner
    2021-02-13 19:06 - 2020-09-03 10:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-02-13 09:34 - 2020-07-07 10:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2021-02-13 09:34 - 2018-12-10 12:44 - 000000000 ____D C:\Users\c\AppData\LocalLow\Mozilla
    2021-02-13 09:33 - 2015-08-06 06:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-02-13 09:32 - 2019-12-07 01:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2021-02-13 09:32 - 2014-04-21 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
    2021-02-13 08:33 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-02-13 08:33 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-02-13 08:32 - 2020-09-08 15:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-02-13 08:32 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-02-13 07:58 - 2020-12-23 15:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
    2021-02-12 13:47 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2021-02-12 13:47 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
    2021-02-12 06:04 - 2018-06-03 21:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-02-12 05:55 - 2015-08-15 08:25 - 000000000 __SHD C:\Users\c\IntelGraphicsProfiles
    2021-02-12 05:54 - 2020-09-23 14:30 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
    2021-02-12 05:54 - 2020-09-03 11:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-02-12 05:54 - 2020-09-03 10:43 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-02-12 05:54 - 2017-08-06 14:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2021-02-11 19:49 - 2019-12-07 01:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-02-11 14:24 - 2020-09-03 11:20 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
    2021-02-11 11:11 - 2017-11-30 23:33 - 000000000 ____D C:\Users\c\AppData\Local\Packages
    2021-02-11 05:52 - 2020-09-03 11:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-02-10 18:30 - 2020-09-03 11:04 - 002316746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-02-10 18:30 - 2020-09-03 09:39 - 000784294 _____ C:\WINDOWS\system32\perfh00A.dat
    2021-02-10 18:30 - 2020-09-03 09:39 - 000152874 _____ C:\WINDOWS\system32\perfc00A.dat
    2021-02-10 18:30 - 2020-09-03 09:29 - 000427366 _____ C:\WINDOWS\system32\prfh0804.dat
    2021-02-10 18:30 - 2020-09-03 09:29 - 000132888 _____ C:\WINDOWS\system32\prfc0804.dat
    2021-02-10 15:18 - 2020-09-03 10:43 - 002448520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-02-10 15:15 - 2020-09-23 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
    2021-02-10 15:14 - 2020-09-03 09:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\es-MX
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-02-10 15:14 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-02-10 15:14 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
    2021-02-10 14:36 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-02-09 20:39 - 2014-04-20 05:32 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-02-09 20:35 - 2014-04-20 05:32 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-02-09 18:37 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\RealtimeBoard
    2021-02-09 16:43 - 2020-12-09 12:56 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miro
    2021-02-09 16:43 - 2020-12-09 12:55 - 000000000 ____D C:\Users\c\AppData\Local\RealtimeBoard
    2021-02-09 14:31 - 2014-04-12 07:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-02-09 14:29 - 2013-08-22 05:25 - 000000167 _____ C:\WINDOWS\win.ini
    2021-02-08 12:26 - 2020-09-08 15:52 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-02-08 12:26 - 2020-09-08 15:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-02-08 12:21 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2021-02-08 02:56 - 2020-09-24 06:51 - 000081632 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
    2021-02-05 12:01 - 2020-09-03 11:20 - 000003704 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA1d25803fdc7a053
    2021-02-05 12:01 - 2020-09-03 11:20 - 000003436 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core1d25803fdb326f1
    2021-02-05 12:00 - 2020-09-03 11:20 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-02-05 12:00 - 2020-09-03 11:20 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-02-05 08:13 - 2020-09-03 12:42 - 000000000 ____D C:\Users\c\Desktop\Bin
    2021-01-25 13:25 - 2014-03-06 04:53 - 000000000 ____D C:\ProgramData\Package Cache
    2021-01-25 11:33 - 2015-08-15 10:28 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2021-01-19 16:08 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2021-01-19 16:08 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
    2021-01-19 16:08 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
    2021-01-19 08:51 - 2020-09-03 10:54 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

    ==================== Files in the root of some directories ========

    2017-08-01 10:25 - 2017-08-01 10:25 - 003599032 _____ (COMODO) C:\ProgramData\cis86FC.exe
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0003.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0003.tmp_r.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0005.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0005.tmp_r.bat
    2014-04-12 14:26 - 2014-04-12 14:26 - 000004096 ____H () C:\Users\c\AppData\Local\keyfile3.drm
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000484 _____ () C:\Users\c\AppData\Local\LMIR0001.tmp_r.bat
    2020-12-24 11:41 - 2020-12-24 11:41 - 000000000 _____ () C:\Users\c\AppData\Local\oobelibMkey.log
    2015-05-30 04:12 - 2015-05-30 04:12 - 000000017 _____ () C:\Users\c\AppData\Local\resmon.resmoncfg
    2016-03-28 08:30 - 2016-03-28 08:30 - 000000000 _____ () C:\Users\c\AppData\Local\{39FC4BF6-EBE5-4C6D-8CD0-523D736C319D}
    2017-06-27 10:24 - 2017-06-27 10:24 - 000000000 _____ () C:\Users\c\AppData\Local\{A55F7BDC-57B6-4276-977C-E81965031F88}
    2016-03-28 11:53 - 2016-03-28 11:53 - 000000000 _____ () C:\Users\c\AppData\Local\{B38E1236-81DE-47E1-92DD-9878900B5276}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  11. #11
    Join Date
    May 2005
    Posts
    122
    ADDITION.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
    Ran by c (13-02-2021 19:16:59)
    Running from C:\Users\c\Desktop\VirtualDr 2-12-2021
    Windows 10 Home Version 2004 19041.804 (X64) (2020-09-03 19:24:01)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2517961349-2002184368-2333218459-500 - Administrator - Disabled)
    c (S-1-5-21-2517961349-2002184368-2333218459-1001 - Administrator - Enabled) => C:\Users\c
    DefaultAccount (S-1-5-21-2517961349-2002184368-2333218459-503 - Limited - Disabled)
    Guest (S-1-5-21-2517961349-2002184368-2333218459-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2517961349-2002184368-2333218459-1003 - Limited - Enabled)
    lillian3443 (S-1-5-21-2517961349-2002184368-2333218459-1004 - Limited - Enabled) => C:\Users\lillian3443
    WDAGUtilityAccount (S-1-5-21-2517961349-2002184368-2333218459-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4K Video Downloader (HKLM\...\{19BDF435-8F4A-4AFC-80AE-AF007BD67A8E}) (Version: 4.14.2.4070 - Open Media LLC) Hidden
    4K Video Downloader (HKLM-x32\...\{86b588ff-78bb-4251-85d5-56f2450b123a}) (Version: 4.14.2.4070 - Open Media LLC)
    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
    Adobe Connect (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
    AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
    Atom (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\atom) (Version: 1.29.0 - GitHub Inc.)
    Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.9.5357.1746 - Avast Software)
    Aventail Access Manager (HKLM-x32\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc) Hidden
    Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
    Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
    Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.64.241 - SonicWALL Inc)
    CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
    Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
    Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
    DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Video Support Plugin (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
    GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
    GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.)
    Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    HP ENVY 5660 series Basic Device Software (HKLM\...\{2C0721C5-0CD8-46BC-9D7D-666D3B171CFF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
    HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
    HP Photo Creations (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
    iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
    IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
    Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    KA Lite version 0.14.0 (HKLM-x32\...\KA Lite-Foundation for Learning Equality_is1) (Version: 0.14.0 - Foundation for Learning Equality)
    KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
    Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Miro (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\RealtimeBoard) (Version: 0.4.7 - Miro)
    Movavi Video Editor 14 Plus (x64) (HKLM\...\Movavi Video Editor 14 Plus (x64)) (Version: 14.3.0 - Movavi)
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Firefox 78.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.1 (x64 en-US)) (Version: 78.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
    Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Product Improvement Study for HP ENVY 5660 series (HKLM\...\{03EDBA70-A4E9-4AC9-A76A-8EE5172684BF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
    Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
    Python 3.6.5 (32-bit) (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
    Python 3.6.5 Add to Path (32-bit) (HKLM-x32\...\{1D3BE06D-5E44-48FF-8D61-B744808EBE46}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
    ScottradeELITE 2013 (HKLM-x32\...\{33B2F0C4-FBCE-4CDB-B98D-6D945068A150}) (Version: 5.2.0.0 - Scottrader)
    ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
    Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
    TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Skype for Business 2016 (KB4486745) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{496A4D4F-C386-42B7-9F94-8828BC626BB0}) (Version: - Microsoft)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
    WinX DVD Ripper Platinum 8.20.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
    Zoom (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2015-09-20] (Adobe Systems Incorporated)
    Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_2.0.3615.0_x64__vwcaa66y1ah8t [2014-06-05] (K-NFB Reading Technologies, Inc.)
    Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.8.4.0_x86__q4d96b2w5wcc2 [2021-02-11] (Evernote)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-11] (HP Inc.)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-01-09] (Hulu.)
    iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.47.0_x64__a76a11dkgb644 [2020-07-07] (iHeartMedia.)
    Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-07-07] (Instagram)
    Khan Academy -> C:\Program Files\WindowsApps\KhanAcademy.KhanAcademy_1.4.0.0_neutral__h7gxd2e83qjmg [2015-09-20] (Khan Academy)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-09-20] (AMZN Mobile LLC)
    Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-20] (sMedio)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-07] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-03-28] (Ennova Research)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-09-03] (Netflix, Inc.)
    Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-09-20] (Toshiba America Information Systems, Inc.)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
    Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
    Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-04-21] (Zinio LLC)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\c\AppData\Local\GoToMeeting\9167\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll (Google LLC -> Google LLC)
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-13] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-13] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (chi.ming.gong@lacity.org) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
    ShortcutWithArgument: C:\Users\c\Desktop\Bin\cmg7590@gmail.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
    ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
    ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

    ==================== Loaded Modules (Whitelisted) =============

    2014-03-06 05:03 - 2013-07-02 14:29 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2015-05-23 08:40 - 2015-05-23 08:40 - 000088064 _____ () [File not signed] C:\Python27\DLLs\_ctypes.pyd
    2015-05-23 08:41 - 2015-05-23 08:41 - 000910336 _____ () [File not signed] C:\Python27\DLLs\_hashlib.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 000046080 _____ () [File not signed] C:\Python27\DLLs\_socket.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 000048128 _____ () [File not signed] C:\Python27\DLLs\_sqlite3.pyd
    2015-05-23 08:40 - 2015-05-23 08:40 - 001315328 _____ () [File not signed] C:\Python27\DLLs\_ssl.pyd
    2015-05-23 08:41 - 2015-05-23 08:41 - 000010240 _____ () [File not signed] C:\Python27\DLLs\select.pyd
    2015-05-23 08:39 - 2015-05-23 08:39 - 000426496 _____ () [File not signed] C:\Python27\DLLs\sqlite3.dll
    2015-05-23 08:40 - 2015-05-23 08:40 - 000686080 _____ () [File not signed] C:\Python27\DLLs\unicodedata.pyd
    2014-03-06 05:03 - 2012-04-20 13:17 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\xerces-c_3_1.dll
    2014-03-06 05:03 - 2012-04-20 13:17 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icudt48.dll
    2014-03-06 05:03 - 2012-04-20 13:17 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icuuc48.dll
    2014-04-20 06:21 - 2009-07-19 13:48 - 000134144 _____ (Vivid Document Imaging Technologies) [File not signed] C:\WINDOWS\System32\PDFVC64.DLL

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPWia2_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4474.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4549.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4201.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4B89.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET55ED.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET5A0B.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET90D7.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET93E9.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET94F6.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9684.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9B8F.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9C5D.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D59.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D8A.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo63.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\danim.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRT.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRTREND.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz.drv:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qcut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6078.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6C72.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET7F22.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET85C0.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\strmdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\tm20dec.ax:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TWUNK_32.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\unam4ie.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\vidx16.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET1B24.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET3F40.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC0BE.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\cis86FC.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\read.oxps:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx:$CmdZnID [26]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {D30688FC-DCE4-4925-BDF6-DB294B4743F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> DefaultScope {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
    SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-10-13] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
    BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2009-11-27] (International Business Machines Corporation -> IBM Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2020-11-12] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-07] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
    Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2019-01-20 12:15 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2018-02-16 12:07 - 2018-02-16 12:07 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
    192.168.137.1 LLM-Win8-Laptop.mshome.net # 2023 2 3 15 20 7 56 742

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Python35-32;C:\Python35-32\Lib\site-packages\;C:\Python35-32\Scripts\;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Apple\Internet Services\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

  12. #12
    Join Date
    May 2005
    Posts
    122
    Part 2 ADDITION.txt

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
    HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
    HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
    HKLM\...\StartupApproved\Run32: => "Win8PDF"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe_ID0EYTHM"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_48555157F9018AAD449F1763D57508C7"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleDriveSync"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "OneDriveSetup"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BEE0F98F-DCB6-4574-A1DC-D3E3A0155B09}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [{48A9D528-6086-4A31-A0D7-D93C3E065EA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{CE2909F8-452C-4C08-A59A-8C5248FEE6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{7AD7C4DD-2039-4C55-AC3C-0522552238C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C518D753-6F95-4129-A31A-66A8C1547EB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{79DAB9F0-EB65-44E0-8A43-318DDAD2768D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{7DB25458-3272-42FA-843C-44598FF0CF6B}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [{FE036410-4852-40D3-9C13-677A4210730D}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [{78D21A4D-7FD4-4D40-9A8B-20433D883741}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    FirewallRules: [{F750F970-6BF7-4542-9555-0663101006A2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    FirewallRules: [{E18F9BD0-6BF9-47F1-A4A9-F6AF19A8BBA1}] => (Allow) LPort=50901
    FirewallRules: [{5A49BF34-9E5A-45BF-9086-31DD2D37DB8A}] => (Allow) LPort=50900
    FirewallRules: [{C3C2F011-164C-4F8E-8B96-95C76C1B1FDF}] => (Allow) LPort=3704
    FirewallRules: [{BA2D35C1-868E-4F7B-8B29-0150CCAECBAF}] => (Allow) LPort=3703
    FirewallRules: [{0968D024-C3E0-47B7-A9C0-E394358C59FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{14A3CE72-FE99-4384-ABAD-635F5584D247}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [TCP Query User{7A0ECF99-CDDF-4C43-A312-608D8A33DBD6}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
    FirewallRules: [UDP Query User{0D417FD2-EDA2-4CCF-90BF-C5982F229714}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
    FirewallRules: [TCP Query User{7AD940C2-4F49-43D5-A6D4-EA0034552F6A}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{88648E0D-AE57-403A-8FE4-7D80E799C03D}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{4AAFDDAF-9205-4D1E-B676-1BE72F8FB82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{DF2707EC-50E2-40D0-A18E-747B3FE4DB3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{378DEC0E-047C-418A-B875-46198049F501}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{13B4907F-EC5F-4704-A9D2-D5D7EB45D3A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{834452D9-7981-4CE6-8482-4E1A3B76A895}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [{006929CD-8219-4B7F-A0AE-97D04593D25C}] => (Allow) LPort=5357
    FirewallRules: [{F1F5D1F9-46F6-4E79-8E2E-4E3FBEE4FF4A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
    FirewallRules: [TCP Query User{0DE31E68-45F7-491A-94F0-4B9AA29172BB}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{D690D24F-9CE5-48BC-BE2B-2ED78C77E241}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{78FF71A2-12EE-4E15-A5DF-ECB5D5240681}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{AD4CE048-DB8A-4136-89E7-E28B7948FF4E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{96596EC8-7E9F-417F-AF78-E4B1C1B9BE3E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{00559030-10B6-4F49-96FF-0E1B4BE6061A}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
    FirewallRules: [{650F5F0E-7F4E-47D4-A7F2-B082FD5C993D}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{63FADE1C-C387-4F6B-ACCE-C3C8A621D335}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{B8FBFF0B-C6C0-4CB1-B09A-EAEBBEC592BF}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{D55D7F0A-8563-4411-B526-219B85A10008}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{629B5330-96A5-466C-9442-23BE4063725C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7B27641A-2992-40E3-AA56-98E9F745894F}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{C6C25CFD-E570-486E-A066-558B40B7E26A}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{657104BE-515C-4CC2-A78B-088D6E82D667}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{ECDD8879-CDBC-400A-80B0-5B4B23DC4DE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{136E9FA3-E8B4-4308-890B-694AA75DD203}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1913DF20-0659-4CB2-B00C-50F299679D70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3C956F09-9960-4BE2-967A-0E05EF505404}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{CB667020-5CE2-43AB-B87D-1EB0FB32913C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DBCB7E27-93BF-4D74-B4FC-45D3A503C4CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{6DD307BD-8B8A-4D00-9278-3966F5A81E4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{28DB4011-C656-4EB2-BCA9-3957B33F681E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A4F98D0C-9D93-4FC9-B8CA-B0D5EA10F88E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{E78F839B-1205-45F6-BB1A-0BFBFFD7679A}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe (Realtimeboard, Inc. -> Miro)
    FirewallRules: [UDP Query User{EA34BE96-5177-45C3-B2EE-8AB88252F9FB}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe (Realtimeboard, Inc. -> Miro)

    ==================== Restore Points =========================

    29-01-2021 11:51:18 Scheduled Checkpoint
    08-02-2021 14:28:32 Scheduled Checkpoint
    09-02-2021 20:39:08 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (02/13/2021 11:08:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimizer couldn't complete retrim on TI10684700A (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (02/10/2021 05:52:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ShellExperienceHost.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 144c

    Start Time: 01d6ffb3d6705204

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

    Report Id: 4323b2c8-9845-403e-9eb8-9733df1543ea

    Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: App

    Hang type: Quiesce

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (02/09/2021 08:41:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (02/09/2021 06:42:45 PM) (Source: Service1) (EventID: 0) (User: )
    Description: Service cannot be started. A system shutdown is in progress

    Error: (02/09/2021 06:42:44 PM) (Source: ThpSrv) (EventID: 0) (User: )
    Description: Event-ID 0


    System errors:
    =============
    Error: (02/12/2021 02:19:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume TI10684700A.

    The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x9000000000009. The name of the file is "<unable to determine file name>".

    Error: (02/12/2021 02:19:35 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume TI10684700A.

    The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000082711. The name of the file is "<unable to determine file name>".

    Error: (02/11/2021 07:49:22 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (02/11/2021 07:49:22 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (02/11/2021 07:41:42 PM) (Source: DCOM) (EventID: 10000) (User: LLM-WIN8-LAPTOP)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "2147942767"
    Happened while starting this command:
    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (02/10/2021 03:17:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\WINDOWS\System32\IWMSSvc.dll
    Error Code: 258

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TSDSettingService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (02/10/2021 03:17:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (45000 milliseconds) while waiting for the TSDSettingService service to connect.

    Windows Defender:
    ================
    Date: 2021-02-13 09:20:35
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-13 09:19:27
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...7&enterprise=0
    Name: PUA:Win32/PiriformBundler
    ID: 277517
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\lillian3443\Downloads\ccsetup516.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files\RogueKiller\RogueKiller64.exe
    Security intelligence Version: AV: 1.331.919.0, AS: 1.331.919.0, NIS: 1.331.919.0
    Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

    Date: 2021-02-12 12:35:53
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...7&enterprise=0
    Name: PUA:Win32/PiriformBundler
    ID: 277517
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\lillian3443\Downloads\ccsetup516.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: Real-Time Protection
    Process Name: C:\Users\c\Desktop\FRST64.exe
    Security intelligence Version: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
    Engine Version: AM: 1.1.17800.5, NIS: 1.1.17800.5

    Date: 2021-02-11 14:21:36
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-09 15:24:10
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-02-11 05:59:44
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.708.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-08 13:52:11
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2021-02-05 11:36:00
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.231.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-05 07:51:30
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.231.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-02-02 05:37:55
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.26.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ==============
    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-02-13 09:44:47
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================

    BIOS: TOSHIBA 1.60 01/16/2014
    Motherboard: TOSHIBA VG10ST
    Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
    Percentage of memory in use: 50%
    Total physical RAM: 8104.14 MB
    Available physical RAM: 3986.75 MB
    Total Virtual: 9384.14 MB
    Available Virtual: 5330.32 MB

    ==================== Drives ================================

    Drive c: (TI10684700A) (Fixed) (Total:920.33 GB) (Free:701.15 GB) NTFS
    Drive f: () (Fixed) (Total:0.82 GB) (Free:0.25 GB) NTFS

    \\?\Volume{0e4900f6-53b7-11e3-adbb-0c54a51af203}\ (System) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
    \\?\Volume{2096407d-a532-11e3-9fb2-202564469259}\ (Recovery) (Fixed) (Total:9.14 GB) (Free:0.77 GB) NTFS
    \\?\Volume{0e4900fe-53b7-11e3-adbb-0c54a51af203}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  14. #14
    Join Date
    May 2005
    Posts
    122
    Apologies for the delay, was caught up with Valentine's Day stuff.

    Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2021
    Ran by c (15-02-2021 14:37:58) Run:1
    Running from C:\Users\c\Desktop
    Loaded Profiles: c & lillian3443
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Task: {052F7AEA-D841-4335-8B2B-EBF3577F8FA6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {21CB89DA-B90C-4869-88C2-904A9E2169F6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {269B3759-3480-4327-8DC5-20C0BD6401C3} - System32\Tasks\KALite => "C:\Program Files (x86)\KA Lite\ka-lite\scripts\..\bin\windows\kalite.bat" [Argument = start] <==== ATTENTION
    Task: {2795C7FE-2827-4E75-88FB-9D151628FFDA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1001 -> No File <==== ATTENTION
    Task: {2DF084BD-598B-495D-BA10-B5273E7118F8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {38B0F723-A6B4-48DF-A649-E31C1A113476} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {43F45DB2-EF73-475C-932C-DD4BF06AD6E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {4E8C3FEE-58AA-4F00-A5BE-642F04E4C377} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5884939A-2069-4421-A31A-720A38DA1F81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {74072700-7314-4B0B-9BDE-7AEFBD5CEAB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {AC75ED32-22BE-48FD-8729-953A740541FA} - \WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1004 -> No File <==== ATTENTION
    Task: {CFA30ADC-CF1A-4734-B305-173132409B3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D07662DD-BB68-4958-9B4E-6EF87F6CEB8E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F3BC4D12-91FC-49F4-9738-8D371CBFC7E1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {FA797F60-0088-4F0E-A423-8A226BB28D13} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    2017-08-01 10:25 - 2017-08-01 10:25 - 003599032 _____ (COMODO) C:\ProgramData\cis86FC.exe
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0003.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0003.tmp_r.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000694 _____ () C:\Program Files (x86)\LMIR0005.tmp.bat
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000506 _____ () C:\Program Files (x86)\LMIR0005.tmp_r.bat
    2014-04-12 14:26 - 2014-04-12 14:26 - 000004096 ____H () C:\Users\c\AppData\Local\keyfile3.drm
    2017-08-01 12:08 - 2017-08-01 12:08 - 000000484 _____ () C:\Users\c\AppData\Local\LMIR0001.tmp_r.bat
    2020-12-24 11:41 - 2020-12-24 11:41 - 000000000 _____ () C:\Users\c\AppData\Local\oobelibMkey.log
    2015-05-30 04:12 - 2015-05-30 04:12 - 000000017 _____ () C:\Users\c\AppData\Local\resmon.resmoncfg
    2016-03-28 08:30 - 2016-03-28 08:30 - 000000000 _____ () C:\Users\c\AppData\Local\{39FC4BF6-EBE5-4C6D-8CD0-523D736C319D}
    2017-06-27 10:24 - 2017-06-27 10:24 - 000000000 _____ () C:\Users\c\AppData\Local\{A55F7BDC-57B6-4276-977C-E81965031F88}
    2016-03-28 11:53 - 2016-03-28 11:53 - 000000000 _____ () C:\Users\c\AppData\Local\{B38E1236-81DE-47E1-92DD-9878900B5276}
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\c\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\c\AppData\Local\GoToMeeting\9167\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\HPWia2_EN5660.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4474.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4549.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4201.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET4B89.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET55ED.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET5A0B.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET90D7.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET93E9.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET94F6.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9684.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9B8F.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9C5D.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D59.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SET9D8A.tmp:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [130]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo33.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\SynTPCo63.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\danim.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft3.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRT.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\LMRTREND.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz.drv:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\qcut.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6078.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET6C72.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET7F22.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SET85C0.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\strmdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\tm20dec.ax:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\TWUNK_32.EXE:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\unam4ie.exe:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\SysWOW64\vidx16.dll:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\netaapl64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET1B24.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET3F40.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETC0BE.tmp:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\ProgramData\cis86FC.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\A Rice Sandwich.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\ccsetup516.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\math.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\read.oxps:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx:$CmdZnID [26]
    Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FirewallRules: [{7DB25458-3272-42FA-843C-44598FF0CF6B}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [{FE036410-4852-40D3-9C13-677A4210730D}] => (Allow) C:\Users\lillian3443\AppData\Local\iLivid\iLivid.exe => No File
    FirewallRules: [TCP Query User{7AD940C2-4F49-43D5-A6D4-EA0034552F6A}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{88648E0D-AE57-403A-8FE4-7D80E799C03D}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{4AAFDDAF-9205-4D1E-B676-1BE72F8FB82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [{DF2707EC-50E2-40D0-A18E-747B3FE4DB3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
    FirewallRules: [TCP Query User{0DE31E68-45F7-491A-94F0-4B9AA29172BB}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [UDP Query User{D690D24F-9CE5-48BC-BE2B-2ED78C77E241}C:\users\c\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\c\appdata\roaming\spotify\spotify.exe => No File
    FirewallRules: [{650F5F0E-7F4E-47D4-A7F2-B082FD5C993D}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{63FADE1C-C387-4F6B-ACCE-C3C8A621D335}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{B8FBFF0B-C6C0-4CB1-B09A-EAEBBEC592BF}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{D55D7F0A-8563-4411-B526-219B85A10008}] => (Allow) C:\Users\c\Desktop\extra\JavaSetup8u131.exe => No File
    FirewallRules: [{C6C25CFD-E570-486E-A066-558B40B7E26A}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{657104BE-515C-4CC2-A78B-088D6E82D667}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\airhost.exe => No File


    *****************

    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
    C:\ProgramData\NTUSER.pol => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{052F7AEA-D841-4335-8B2B-EBF3577F8FA6}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{052F7AEA-D841-4335-8B2B-EBF3577F8FA6}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21CB89DA-B90C-4869-88C2-904A9E2169F6}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21CB89DA-B90C-4869-88C2-904A9E2169F6}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{269B3759-3480-4327-8DC5-20C0BD6401C3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269B3759-3480-4327-8DC5-20C0BD6401C3}" => removed successfully
    C:\WINDOWS\System32\Tasks\KALite => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KALite" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2795C7FE-2827-4E75-88FB-9D151628FFDA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2795C7FE-2827-4E75-88FB-9D151628FFDA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1001" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DF084BD-598B-495D-BA10-B5273E7118F8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DF084BD-598B-495D-BA10-B5273E7118F8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38B0F723-A6B4-48DF-A649-E31C1A113476}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38B0F723-A6B4-48DF-A649-E31C1A113476}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43F45DB2-EF73-475C-932C-DD4BF06AD6E7}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F45DB2-EF73-475C-932C-DD4BF06AD6E7}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E8C3FEE-58AA-4F00-A5BE-642F04E4C377}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E8C3FEE-58AA-4F00-A5BE-642F04E4C377}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5884939A-2069-4421-A31A-720A38DA1F81}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5884939A-2069-4421-A31A-720A38DA1F81}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74072700-7314-4B0B-9BDE-7AEFBD5CEAB1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74072700-7314-4B0B-9BDE-7AEFBD5CEAB1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC75ED32-22BE-48FD-8729-953A740541FA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC75ED32-22BE-48FD-8729-953A740541FA}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2517961349-2002184368-2333218459-1004" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFA30ADC-CF1A-4734-B305-173132409B3F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA30ADC-CF1A-4734-B305-173132409B3F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D07662DD-BB68-4958-9B4E-6EF87F6CEB8E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D07662DD-BB68-4958-9B4E-6EF87F6CEB8E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3BC4D12-91FC-49F4-9738-8D371CBFC7E1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3BC4D12-91FC-49F4-9738-8D371CBFC7E1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA797F60-0088-4F0E-A423-8A226BB28D13}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA797F60-0088-4F0E-A423-8A226BB28D13}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    C:\ProgramData\cis86FC.exe => moved successfully
    C:\Program Files (x86)\LMIR0003.tmp.bat => moved successfully
    C:\Program Files (x86)\LMIR0003.tmp_r.bat => moved successfully
    C:\Program Files (x86)\LMIR0005.tmp.bat => moved successfully
    C:\Program Files (x86)\LMIR0005.tmp_r.bat => moved successfully
    C:\Users\c\AppData\Local\keyfile3.drm => moved successfully
    C:\Users\c\AppData\Local\LMIR0001.tmp_r.bat => moved successfully
    C:\Users\c\AppData\Local\oobelibMkey.log => moved successfully
    C:\Users\c\AppData\Local\resmon.resmoncfg => moved successfully
    C:\Users\c\AppData\Local\{39FC4BF6-EBE5-4C6D-8CD0-523D736C319D} => moved successfully
    C:\Users\c\AppData\Local\{A55F7BDC-57B6-4276-977C-E81965031F88} => moved successfully
    C:\Users\c\AppData\Local\{B38E1236-81DE-47E1-92DD-9878900B5276} => moved successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
    HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\DdcWnsListener.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\dfp.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\DfpCommon.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\HPScanTRDrv_EN5660.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\HPWia2_EN5660.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\igfxCoIn_v4474.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\igfxCoIn_v4549.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\IntelWiDiMCComp64.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\IntelWiDiUMS64.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET4201.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET4B89.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET55ED.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET5A0B.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET90D7.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET93E9.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET94F6.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET9684.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET9B8F.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET9C5D.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET9D59.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SET9D8A.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SynCOM.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SynTPAPI.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SynTPCo33.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\SynTPCo63.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\WdfCoInstaller01011.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\danim.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\dns-sd.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\dxtmsft3.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\LMRT.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\LMRTREND.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\mciqtz.drv => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\NPSWF32.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\qcut.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\SET6078.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\SET6C72.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\SET7F22.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\SET85C0.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\strmdll.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\SynCom.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\tm20dec.ax => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\TWUNK_32.EXE => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\unam4ie.exe => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\SysWOW64\vidx16.dll => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\netaapl64.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\SET1B24.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\SET3F40.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\SETC0BE.tmp => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\SynTP.sys => ":$CmdTcID" ADS removed successfully
    C:\WINDOWS\system32\Drivers\wdcsam64.sys => ":$CmdTcID" ADS removed successfully
    "C:\ProgramData\cis86FC.exe" => ":$CmdTcID" ADS not found.
    C:\Users\lillian3443\Downloads\10 Major rules of Tink.docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\A Rice Sandwich (1).docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\A Rice Sandwich (2).docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\A Rice Sandwich.docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\ccsetup516.exe => ":$CmdTcID" ADS removed successfully
    C:\Users\lillian3443\Downloads\ccsetup516.exe => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\Current Event Article Analysis (1).docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\Current Event Article Analysis (2).docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\Current Event Article Analysis.docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\math (1).pdf => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\Math 6 First Semester Mastery form.docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\math.pdf => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\read.oxps => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\The Lunchroom Murder.docx => ":$CmdZnID" ADS removed successfully
    C:\Users\lillian3443\Downloads\TheImmigration1.1.docx.docx => ":$CmdZnID" ADS removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DB25458-3272-42FA-843C-44598FF0CF6B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE036410-4852-40D3-9C13-677A4210730D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7AD940C2-4F49-43D5-A6D4-EA0034552F6A}C:\users\c\appdata\roaming\spotify\spotify.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{88648E0D-AE57-403A-8FE4-7D80E799C03D}C:\users\c\appdata\roaming\spotify\spotify.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AAFDDAF-9205-4D1E-B676-1BE72F8FB82C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF2707EC-50E2-40D0-A18E-747B3FE4DB3C}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0DE31E68-45F7-491A-94F0-4B9AA29172BB}C:\users\c\appdata\roaming\spotify\spotify.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D690D24F-9CE5-48BC-BE2B-2ED78C77E241}C:\users\c\appdata\roaming\spotify\spotify.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{650F5F0E-7F4E-47D4-A7F2-B082FD5C993D}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63FADE1C-C387-4F6B-ACCE-C3C8A621D335}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8FBFF0B-C6C0-4CB1-B09A-EAEBBEC592BF}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D55D7F0A-8563-4411-B526-219B85A10008}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6C25CFD-E570-486E-A066-558B40B7E26A}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{657104BE-515C-4CC2-A78B-088D6E82D667}" => removed successfully


    The system needed a reboot.

    ==== End of Fixlog 14:38:01 ====

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •