|
-
April 2nd, 2022, 01:19 PM
#1
 [RESOLVED] Blue Screen of death with sad emoticon
Hiya. I am hoping someone can help me. My laptop is about 6 years old and has started giving me a blue screen of death that has a sad emoticon on it. It started happening as once in a blue moon and now is happening multiple times a day. I have done the scan as asked. Just hoping someone can help. Thank you in advance
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Leah\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]
FireFox:
========
FF DefaultProfile: n9ez0xmt.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
CHR Notifications: Default -> hxxps://tinder.com
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
Opera:
=======
OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Memory info ===========================
BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
Motherboard: ASUSTeK COMPUTER INC. Q553UB
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 12184.12 MB
Available physical RAM: 6560.17 MB
Total Virtual: 14040.12 MB
Available Virtual: 8357.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS
\\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
\\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)
Partition: GPT.
==================== End of Addition.txt =======================
-
April 4th, 2022, 08:00 AM
#2
Hiya I am just wondering if anyone can help me with this?
-
April 4th, 2022, 08:01 AM
#3
We'll be with you soon. We all live in different time zones 
Don't believe everything you think.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
April 4th, 2022, 08:10 AM
#4
Yeah no worries. My laptop often only gives me a short time to check anything before it gives me a blue screen so just thought I would check :-) Sorry and thank you :-)
-
April 4th, 2022, 09:22 AM
#5
FRST produces two logs. I still need second log.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
-
April 4th, 2022, 09:36 AM
#6
I included both logs. Was I supposed to put them in separate posts? I will include them again now :-)
FRST LOG
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Leah\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]
FireFox:
========
FF DefaultProfile: n9ez0xmt.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
CHR Notifications: Default -> hxxps://tinder.com
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
Opera:
=======
OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
Addition Log
==================== Memory info ===========================
BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
Motherboard: ASUSTeK COMPUTER INC. Q553UB
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 12184.12 MB
Available physical RAM: 6560.17 MB
Total Virtual: 14040.12 MB
Available Virtual: 8357.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS
\\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
\\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)
Partition: GPT.
==================== End of Addition.txt =======================
-
April 4th, 2022, 09:50 AM
#7
This is all mixed up. Only part of one log and a small part of the second log.
I need full two logs
-
April 4th, 2022, 09:57 AM
#8
I am literally copying and pasting what the logs are. I followed the directions. It saved the two logs and that is what they are. I am not sure what else to do. I will copy and paste again and put them as separate replies.
-
April 4th, 2022, 09:58 AM
#9
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Leah\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]
FireFox:
========
FF DefaultProfile: n9ez0xmt.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
CHR Notifications: Default -> hxxps://tinder.com
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
Opera:
=======
OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
-
April 4th, 2022, 09:58 AM
#10
Addition
==================== Memory info ===========================
BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
Motherboard: ASUSTeK COMPUTER INC. Q553UB
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 12184.12 MB
Available physical RAM: 6560.17 MB
Total Virtual: 14040.12 MB
Available Virtual: 8357.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS
\\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
\\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)
Partition: GPT.
==================== End of Addition.txt =======================
-
April 4th, 2022, 10:02 AM
#11
It's still no good.
Delete both logs and try to rerun FRST one more time.
-
April 4th, 2022, 10:11 AM
#12
Ok rescanned:
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
Running from C:\Users\Leah\Downloads
Loaded Profiles: Leah
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
(C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
(Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Leah\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]
FireFox:
========
FF DefaultProfile: n9ez0xmt.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
CHR Notifications: Default -> hxxps://tinder.com
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
Opera:
=======
OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {25F7AA97-E411-4986-A72C-3622A16CDB7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {7171C579-5898-4A5E-98ED-C5EE6FEBE792} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
Task: {CAA68A57-6F53-4392-8A67-99BF7CA98F1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEE5AACB-E409-4EC4-BCC2-1B15F594DEE4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\Leah\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]
FireFox:
========
FF DefaultProfile: n9ez0xmt.default
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-04]
CHR Notifications: Default -> hxxps://tinder.com
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
Opera:
=======
OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8483920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [564504 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [563992 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [16800 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-08-31] (GoPro Media, Inc. -> )
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2015-08-01] () [File not signed]
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6228008 2022-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25944 2019-05-11] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-10-30] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [228928 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [370752 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2022-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269440 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [546320 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [855336 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [551920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation -> Broadcom Corporation.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-12] (Snap Inc. -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-04 15:03 - 2022-04-04 15:03 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (3).exe
2022-04-04 14:45 - 2022-04-04 14:45 - 000090445 _____ C:\Users\Leah\Downloads\Research questions PDF Geography.pdf
2022-04-04 14:41 - 2022-04-04 14:41 - 000075181 _____ C:\Users\Leah\Downloads\Research questions PDF science .pdf
2022-04-04 12:56 - 2022-04-04 12:56 - 000000000 ___HD C:\$AV_ASW
2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\When.Calls.the.Heart.S09E05.Journey.into.Light.720p.HDTV.x264-CRiMSON[rarbg]
2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\When.Calls.the.Heart.S09E05.Journey.into.Light.1080p.HDTV.x264-CRiMSON[rarbg]
-
April 4th, 2022, 10:11 AM
#13
FRST part 2
2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\The.Rookie.S04E17.WEBRip.x264-ION10
2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\Teen.Mom.2.S12E03.WEB.h264-WEBTUBE[rarbg]
2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\Teen.Mom.2.S12E02.WEB.h264-WEBTUBE[rarbg]
2022-04-02 18:16 - 2022-04-02 18:16 - 000001072 _____ C:\Users\Leah\Downloads\Addition.txt
2022-04-02 18:02 - 2022-04-02 18:02 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (2).exe
2022-04-02 18:02 - 2022-04-02 18:02 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (1).exe
2022-04-02 10:51 - 2022-04-04 15:05 - 000045331 _____ C:\Users\Leah\Downloads\FRST.txt
2022-04-02 10:37 - 2022-04-02 10:39 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2022-04-02 10:16 - 2022-04-02 10:16 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2022-04-02 10:16 - 2022-04-02 10:16 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-04-02 10:16 - 2022-04-02 10:16 - 000000000 ____D C:\Users\Leah\AppData\Roaming\Avast Software
2022-04-02 10:09 - 2022-04-02 10:09 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-04-02 10:09 - 2022-04-02 10:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-04-02 10:08 - 2022-04-02 10:08 - 000551920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000546320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000340760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-04-02 10:08 - 2022-04-02 10:08 - 000318760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000269440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000252992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000108912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000100416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000083976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000042416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-04-02 10:08 - 2022-04-02 10:08 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-04-02 10:08 - 2022-04-02 10:07 - 000855336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-04-02 10:08 - 2022-04-02 10:07 - 000370752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-04-02 10:08 - 2022-04-02 10:07 - 000228928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-04-02 10:08 - 2022-04-02 10:07 - 000036784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-04-02 10:06 - 2022-04-02 10:06 - 000259872 _____ (AVAST Software) C:\Users\Leah\Downloads\avast_free_antivirus_setup_online.exe
2022-04-02 10:06 - 2022-04-02 10:06 - 000000000 ____D C:\Program Files\Avast Software
2022-03-31 13:33 - 2022-03-31 13:38 - 001738612 _____ C:\WINDOWS\Minidump\033122-66984-01.dmp
2022-03-31 13:27 - 2022-03-31 13:27 - 000000000 _____ C:\WINDOWS\Minidump\033122-60187-01.dmp
2022-03-26 11:37 - 2022-03-26 11:46 - 002031636 _____ C:\WINDOWS\Minidump\032622-73734-01.dmp
2022-03-10 01:34 - 2022-03-10 01:34 - 000195584 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-03-10 01:33 - 2022-03-10 01:33 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-10 01:33 - 2022-03-10 01:33 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-10 01:33 - 2022-03-10 01:33 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-10 01:32 - 2022-03-10 01:32 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-10 01:32 - 2022-03-10 01:32 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-10 00:58 - 2022-03-10 00:58 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-04 15:04 - 2021-11-10 22:30 - 000000000 ____D C:\FRST
2022-04-04 14:56 - 2019-03-09 15:56 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-04 14:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-04 14:12 - 2021-10-10 08:20 - 000000000 ____D C:\Users\Leah\AppData\LocalLow\Mozilla
2022-04-04 13:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-04 13:15 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-04 13:14 - 2020-06-16 00:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-04 13:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-04-04 12:56 - 2022-01-31 10:04 - 000000000 ____D C:\Program Files\KMSpico
2022-04-04 12:56 - 2019-03-09 15:57 - 000000000 ____D C:\Users\Leah\AppData\Roaming\uTorrent
2022-04-04 12:55 - 2019-03-12 01:53 - 000000000 ____D C:\Users\Leah\AppData\Local\BitTorrentHelper
2022-04-04 12:53 - 2020-11-26 06:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-02 19:06 - 2021-11-10 22:46 - 000000000 ____D C:\Users\Leah\AppData\Local\Avast Software
2022-04-02 18:37 - 2022-01-29 12:01 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2022-04-02 18:36 - 2020-11-26 07:07 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-02 18:36 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-02 18:36 - 2019-03-02 12:58 - 000000000 ___RD C:\Users\Leah\OneDrive
2022-04-02 18:30 - 2019-03-04 19:27 - 000000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
2022-04-02 18:29 - 2019-05-08 22:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-04-02 18:28 - 2020-11-26 07:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-02 18:28 - 2020-11-26 06:39 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-02 18:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-02 18:28 - 2019-03-04 19:45 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-02 17:35 - 2019-03-06 20:19 - 000000000 ____D C:\Users\Leah\AppData\Local\ClassicShell
2022-04-02 10:52 - 2015-08-01 18:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-04-02 10:09 - 2021-11-10 22:32 - 000000000 ____D C:\ProgramData\Avast Software
2022-04-02 10:08 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-31 19:36 - 2019-03-06 20:20 - 000000000 ____D C:\Users\Leah\Desktop\Watch Me
2022-03-31 13:39 - 2021-09-26 09:36 - 000000000 ____D C:\WINDOWS\Minidump
2022-03-31 13:33 - 2022-02-16 23:37 - 1135375885 _____ C:\WINDOWS\MEMORY.DMP
2022-03-31 12:03 - 2019-03-06 20:22 - 000000000 ____D C:\Users\Leah\AppData\Roaming\vlc
2022-03-31 10:40 - 2019-03-02 12:52 - 000000000 ____D C:\Users\Leah\AppData\Local\Packages
2022-03-30 11:52 - 2020-11-26 06:52 - 000000000 ____D C:\Users\Leah
2022-03-28 21:53 - 2019-03-09 15:57 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-28 21:53 - 2019-03-09 15:57 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-24 12:01 - 2021-10-24 21:19 - 000000000 ____D C:\Users\Leah\dwhelper
2022-03-24 11:14 - 2021-12-11 09:13 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3125715518-4182784800-2266441103-1002
2022-03-24 11:14 - 2020-11-26 07:33 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3125715518-4182784800-2266441103-1002
2022-03-24 11:14 - 2020-11-26 06:52 - 000002380 _____ C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-22 22:52 - 2021-10-07 04:36 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-03-22 22:52 - 2021-10-07 04:36 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-03-22 22:52 - 2020-11-26 07:33 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-03-19 19:55 - 2021-10-10 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-19 19:55 - 2021-10-10 08:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-17 07:44 - 2022-02-14 00:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-03-17 07:44 - 2021-10-10 08:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-17 07:44 - 2021-10-10 08:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-03-12 13:59 - 2019-07-01 13:37 - 000000000 ____D C:\Users\Leah\AppData\Local\CrashDumps
2022-03-10 02:14 - 2020-11-26 06:40 - 000487168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-10 02:12 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-10 02:11 - 2019-12-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-03-10 02:11 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-10 02:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-10 01:40 - 2020-08-16 23:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-10 01:40 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-10 01:32 - 2020-11-26 06:46 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-09 07:26 - 2019-03-06 09:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-09 07:14 - 2019-03-06 09:09 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-09 07:12 - 2020-11-28 12:19 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c3ba638e04d
2022-03-09 07:12 - 2020-11-26 07:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2020-05-29 07:28 - 2020-05-29 07:28 - 000000128 ____H () C:\Users\Leah\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2020-12-04 02:14 - 2020-12-04 02:14 - 000002042 _____ () C:\Users\Leah\AppData\Local\4F881CA29F5A484fB96DEDF3BF593D72.Return Address.lbx
2019-11-15 00:24 - 2019-11-15 00:24 - 000002065 _____ () C:\Users\Leah\AppData\Local\A12BB9C2DE3942bbA466856B170368B4.Swap Labels.lbx
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
April 4th, 2022, 10:12 AM
#14
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by Leah (04-04-2022 15:06:30)
Running from C:\Users\Leah\Downloads
Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) (2020-11-26 06:34:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3125715518-4182784800-2266441103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3125715518-4182784800-2266441103-503 - Limited - Disabled)
Guest (S-1-5-21-3125715518-4182784800-2266441103-501 - Limited - Disabled)
Leah (S-1-5-21-3125715518-4182784800-2266441103-1002 - Administrator - Enabled) => C:\Users\Leah
WDAGUtilityAccount (S-1-5-21-3125715518-4182784800-2266441103-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.2.6003 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0210 - Brother Industries, Ltd.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Epson Data Collection Agent (HKLM\...\{F0A396D4-F5CC-421A-969F-A9DFFE854106}) (Version: 5.0 - Seiko Epson Corporation)
EPSON ET-2850 Series Printer Uninstall (HKLM\...\EPSON ET-2850 Series) (Version: - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation)
Epson Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 2.0.1.0 - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{15000BAD-6D4B-4330-824E-3712C0DF4F9A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{C4D8E138-C67B-41D5-B493-F54BB72B43E0}) (Version: 3.3.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{D310BDCC-D4B4-4DC1-B9DF-D1D7367CAC4F}) (Version: 3.6.1 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Free Cam 8 (HKLM-x32\...\{7B1D3F21-3095-4292-877E-69C085253F59}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC)
GoPro Quik (HKLM\...\{AA5F7FCE-311C-46D8-B93A-ABF4DDCAB832}) (Version: 0.1.945 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{a23df978-67ca-4fe3-a740-a7b5ae7ec82f}) (Version: 2.7.0.945 - GoPro, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Math6Desktop (HKLM-x32\...\{1F6D2BE4-CB08-4CDD-9F4C-E7DFDA5BC8E0}) (Version: 4.0.837 - TeachingTextbooks)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-GB)) (Version: 97.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.3.6 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - Seiko Epson Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 60.0.3255.170 (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
ScreenRec (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\ScreenRec) (Version: 00.01.00.58 - StreamingVideoProvider)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{04b15118-e196-47ec-845c-fb00c3b83261}) (Version: 4.7.1987.3881 - Lavasoft)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/06/2015 8.0.0.23) (HKLM\...\DA2E0A005E6CD7900733D89DA6D9F31585E338DF) (Version: 10/06/2015 8.0.0.23 - ASUS)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.77.2.0_x64__kgqvnymyfvs32 [2022-04-02] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2231.1.0_x64__kgqvnymyfvs32 [2022-03-23] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.12.419.0_x64__rz1tebttyb220 [2022-03-01] (Dolby Laboratories)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.50362.0_x64__8wekyb3d8bbwe [2022-03-01] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-17] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-14] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.5.0_x64__nfy108tqq3p12 [2021-12-15] (Thumbmunkeys Ltd)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-03-14] (Adobe Systems Incorporated)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2208.15.0_x64__cv1g1gvanyjgm [2022-03-25] (WhatsApp Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Leah\Desktop\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd
ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CJFallon.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kailnainkajeebejeigmmbphdbibdcko
ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd
ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Latitude and longitude - BBC Bitesize.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=njcjllimkhkkakejdoodoingcbaahmmc
ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cfc4192131c9cf4\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd
==================== Loaded Modules (Whitelisted) =============
2012-09-15 03:53 - 2012-09-15 03:53 - 000015360 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2020-04-17 22:15 - 2020-04-17 22:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-17 22:15 - 2020-04-17 22:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2020-02-07 18:20 - 2020-02-07 18:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2018-03-05 17:41 - 2018-03-05 17:41 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2021-10-26 16:58 - 2021-10-26 16:58 - 000647168 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Condition Viewer_00000012\ConView.dll
2021-10-26 10:00 - 2021-10-26 10:00 - 000708608 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll
2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
2021-10-25 14:25 - 2021-10-25 14:25 - 003142144 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Epson Data Collection Agent\NDENCMAPI.dll
2015-12-11 17:14 - 2015-12-11 17:14 - 004968448 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files\EpsonNet\EpsonNet Print\ENSTRMAPIe.dll
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-10-30 13:59 - 2020-10-30 14:04 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img8.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\StartupApproved\Run: => "ScreenRec"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{71FF3AEA-524C-47CB-A02D-B744860DAF01}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{DA0E64DD-B064-4A14-88B5-253FCA0B87C4}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{9E4E6EF5-A2AD-43F3-B365-82B6BA7608E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{52F123E8-767E-4616-B386-2A95490863A4}] => (Allow) C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B2BAF63B-3C90-4B24-8D87-9EC82F9C3DB4}] => (Allow) C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7B1F0723-02CB-4DF3-A363-0A46C0114715}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4C2F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A396FAD2-816B-42A7-BA6A-19222B7081C4}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4C2F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{17D9E2B6-779A-49D3-8239-727170E6AD5C}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4CA5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3E774B56-5B3D-440A-A20A-DA08A9F173C3}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4CA5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C638DE4B-25D6-4F76-A0CB-0892E96D9A91}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS446A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2729B850-01C2-4FF8-A7F7-43897546AFCE}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS446A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4D9260B2-7005-4A10-977F-E488D2C78F8C}] => (Allow) C:\Users\Leah\AppData\Local\Programs\Opera\60.0.3255.151\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{78C1DED9-1399-48DC-A18D-1730AA894C85}] => (Allow) C:\Users\Leah\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{30853D28-C13A-4FBE-A3D7-3A3583BFCC9A}] => (Allow) C:\Users\Leah\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{E3CEE74E-F068-41B2-BBC0-0C6B1534B36D}] => (Allow) C:\Users\Leah\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3FFA9A5D-DFF9-4957-B172-A2634D0B7634}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro Media, Inc. -> )
FirewallRules: [{59B254DD-B7AD-40A6-9357-EF0588AE716E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro Media, Inc. -> )
FirewallRules: [{59A2D9EC-48E1-4E83-BCA7-5DF1AD622E7E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro Media, Inc. -> )
FirewallRules: [{71953EDB-AA84-407F-B190-C7CB2C2B984A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro Media, Inc. -> )
FirewallRules: [TCP Query User{480CC3CC-D8B0-4DBC-97B7-493E6826E4D1}C:\users\leah\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\leah\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [UDP Query User{138176AD-79F5-434A-80CD-6E013D331234}C:\users\leah\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\leah\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [{336451BD-0680-4A17-80A7-2F1097036FD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1B511C23-9998-4954-BA5B-EBC1A1AD94CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7DB009AD-8516-40FF-B5F2-8BB5C4EADACE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D4D5FD51-CE61-43BC-BB9C-A08A8EA89F14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{5E631F11-F98F-4176-8CDC-10D31C2F8C38}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3DC6091B-D2CD-4D85-861A-CCFDC399FADF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{25A548F4-EF0E-4D73-ADA5-45229A23373D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07F575AE-E72B-4CA8-8181-8E0F9170EB30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5113DBB9-EB1C-4FE8-9CF0-313D60222DFA}] => (Allow) C:\Users\Leah\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{D3D009CD-8E65-47D5-8108-E1238671220D}] => (Allow) C:\Users\Leah\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{2E51064C-3F1B-4B03-BE35-62F8F92ABC05}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{D3771E38-23F6-407B-B0D4-47C4A0B85572}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{681632D0-9E7F-4B5E-BB9E-6EC323109C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C1714390-8087-4316-AB82-738FCE6099CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5F9AC970-0409-4B99-8FBA-550789CFE51A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{67710423-5F10-4B2D-855E-D3F74A9737E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{579C8BDD-E4F7-42FC-A88D-A372AB6A5133}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D310720-9D65-48CF-8E58-0FFDD66952C2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{2CBD6835-C7F6-48B9-BCCE-C3B295EF92E7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{01995C13-AD33-4295-B839-7BB7796E3CCE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{D57D9ADD-02A1-4F4B-8D01-37E1A5B05F41}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{A1ED8107-A25D-498C-BFC3-BEA75DBF590A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{0EC8A84E-DDF2-4FF3-A530-304287A48C73}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
FirewallRules: [{5A725B57-D260-4A6A-8BAC-D1CB882A5C34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A140E6EC-D416-43B6-8BB5-70632F3C7CEA}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CA70ECD8-F169-4FCD-860E-6D990668D363}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{ED855903-AF7E-441B-8ADE-D389E4A83062}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
17-03-2022 20:56:16 Scheduled Checkpoint
26-03-2022 08:44:30 Scheduled Checkpoint
02-04-2022 19:45:03 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/02/2022 10:46:50 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).
Error: (04/02/2022 10:46:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).
Error: (04/02/2022 07:00:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GameBar.exe version 5.721.12013.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2fd4
Start Time: 01d846bb7f67b99d
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
Report Id: c41db3a5-b0d0-4718-8c12-035c6035ba96
Faulting package full name: Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (04/02/2022 06:32:54 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=FX8VF
ACID=?
Detailed Error[?]
Error: (04/02/2022 06:29:01 PM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001
Error: (04/02/2022 10:12:22 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/02/2022 10:06:46 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F069
Partial Pkey=FX8VF
ACID=?
Detailed Error[?]
Error: (04/02/2022 10:03:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14931.20128, time stamp: 0x62212fee
Faulting module name: OfficeC2RClient.exe, version: 16.0.14931.20128, time stamp: 0x62212fee
Exception code: 0xc0000005
Fault offset: 0x00000000004724e3
Faulting process id: 0x22b4
Faulting application start time: 0x01d846706f8582dc
Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Report Id: 948492be-252b-4902-a6a8-c713d9826822
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/04/2022 01:01:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7325.
Error: (04/04/2022 12:56:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (04/02/2022 07:37:51 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/02/2022 07:37:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/02/2022 07:28:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/02/2022 07:28:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/02/2022 07:18:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (04/02/2022 07:18:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===============
Date: 2022-04-04 12:59:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-04-04 12:59:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
Motherboard: ASUSTeK COMPUTER INC. Q553UB
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 12184.12 MB
Available physical RAM: 5985.22 MB
Total Virtual: 14040.12 MB
Available Virtual: 7599.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1861.65 GB) (Free:1677.19 GB) NTFS
Drive d: () (CDROM) (Total:0 GB) (Free:0 GB)
Drive e: (TOSHIBA EXT) (Fixed) (Total:3725.9 GB) (Free:1905.33 GB) NTFS
\\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
\\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)
Partition: GPT.
==========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 09F59511)
Partition: GPT.
==================== End of Addition.txt =======================
-
April 4th, 2022, 10:26 AM
#15
All good now, but I don't see anything malicious there.
However, in your event log, I see this:
"The device, \Device\Harddisk0\DR0, has a bad block."
It looks like you have a problem with your hard disk.
Said that, I suggest new topic in Windows or Hardware forum.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
