[RESOLVED] Blue Screen of death with sad emoticon
Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: [RESOLVED] Blue Screen of death with sad emoticon

  1. #1
    Join Date
    Apr 2022
    Posts
    19

    Resolved [RESOLVED] Blue Screen of death with sad emoticon

    Hiya. I am hoping someone can help me. My laptop is about 6 years old and has started giving me a blue screen of death that has a sad emoticon on it. It started happening as once in a blue moon and now is happening multiple times a day. I have done the scan as asked. Just hoping someone can help. Thank you in advance



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
    Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
    Running from C:\Users\Leah\Downloads
    Loaded Profiles: Leah
    Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
    (C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
    (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
    (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
    (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
    (services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
    (services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
    (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
    (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
    HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
    Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
    Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
    Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
    Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
    Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1

    Edge:
    =======
    DownloadDir: C:\Users\Leah\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]

    FireFox:
    ========
    FF DefaultProfile: n9ez0xmt.default
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
    FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
    CHR Notifications: Default -> hxxps://tinder.com
    CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
    CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]

    Opera:
    =======
    OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}










    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
    Motherboard: ASUSTeK COMPUTER INC. Q553UB
    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 46%
    Total physical RAM: 12184.12 MB
    Available physical RAM: 6560.17 MB
    Total Virtual: 14040.12 MB
    Available Virtual: 8357.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS

    \\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
    \\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
    \\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  2. #2
    Join Date
    Apr 2022
    Posts
    19
    Hiya I am just wondering if anyone can help me with this?

  3. #3
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    24,762
    We'll be with you soon. We all live in different time zones
    Don't believe everything you think.
    _____________________
    cat lovers click here

  4. #4
    Join Date
    Apr 2022
    Posts
    19
    Yeah no worries. My laptop often only gives me a short time to check anything before it gives me a blue screen so just thought I would check :-) Sorry and thank you :-)

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,536
    FRST produces two logs. I still need second log.

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

  6. #6
    Join Date
    Apr 2022
    Posts
    19
    I included both logs. Was I supposed to put them in separate posts? I will include them again now :-)

    FRST LOG
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
    Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
    Running from C:\Users\Leah\Downloads
    Loaded Profiles: Leah
    Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
    (C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
    (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
    (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
    (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
    (services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
    (services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
    (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
    (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
    HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
    Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
    Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
    Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
    Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
    Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1

    Edge:
    =======
    DownloadDir: C:\Users\Leah\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]

    FireFox:
    ========
    FF DefaultProfile: n9ez0xmt.default
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
    FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
    CHR Notifications: Default -> hxxps://tinder.com
    CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
    CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]

    Opera:
    =======
    OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}



    Addition Log

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
    Motherboard: ASUSTeK COMPUTER INC. Q553UB
    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 46%
    Total physical RAM: 12184.12 MB
    Available physical RAM: 6560.17 MB
    Total Virtual: 14040.12 MB
    Available Virtual: 8357.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS

    \\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
    \\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
    \\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,536
    This is all mixed up. Only part of one log and a small part of the second log.
    I need full two logs

  8. #8
    Join Date
    Apr 2022
    Posts
    19
    I am literally copying and pasting what the logs are. I followed the directions. It saved the two logs and that is what they are. I am not sure what else to do. I will copy and paste again and put them as separate replies.

  9. #9
    Join Date
    Apr 2022
    Posts
    19
    FRST


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
    Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
    Running from C:\Users\Leah\Downloads
    Loaded Profiles: Leah
    Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
    (C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
    (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
    (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
    (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
    (services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
    (services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
    (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
    (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
    HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
    Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
    Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
    Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
    Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
    Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1

    Edge:
    =======
    DownloadDir: C:\Users\Leah\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]

    FireFox:
    ========
    FF DefaultProfile: n9ez0xmt.default
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
    FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
    CHR Notifications: Default -> hxxps://tinder.com
    CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
    CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]

    Opera:
    =======
    OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

  10. #10
    Join Date
    Apr 2022
    Posts
    19
    Addition


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
    Motherboard: ASUSTeK COMPUTER INC. Q553UB
    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 46%
    Total physical RAM: 12184.12 MB
    Available physical RAM: 6560.17 MB
    Total Virtual: 14040.12 MB
    Available Virtual: 8357.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1861.65 GB) (Free:1683.46 GB) NTFS

    \\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
    \\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
    \\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,536
    It's still no good.
    Delete both logs and try to rerun FRST one more time.

  12. #12
    Join Date
    Apr 2022
    Posts
    19
    Ok rescanned:

    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
    Ran by Leah (administrator) on DESKTOP-5IAB8FG (ASUSTeK COMPUTER INC. Q553UB) (02-04-2022 10:51:45)
    Running from C:\Users\Leah\Downloads
    Loaded Profiles: Leah
    Platform: Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
    (C:\Windows\SysWOW64\esif_uf.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
    (explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
    (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
    (explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
    (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYNE.EXE
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE
    (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
    (services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
    (services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
    (services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
    (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
    (services.exe ->) (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
    (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
    (services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
    (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
    HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
    Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {22DDE10B-6D2D-491E-8E61-FF5F04324252} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
    Task: {90427545-1E03-4C7E-87F4-60FB250E7937} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
    Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {B11EFDDE-AC47-4389-A77B-76B666CCFF3A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
    Task: {CA3085C4-2413-4AAB-AC01-7F8431F73DAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
    Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1

    Edge:
    =======
    DownloadDir: C:\Users\Leah\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]

    FireFox:
    ========
    FF DefaultProfile: n9ez0xmt.default
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
    FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-02]
    CHR Notifications: Default -> hxxps://tinder.com
    CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
    CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]

    Opera:
    =======
    OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [395168 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Opera Browser Assistant] => C:\Users\Leah\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2312792 2019-06-14] (Opera Software AS -> Opera Software)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [uTorrent] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (No File)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ScreenRec] => C:\Users\Leah\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-07-07] (TeddySoft Ltd. -> StreamingVideoProvider)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [ut] => C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe [2103848 2022-02-20] (BitTorrent Inc -> BitTorrent Inc.)
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Run: [GoogleChromeAutoLaunch_86491550B89A52C9E670D807BD7DE1B7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer: [DisallowRun] 1
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [1] 1.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Policies\Explorer\DisallowRun: [2] irsetup.exe
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\MountPoints2: {0af9616f-8de0-11ea-9c2d-9c5c8e2ac26d} - "E:\HiSuiteDownLoader.exe"
    HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Brother QL-500 Monitor: C:\WINDOWS\system32\PTQL5L.DLL [54272 2010-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries, Ltd.)
    HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYNE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
    HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
    HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-28] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-05-21]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {019F9A78-3B38-4157-B807-FFE302356880} - System32\Tasks\Opera scheduled assistant Autoupdate 1553093994 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Leah\AppData\Local\Programs\Opera\assistant" $(Arg0)
    Task: {0F8C8DC6-CC2B-405E-AB2C-C9D767E7F4B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {1274BCB7-7458-4C16-8EE3-A63B358A9956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {17BA3C58-9082-4178-99B1-0BF7BEC9C3E6} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /ua /installsource scheduler (No File)
    Task: {1C453E00-5E00-46EF-A398-FDEBE1FFA6CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
    Task: {25F7AA97-E411-4986-A72C-3622A16CDB7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {26F47674-61A0-4649-9655-85C9C34AFFCF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992280 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    Task: {3DB1B0F7-06D4-4F48-A99E-DCEE4637F1A8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-30] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {413ECA74-AE81-4302-8014-DD19B9B38074} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2417032 2011-08-01] (Microsoft Corporation -> Microsoft Corporation)
    Task: {4B81458C-AB58-4FE3-A0B9-9EECBEBC3CE0} - System32\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    Task: {53353B65-98BE-40D6-9B66-A104EC6EF70E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {5B111EA1-526F-4C96-9A2C-09EC7DDD6C93} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
    Task: {63AB608A-01FC-44BD-B023-9FC87F42CEE1} - System32\Tasks\Opera scheduled Autoupdate 1552143542 => C:\Users\Leah\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
    Task: {7171C579-5898-4A5E-98ED-C5EE6FEBE792} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {71D0551E-8221-4CB1-900F-5FD71A8A9BC2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
    Task: {76FA2B1C-B937-4163-A200-AD0F99816BA2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
    Task: {84406499-F8C3-4487-A5C8-5FC4B4279115} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {87B73CAD-1E44-4137-861B-07BB10E4FA30} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740544 2015-11-01] (@ByELDI -> @ByELDI) [File not signed]
    Task: {9B36C1D6-28A4-40C4-99C2-58D9FC9BB6ED} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe /c (No File)
    Task: {A0DFDA7F-2E09-43A5-ACAE-AFEE74855C5E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407736 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {BD99F6E8-DE37-41C0-AEA6-BF7B9BA3FE88} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2019-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {C8657B51-6DB1-4EC0-80DC-F397FD828D6A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2296088 2022-04-02] (Avast Software s.r.o. -> Avast Software)
    Task: {CAA68A57-6F53-4392-8A67-99BF7CA98F1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D426CE60-8FE0-466A-8901-911B6246A91D} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
    Task: {EE0F240E-F177-4357-867A-0BE87FD9F3FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-09] (Google Inc -> Google Inc.)
    Task: {F80D9A35-B799-4F4F-888B-5C783AF0727E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Task: {FEE5AACB-E409-4EC4-BCC2-1B15F594DEE4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\EPSON ET-2850 Series Update {96728CEB-9441-4980-9AFB-F463C3F9EBB1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{96728CEB-9441-4980-9AFB-F463C3F9EBB1} /F:UpdateWORKGROUP\DESKTOP-5IAB8FG$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7e42637e-440e-40bd-a9ec-8e6493e0f46a}: [DhcpNameServer] 192.168.0.1

    Edge:
    =======
    DownloadDir: C:\Users\Leah\Downloads
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge Profile: C:\Users\Leah\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-02]

    FireFox:
    ========
    FF DefaultProfile: n9ez0xmt.default
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\n9ez0xmt.default [2021-10-10]
    FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release [2022-03-17]
    FF Extension: (ZED: Zoom Easy Downloader) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{6d685f76-574f-4542-ba89-778fefa3f938}.xpi [2021-11-09]
    FF Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\i0y1twr8.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-02-14]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default [2022-04-04]
    CHR Notifications: Default -> hxxps://tinder.com
    CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-02-12]
    CHR Extension: (Video DownloadHelper) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-02-02]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-31]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]

    Opera:
    =======
    OPR Profile: C:\Users\Leah\AppData\Roaming\Opera Software\Opera Stable [2020-11-26]
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.co.uk/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
    R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8483920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [564504 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [563992 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [16800 2022-01-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-08-31] (GoPro Media, Inc. -> )
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
    S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2015-08-01] () [File not signed]
    R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6228008 2022-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25944 2019-05-11] (LAVASOFT SOFTWARE CANADA INC -> )
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-10-30] (ASUSTeK Computer Inc. -> ASUS Corporation)
    R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [228928 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [370752 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2022-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [269440 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [546320 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [855336 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [551920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-10] (Broadcom Corporation -> Broadcom Corporation.)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
    R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    S3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-12] (Snap Inc. -> Windows (R) Win 7 DDK provider)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-04 15:03 - 2022-04-04 15:03 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (3).exe
    2022-04-04 14:45 - 2022-04-04 14:45 - 000090445 _____ C:\Users\Leah\Downloads\Research questions PDF Geography.pdf
    2022-04-04 14:41 - 2022-04-04 14:41 - 000075181 _____ C:\Users\Leah\Downloads\Research questions PDF science .pdf
    2022-04-04 12:56 - 2022-04-04 12:56 - 000000000 ___HD C:\$AV_ASW
    2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\When.Calls.the.Heart.S09E05.Journey.into.Light.720p.HDTV.x264-CRiMSON[rarbg]
    2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\When.Calls.the.Heart.S09E05.Journey.into.Light.1080p.HDTV.x264-CRiMSON[rarbg]

  13. #13
    Join Date
    Apr 2022
    Posts
    19
    FRST part 2

    2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\The.Rookie.S04E17.WEBRip.x264-ION10
    2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\Teen.Mom.2.S12E03.WEB.h264-WEBTUBE[rarbg]
    2022-04-04 12:54 - 2022-04-04 12:54 - 000000000 ____D C:\Users\Leah\Downloads\Teen.Mom.2.S12E02.WEB.h264-WEBTUBE[rarbg]
    2022-04-02 18:16 - 2022-04-02 18:16 - 000001072 _____ C:\Users\Leah\Downloads\Addition.txt
    2022-04-02 18:02 - 2022-04-02 18:02 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (2).exe
    2022-04-02 18:02 - 2022-04-02 18:02 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64 (1).exe
    2022-04-02 10:51 - 2022-04-04 15:05 - 000045331 _____ C:\Users\Leah\Downloads\FRST.txt
    2022-04-02 10:37 - 2022-04-02 10:39 - 002365440 _____ (Farbar) C:\Users\Leah\Downloads\FRST64.exe
    2022-04-02 10:16 - 2022-04-02 10:16 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2022-04-02 10:16 - 2022-04-02 10:16 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2022-04-02 10:16 - 2022-04-02 10:16 - 000000000 ____D C:\Users\Leah\AppData\Roaming\Avast Software
    2022-04-02 10:09 - 2022-04-02 10:09 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
    2022-04-02 10:09 - 2022-04-02 10:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
    2022-04-02 10:08 - 2022-04-02 10:08 - 000551920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000546320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000340760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2022-04-02 10:08 - 2022-04-02 10:08 - 000318760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000269440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000252992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000108912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000100416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000083976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000042416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2022-04-02 10:08 - 2022-04-02 10:08 - 000000000 ____D C:\Program Files\Common Files\Avast Software
    2022-04-02 10:08 - 2022-04-02 10:07 - 000855336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2022-04-02 10:08 - 2022-04-02 10:07 - 000370752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2022-04-02 10:08 - 2022-04-02 10:07 - 000228928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2022-04-02 10:08 - 2022-04-02 10:07 - 000036784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
    2022-04-02 10:06 - 2022-04-02 10:06 - 000259872 _____ (AVAST Software) C:\Users\Leah\Downloads\avast_free_antivirus_setup_online.exe
    2022-04-02 10:06 - 2022-04-02 10:06 - 000000000 ____D C:\Program Files\Avast Software
    2022-03-31 13:33 - 2022-03-31 13:38 - 001738612 _____ C:\WINDOWS\Minidump\033122-66984-01.dmp
    2022-03-31 13:27 - 2022-03-31 13:27 - 000000000 _____ C:\WINDOWS\Minidump\033122-60187-01.dmp
    2022-03-26 11:37 - 2022-03-26 11:46 - 002031636 _____ C:\WINDOWS\Minidump\032622-73734-01.dmp
    2022-03-10 01:34 - 2022-03-10 01:34 - 000195584 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
    2022-03-10 01:33 - 2022-03-10 01:33 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
    2022-03-10 01:33 - 2022-03-10 01:33 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
    2022-03-10 01:33 - 2022-03-10 01:33 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2022-03-10 01:32 - 2022-03-10 01:32 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2022-03-10 01:32 - 2022-03-10 01:32 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
    2022-03-10 00:58 - 2022-03-10 00:58 - 000000000 ___HD C:\$WinREAgent

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-04 15:04 - 2021-11-10 22:30 - 000000000 ____D C:\FRST
    2022-04-04 14:56 - 2019-03-09 15:56 - 000000000 ____D C:\Program Files (x86)\Google
    2022-04-04 14:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-04-04 14:12 - 2021-10-10 08:20 - 000000000 ____D C:\Users\Leah\AppData\LocalLow\Mozilla
    2022-04-04 13:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-04-04 13:15 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-04-04 13:14 - 2020-06-16 00:16 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-04-04 13:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2022-04-04 12:56 - 2022-01-31 10:04 - 000000000 ____D C:\Program Files\KMSpico
    2022-04-04 12:56 - 2019-03-09 15:57 - 000000000 ____D C:\Users\Leah\AppData\Roaming\uTorrent
    2022-04-04 12:55 - 2019-03-12 01:53 - 000000000 ____D C:\Users\Leah\AppData\Local\BitTorrentHelper
    2022-04-04 12:53 - 2020-11-26 06:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-04-02 19:06 - 2021-11-10 22:46 - 000000000 ____D C:\Users\Leah\AppData\Local\Avast Software
    2022-04-02 18:37 - 2022-01-29 12:01 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
    2022-04-02 18:36 - 2020-11-26 07:07 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-04-02 18:36 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
    2022-04-02 18:36 - 2019-03-02 12:58 - 000000000 ___RD C:\Users\Leah\OneDrive
    2022-04-02 18:30 - 2019-03-04 19:27 - 000000000 __SHD C:\Users\Leah\IntelGraphicsProfiles
    2022-04-02 18:29 - 2019-05-08 22:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2022-04-02 18:28 - 2020-11-26 07:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-04-02 18:28 - 2020-11-26 06:39 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-04-02 18:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2022-04-02 18:28 - 2019-03-04 19:45 - 000000000 ____D C:\ProgramData\NVIDIA
    2022-04-02 17:35 - 2019-03-06 20:19 - 000000000 ____D C:\Users\Leah\AppData\Local\ClassicShell
    2022-04-02 10:52 - 2015-08-01 18:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2022-04-02 10:09 - 2021-11-10 22:32 - 000000000 ____D C:\ProgramData\Avast Software
    2022-04-02 10:08 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2022-03-31 19:36 - 2019-03-06 20:20 - 000000000 ____D C:\Users\Leah\Desktop\Watch Me
    2022-03-31 13:39 - 2021-09-26 09:36 - 000000000 ____D C:\WINDOWS\Minidump
    2022-03-31 13:33 - 2022-02-16 23:37 - 1135375885 _____ C:\WINDOWS\MEMORY.DMP
    2022-03-31 12:03 - 2019-03-06 20:22 - 000000000 ____D C:\Users\Leah\AppData\Roaming\vlc
    2022-03-31 10:40 - 2019-03-02 12:52 - 000000000 ____D C:\Users\Leah\AppData\Local\Packages
    2022-03-30 11:52 - 2020-11-26 06:52 - 000000000 ____D C:\Users\Leah
    2022-03-28 21:53 - 2019-03-09 15:57 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-03-28 21:53 - 2019-03-09 15:57 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2022-03-24 12:01 - 2021-10-24 21:19 - 000000000 ____D C:\Users\Leah\dwhelper
    2022-03-24 11:14 - 2021-12-11 09:13 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3125715518-4182784800-2266441103-1002
    2022-03-24 11:14 - 2020-11-26 07:33 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3125715518-4182784800-2266441103-1002
    2022-03-24 11:14 - 2020-11-26 06:52 - 000002380 _____ C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-03-22 22:52 - 2021-10-07 04:36 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
    2022-03-22 22:52 - 2021-10-07 04:36 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
    2022-03-22 22:52 - 2020-11-26 07:33 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
    2022-03-19 19:55 - 2021-10-10 08:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2022-03-19 19:55 - 2021-10-10 08:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2022-03-17 07:44 - 2022-02-14 00:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
    2022-03-17 07:44 - 2021-10-10 08:20 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2022-03-17 07:44 - 2021-10-10 08:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2022-03-12 13:59 - 2019-07-01 13:37 - 000000000 ____D C:\Users\Leah\AppData\Local\CrashDumps
    2022-03-10 02:14 - 2020-11-26 06:40 - 000487168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-03-10 02:12 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2022-03-10 02:11 - 2019-12-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
    2022-03-10 02:11 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-03-10 02:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-03-10 02:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
    2022-03-10 01:40 - 2020-08-16 23:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2022-03-10 01:40 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-03-10 01:32 - 2020-11-26 06:46 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2022-03-09 07:26 - 2019-03-06 09:09 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-03-09 07:14 - 2019-03-06 09:09 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2022-03-09 07:12 - 2020-11-28 12:19 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c3ba638e04d
    2022-03-09 07:12 - 2020-11-26 07:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

    ==================== Files in the root of some directories ========

    2020-05-29 07:28 - 2020-05-29 07:28 - 000000128 ____H () C:\Users\Leah\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
    2020-12-04 02:14 - 2020-12-04 02:14 - 000002042 _____ () C:\Users\Leah\AppData\Local\4F881CA29F5A484fB96DEDF3BF593D72.Return Address.lbx
    2019-11-15 00:24 - 2019-11-15 00:24 - 000002065 _____ () C:\Users\Leah\AppData\Local\A12BB9C2DE3942bbA466856B170368B4.Swap Labels.lbx

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  14. #14
    Join Date
    Apr 2022
    Posts
    19
    Addition
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
    Ran by Leah (04-04-2022 15:06:30)
    Running from C:\Users\Leah\Downloads
    Microsoft Windows 10 Pro Version 21H1 19043.1586 (X64) (2020-11-26 06:34:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-3125715518-4182784800-2266441103-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3125715518-4182784800-2266441103-503 - Limited - Disabled)
    Guest (S-1-5-21-3125715518-4182784800-2266441103-501 - Limited - Disabled)
    Leah (S-1-5-21-3125715518-4182784800-2266441103-1002 - Administrator - Enabled) => C:\Users\Leah
    WDAGUtilityAccount (S-1-5-21-3125715518-4182784800-2266441103-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.)
    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe)
    Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
    ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
    Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.2.6003 - Avast Software)
    Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
    AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
    Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0210 - Brother Industries, Ltd.)
    Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
    Epson Data Collection Agent (HKLM\...\{F0A396D4-F5CC-421A-969F-A9DFFE854106}) (Version: 5.0 - Seiko Epson Corporation)
    EPSON ET-2850 Series Printer Uninstall (HKLM\...\EPSON ET-2850 Series) (Version: - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation)
    Epson Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 2.0.1.0 - Seiko Epson Corporation)
    Epson Photo+ (HKLM-x32\...\{15000BAD-6D4B-4330-824E-3712C0DF4F9A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
    Epson Printer Connection Checker (HKLM-x32\...\{C4D8E138-C67B-41D5-B493-F54BB72B43E0}) (Version: 3.3.0.0 - Seiko Epson Corporation)
    Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
    EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
    Epson ScanSmart (HKLM-x32\...\{D310BDCC-D4B4-4DC1-B9DF-D1D7367CAC4F}) (Version: 3.6.1 - Seiko Epson Corporation)
    Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
    EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
    Free Cam 8 (HKLM-x32\...\{7B1D3F21-3095-4292-877E-69C085253F59}) (Version: 8.7.27159 - iSpring Solutions Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC)
    GoPro Quik (HKLM\...\{AA5F7FCE-311C-46D8-B93A-ABF4DDCAB832}) (Version: 0.1.945 - GoPro, Inc.) Hidden
    GoPro Quik (HKLM-x32\...\{a23df978-67ca-4fe3-a740-a7b5ae7ec82f}) (Version: 2.7.0.945 - GoPro, Inc.)
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
    Math6Desktop (HKLM-x32\...\{1F6D2BE4-CB08-4CDD-9F4C-E7DFDA5BC8E0}) (Version: 4.0.837 - TeachingTextbooks)
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)
    Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.29 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-GB)) (Version: 97.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
    MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.3.6 - SEIKO EPSON CORPORATION) Hidden
    MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - Seiko Epson Corporation)
    NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera Stable 60.0.3255.170 (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
    ScreenRec (HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\ScreenRec) (Version: 00.01.00.58 - StreamingVideoProvider)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
    VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    Web Companion (HKLM-x32\...\{04b15118-e196-47ec-845c-fb00c3b83261}) (Version: 4.7.1987.3881 - Lavasoft)
    Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/06/2015 8.0.0.23) (HKLM\...\DA2E0A005E6CD7900733D89DA6D9F31585E338DF) (Version: 10/06/2015 8.0.0.23 - ASUS)
    Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    Packages:
    =========
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.77.2.0_x64__kgqvnymyfvs32 [2022-04-02] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2231.1.0_x64__kgqvnymyfvs32 [2022-03-23] (king.com)
    Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.12.419.0_x64__rz1tebttyb220 [2022-03-01] (Dolby Laboratories)
    HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.50362.0_x64__8wekyb3d8bbwe [2022-03-01] (Microsoft Corporation)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-17] (Netflix, Inc.)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-14] (Microsoft Corporation)
    Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.5.0_x64__nfy108tqq3p12 [2021-12-15] (Thumbmunkeys Ltd)
    Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-03-14] (Adobe Systems Incorporated)
    WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2208.15.0_x64__cv1g1gvanyjgm [2022-03-25] (WhatsApp Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc. -> Tonec Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxDTCM.dll [2019-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-04-02] (Avast Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Leah\Desktop\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd
    ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CJFallon.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kailnainkajeebejeigmmbphdbibdcko
    ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd
    ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Latitude and longitude - BBC Bitesize.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=njcjllimkhkkakejdoodoingcbaahmmc
    ShortcutWithArgument: C:\Users\Leah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cfc4192131c9cf4\Disney+.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=lfgdccgencihfajhbpaaliolimnhhmpd

    ==================== Loaded Modules (Whitelisted) =============

    2012-09-15 03:53 - 2012-09-15 03:53 - 000015360 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
    2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
    2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
    2018-07-15 14:15 - 2018-07-15 14:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
    2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
    2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
    2020-04-17 22:15 - 2020-04-17 22:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
    2020-04-17 22:15 - 2020-04-17 22:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
    2020-02-07 18:20 - 2020-02-07 18:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
    2018-03-05 17:41 - 2018-03-05 17:41 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL
    2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
    2021-10-26 16:58 - 2021-10-26 16:58 - 000647168 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Condition Viewer_00000012\ConView.dll
    2021-10-26 10:00 - 2021-10-26 10:00 - 000708608 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
    2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll
    2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
    2021-10-25 14:25 - 2021-10-25 14:25 - 003142144 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Epson Data Collection Agent\NDENCMAPI.dll
    2015-12-11 17:14 - 2015-12-11 17:14 - 004968448 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files\EpsonNet\EpsonNet Print\ENSTRMAPIe.dll
    2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-02] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2020-10-30 13:59 - 2020-10-30 14:04 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img8.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\StartupApproved\Run: => "Opera Browser Assistant"
    HKU\S-1-5-21-3125715518-4182784800-2266441103-1002\...\StartupApproved\Run: => "ScreenRec"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{71FF3AEA-524C-47CB-A02D-B744860DAF01}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
    FirewallRules: [{DA0E64DD-B064-4A14-88B5-253FCA0B87C4}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
    FirewallRules: [{9E4E6EF5-A2AD-43F3-B365-82B6BA7608E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
    FirewallRules: [{52F123E8-767E-4616-B386-2A95490863A4}] => (Allow) C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{B2BAF63B-3C90-4B24-8D87-9EC82F9C3DB4}] => (Allow) C:\Users\Leah\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{7B1F0723-02CB-4DF3-A363-0A46C0114715}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4C2F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{A396FAD2-816B-42A7-BA6A-19222B7081C4}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4C2F\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{17D9E2B6-779A-49D3-8239-727170E6AD5C}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4CA5\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{3E774B56-5B3D-440A-A20A-DA08A9F173C3}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS4CA5\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{C638DE4B-25D6-4F76-A0CB-0892E96D9A91}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS446A\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{2729B850-01C2-4FF8-A7F7-43897546AFCE}] => (Allow) C:\Users\Leah\AppData\Local\Temp\7zS446A\HPDiagnosticCoreUI.exe => No File
    FirewallRules: [{4D9260B2-7005-4A10-977F-E488D2C78F8C}] => (Allow) C:\Users\Leah\AppData\Local\Programs\Opera\60.0.3255.151\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{78C1DED9-1399-48DC-A18D-1730AA894C85}] => (Allow) C:\Users\Leah\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{30853D28-C13A-4FBE-A3D7-3A3583BFCC9A}] => (Allow) C:\Users\Leah\AppData\Roaming\Zoom\bin\Zoom.exe => No File
    FirewallRules: [{E3CEE74E-F068-41B2-BBC0-0C6B1534B36D}] => (Allow) C:\Users\Leah\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{3FFA9A5D-DFF9-4957-B172-A2634D0B7634}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro Media, Inc. -> )
    FirewallRules: [{59B254DD-B7AD-40A6-9357-EF0588AE716E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro Media, Inc. -> )
    FirewallRules: [{59A2D9EC-48E1-4E83-BCA7-5DF1AD622E7E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro Media, Inc. -> )
    FirewallRules: [{71953EDB-AA84-407F-B190-C7CB2C2B984A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro Media, Inc. -> )
    FirewallRules: [TCP Query User{480CC3CC-D8B0-4DBC-97B7-493E6826E4D1}C:\users\leah\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\leah\appdata\roaming\sky\sky go\sky go.exe => No File
    FirewallRules: [UDP Query User{138176AD-79F5-434A-80CD-6E013D331234}C:\users\leah\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\leah\appdata\roaming\sky\sky go\sky go.exe => No File
    FirewallRules: [{336451BD-0680-4A17-80A7-2F1097036FD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{1B511C23-9998-4954-BA5B-EBC1A1AD94CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{7DB009AD-8516-40FF-B5F2-8BB5C4EADACE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{D4D5FD51-CE61-43BC-BB9C-A08A8EA89F14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [TCP Query User{5E631F11-F98F-4176-8CDC-10D31C2F8C38}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [UDP Query User{3DC6091B-D2CD-4D85-861A-CCFDC399FADF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{25A548F4-EF0E-4D73-ADA5-45229A23373D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{07F575AE-E72B-4CA8-8181-8E0F9170EB30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{5113DBB9-EB1C-4FE8-9CF0-313D60222DFA}] => (Allow) C:\Users\Leah\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
    FirewallRules: [{D3D009CD-8E65-47D5-8108-E1238671220D}] => (Allow) C:\Users\Leah\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
    FirewallRules: [{2E51064C-3F1B-4B03-BE35-62F8F92ABC05}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
    FirewallRules: [{D3771E38-23F6-407B-B0D4-47C4A0B85572}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
    FirewallRules: [{681632D0-9E7F-4B5E-BB9E-6EC323109C5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{C1714390-8087-4316-AB82-738FCE6099CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{5F9AC970-0409-4B99-8FBA-550789CFE51A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{67710423-5F10-4B2D-855E-D3F74A9737E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{579C8BDD-E4F7-42FC-A88D-A372AB6A5133}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{0D310720-9D65-48CF-8E58-0FFDD66952C2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{2CBD6835-C7F6-48B9-BCCE-C3B295EF92E7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{01995C13-AD33-4295-B839-7BB7796E3CCE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{D57D9ADD-02A1-4F4B-8D01-37E1A5B05F41}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{A1ED8107-A25D-498C-BFC3-BEA75DBF590A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{0EC8A84E-DDF2-4FF3-A530-304287A48C73}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => No File
    FirewallRules: [{5A725B57-D260-4A6A-8BAC-D1CB882A5C34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{A140E6EC-D416-43B6-8BB5-70632F3C7CEA}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
    FirewallRules: [{CA70ECD8-F169-4FCD-860E-6D990668D363}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
    FirewallRules: [{ED855903-AF7E-441B-8ADE-D389E4A83062}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    17-03-2022 20:56:16 Scheduled Checkpoint
    26-03-2022 08:44:30 Scheduled Checkpoint
    02-04-2022 19:45:03 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (04/02/2022 10:46:50 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created. Additional information: (0x81000101).

    Error: (04/02/2022 10:46:50 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

    Error: (04/02/2022 07:00:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program GameBar.exe version 5.721.12013.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2fd4

    Start Time: 01d846bb7f67b99d

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe

    Report Id: c41db3a5-b0d0-4718-8c12-035c6035ba96

    Faulting package full name: Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: App

    Hang type: Quiesce

    Error: (04/02/2022 06:32:54 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
    Description: Installation of the Proof of Purchase failed. 0xC004F069
    Partial Pkey=FX8VF
    ACID=?
    Detailed Error[?]

    Error: (04/02/2022 06:29:01 PM) (Source: KMS-QAD) (EventID: 1001) (User: )
    Description: Event-ID 1001

    Error: (04/02/2022 10:12:22 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (04/02/2022 10:06:46 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
    Description: Installation of the Proof of Purchase failed. 0xC004F069
    Partial Pkey=FX8VF
    ACID=?
    Detailed Error[?]

    Error: (04/02/2022 10:03:16 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: OfficeC2RClient.exe, version: 16.0.14931.20128, time stamp: 0x62212fee
    Faulting module name: OfficeC2RClient.exe, version: 16.0.14931.20128, time stamp: 0x62212fee
    Exception code: 0xc0000005
    Fault offset: 0x00000000004724e3
    Faulting process id: 0x22b4
    Faulting application start time: 0x01d846706f8582dc
    Faulting application path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    Faulting module path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    Report Id: 948492be-252b-4902-a6a8-c713d9826822
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (04/04/2022 01:01:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7325.

    Error: (04/04/2022 12:56:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/02/2022 07:37:51 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (04/02/2022 07:37:48 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (04/02/2022 07:28:09 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (04/02/2022 07:28:06 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (04/02/2022 07:18:35 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (04/02/2022 07:18:33 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    CodeIntegrity:
    ===============
    Date: 2022-04-04 12:59:43
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

    Date: 2022-04-04 12:59:43
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. Q553UB.202 11/16/2015
    Motherboard: ASUSTeK COMPUTER INC. Q553UB
    Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 50%
    Total physical RAM: 12184.12 MB
    Available physical RAM: 5985.22 MB
    Total Virtual: 14040.12 MB
    Available Virtual: 7599.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1861.65 GB) (Free:1677.19 GB) NTFS
    Drive d: () (CDROM) (Total:0 GB) (Free:0 GB)
    Drive e: (TOSHIBA EXT) (Fixed) (Total:3725.9 GB) (Free:1905.33 GB) NTFS

    \\?\Volume{35639326-4973-4479-814e-b8c2437508ba}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
    \\?\Volume{c892c6c1-2690-48ad-9a9f-c4767dcea707}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
    \\?\Volume{e25c11c5-06e0-4198-a90b-f733cd0b4f16}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A3345D50)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 3726 GB) (Disk ID: 09F59511)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,536
    All good now, but I don't see anything malicious there.
    However, in your event log, I see this:
    "The device, \Device\Harddisk0\DR0, has a bad block."
    It looks like you have a problem with your hard disk.
    Said that, I suggest new topic in Windows or Hardware forum.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •