-
April 5th, 2022, 10:40 AM
#1
Need a check up, computer seems to be slowing down (Toshiba laptop, 64 bit, Win 10)
Here is the Farbar frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by c (administrator) on LLM-WIN8-LAPTOP (TOSHIBA Satellite P55t-A) (05-04-2022 07:28:29)
Running from C:\Users\c\Desktop
Loaded Profiles: c
Platform: Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk, Inc. -> Autodesk) C:\Users\c\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe ->) (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\55.0.3.0\crashpad_handler.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\DSDFunctionKeyCtlService.exe <2>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\RMService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(services.exe ->) (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe <2>
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon (No File)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (AlcorMicro, Corp. -> Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Win8PDF] => C:\Program Files\PDF Printer for Windows 8\PDF.exe [484352 2011-10-21] (Vivid Document Imaging Technologies) [File not signed]
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2015-04-26] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-03] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\c\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.9.0\GoogleDriveFS.exe [53662040 2022-03-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.9.0\GoogleDriveFS.exe [53662040 2022-03-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (No File)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Google Update] => C:\Users\c\AppData\Local\Google\Update\1.3.36.122\GoogleUpdateCore.exe [223816 2022-01-20] (Google LLC -> Google LLC)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35888256 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8 [3540392 2022-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\c\AppData\Local\WebEx\WebexHost.exe [7527248 2022-03-03] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [UCheck] => C:\Program Files\UCheck\UCheck64.exe [30230360 2021-10-07] (ADLICE (ASCOET JULIEN) -> )
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.9.0\GoogleDriveFS.exe [53662040 2022-03-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\MountPoints2: {a64f1824-4fa4-11ec-8440-202564469259} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\MountPoints2: {f717e9d3-9fb5-11ec-849f-202564469259} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (No File)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\RunOnce: [zoommsirepair] => C:\Program Files (x86)\Zoom\bin\installer.exe [760616 2021-10-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\56.0.9.0\GoogleDriveFS.exe [53662040 2022-03-24] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP DD11 Status Monitor: C:\WINDOWS\system32\hpinkstsDD11LM.dll [392192 2019-03-15] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5660 series): C:\WINDOWS\system32\HPDiscoPMDD11.dll [751624 2014-08-22] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\PDF Printer 8 Monitor: C:\WINDOWS\system32\PDFVC64.DLL [134144 2009-07-19] (Vivid Document Imaging Technologies) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-25] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0704FE91-F09C-411E-9D29-5FDB171E71E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [564536 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {0AB64EC2-019F-4BC7-9E11-F3A3AB91B706} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} (No File)
Task: {1B18BF41-17F0-4F14-B499-35B20ADB7A30} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {20679E4C-75C2-4CE9-AAE0-F19911745918} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {217959E4-3E1C-4F10-A103-CAAAB85F2306} - System32\Tasks\CCleanerSkipUAC - c => C:\Program Files\CCleaner\CCleaner.exe [30053504 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E21239B-9AC7-4456-9A20-CCD94F900A01} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {2F6C63AE-A3A2-4FF9-BACA-033A04B29CE2} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe /analyze (No File)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {36CDFAA5-B546-4CBD-A51F-A843AD0E62AB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {48F60FB5-6C0A-488C-915B-3F8E735A6102} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {49DE272C-639F-426C-8947-C3B5AA0890A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A521245-16AD-4C1E-A005-9B98CABE6586} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {562DF0C9-2152-4C77-ADEB-08A90D6971BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {57664E51-3EC5-4956-B519-950A4A5A7910} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {5BFCC6C3-B78F-488A-A52C-50B56428E64A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {5FCBB816-4AD0-4FE7-BA32-D2653B340BDC} - System32\Tasks\HPCustParticipation HP ENVY 5660 series => C:\Program Files\HP\HP ENVY 5660 series\Bin\HPCustPartic.exe [5853704 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {6568BBDE-E827-42B3-83A3-641362C50DCF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core1d25803fdb326f1 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {74582111-DE72-4122-B0F7-16FD01B2CFB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7C7DFBF8-239A-4D57-96AA-19A39181CC31} - System32\Tasks\HP AR Program Upload - 568a98c258d343cebf9a05fa2aa4fe0f59af08290a5e4df1aecfa22536a2948a => C:\Program Files\HP\HP ENVY 5660 series\bin\HPRewards.exe [3528200 2015-10-10] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {7EAF3850-0ED9-437C-95EE-78622F56E699} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8279E20B-F27C-4258-8056-C4C281FF5A5B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-03-10] (Piriform Software Ltd -> Piriform)
Task: {85A166D5-B36B-4D6A-9148-ACA9F46BB8AC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe [186368 2015-10-10] (Visan Industries -> )
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87ADB64B-44BD-4BE2-8B7A-783E51675545} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8F8BCC9B-9D98-43D7-8E6B-D121E223D8F6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85} (No File)
Task: {96D84201-BD6A-4644-83AE-7823A900ACB0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {97F2C7D6-3CE2-45A5-905B-5C70FA9A0517} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {981424A9-1C10-4BA4-9E09-5F4D2AEBEABB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {9C04CE76-891E-48D1-844B-60D70B0225D8} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {A58F3D95-929F-41B1-96E0-9EE2BE7B991A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {AB16BB19-879C-4CAB-8C8F-4DECEE589358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {ABE2A860-82E7-4A15-8C94-544A371EA65D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe /submit (No File)
Task: {B1539294-75C7-4A0A-B29C-E76DEA6D010F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4DDAE6E-75EE-42C1-B81B-1B6F048A5FBA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {C9CC714D-946C-484F-9158-1639D904EA9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {CDB446B3-573C-42C2-B5E9-F95CAD94065B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D1D17853-2A32-420E-BEA3-A8BCC650BA28} - System32\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001 => C:\Users\c\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {E1C32410-E96E-40E4-8341-83812571A115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EFBF0FBC-7039-4716-B6B5-8E94AB2AE821} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe (No File)
Task: {F5437C33-8B51-4DDE-880A-76549891BCFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA1d25803fdc7a053 => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2517961349-2002184368-2333218459-1001.job => C:\Users\c\AppData\Local\GoToMeeting\19932\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001Core.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2517961349-2002184368-2333218459-1001UA.job => C:\Users\c\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\c\AppData\Roaming\HP Photo Creations\Communicator.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{25fd4657-ac53-4290-b24a-75f5b653087e}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{79d92ee1-68bc-4a3b-877d-225e497e73d4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{925159be-dd25-4955-a81a-2b4fe34a3082}: [DhcpNameServer] 172.20.0.1
Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> hxxp://yahoo.com/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\c\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-05]
Edge Extension: (Open in PDF Reader) - C:\Users\c\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ciphgjdgpkhlngiadnpebblpcjcoabcp [2021-08-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 7sjsvts8.default-1544474668277
FF ProfilePath: C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\lrdbaz60.default-release [2022-04-05]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\lrdbaz60.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-10-18]
FF ProfilePath: C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\7sjsvts8.default-1544474668277 [2022-04-05]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Firefox\Extensions: [{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.24.3.8064\BVDFirefoxExt
FF Extension: (Allavsoft Video Downloader Firefox Extension) - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.24.3.8064\BVDFirefoxExt [2022-02-05] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2517961349-2002184368-2333218459-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\c\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (Visan Industries -> RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Users\c\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-03-08]
-
April 5th, 2022, 10:40 AM
#2
part 2 of Frst.txt
Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Default [2022-04-05]
CHR DownloadDir: C:\Users\c\Desktop
CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-11]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
CHR Extension: (Honey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-11-11]
CHR Extension: (Tampermonkey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-11]
CHR Extension: (Wyzant Screen Sharing) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbjpoaaoeklmpdfjcbgenmbdjhecjjp [2020-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-11-11]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-11]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-11]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-04-05]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-04-05]
CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-04]
CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-04]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-04]
CHR Extension: (Tampermonkey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-11]
CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-11]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-11]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-04-05]
CHR HomePage: Profile 2 -> hxxp://www.google.com/
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.google.com"
CHR DefaultSearchURL: Profile 2 -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> duckduckgo.com
CHR DefaultSuggestURL: Profile 2 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-17]
CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-12-14]
CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-12-14]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-12-14]
CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-17]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (WOT Website Security & Browsing Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-03-28]
CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-12-14]
CHR Extension: (DuckDuckGo) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-03-31]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-17]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
CHR Extension: (Auto Admit for Google Meet) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\epemkdedgaoeeobdjmkmhhhbjemckmgb [2022-03-29]
CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-17]
CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-12-14]
CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-10]
CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-05-18]
CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\glcimepnljoholdmjchkloafkggfoijh [2021-12-14]
CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2022-03-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-12-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-17]
CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-12-14]
CHR Extension: (WAVE Evaluation Tool) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jbbplnpkjmmeebjpijfedlgcdilocofh [2021-10-14]
CHR Extension: (EPUBReader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2021-08-14]
CHR Extension: (Cisco Webex Extension) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-11-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2022-03-31]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-25]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-12-14]
CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-12-14]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-12-14]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-04-05]
CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
CHR Extension: (Tampermonkey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-01-04]
CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-04]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-04]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-04]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-04-05]
CHR HomePage: Profile 4 -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-23]
CHR Extension: (Floorplanner) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\abopacaefhbognnmeigicfpgnmpideag [2020-11-23]
CHR Extension: (Sudoku) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2020-11-23]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2020-11-23]
CHR Extension: (Docs) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-23]
CHR Extension: (Google Drive) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-23]
CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-11-23]
CHR Extension: (YouTube) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-23]
CHR Extension: (Tampermonkey) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-27]
CHR Extension: (Sheets) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-23]
CHR Extension: (Online Security Pro) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ffjgpapimgnmibnacmeilgjefnoofefp [2020-11-23]
CHR Extension: (iCloud Bookmarks) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-11-23]
CHR Extension: (HTTPS Everywhere) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-27]
CHR Extension: (Click&Clean) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-10-17]
CHR Extension: (360 Internet Protection) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\glcimepnljoholdmjchkloafkggfoijh [2021-12-27]
CHR Extension: (Pinterest Save Button) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-12-27]
CHR Extension: (Kindle Cloud Reader) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-11-23]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-04]
CHR Extension: (Dropbox) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2020-11-23]
CHR Extension: (Grammarly for Chrome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2022-01-04]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-11-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-11]
CHR Extension: (Tv Online) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcfeebemepipakkhapnhljbcdkagkloh [2020-11-23]
CHR Extension: (Click&Clean App) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2020-11-23]
CHR Extension: (Gmail) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-23]
CHR Extension: (Cool Metronome) - C:\Users\c\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\polmfiinlikaadclgdojekfaoglellgm [2020-11-23]
CHR Profile: C:\Users\c\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-05]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.24.3.8064\BVDChromeExt.crx [2022-02-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-03] (Autodesk, Inc. -> Autodesk Inc.)
S3 Adobe Version Cue CS3; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2015-04-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\DSDFunctionKeyCtlService.exe [689888 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2359424 2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-10-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-18] (Malwarebytes Inc -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S2 TSDHDDProtectService; C:\WINDOWS\System32\DriverStore\FileRepository\thpevm.inf_amd64_975290a9f28c9a50\dynabookHDDProtection.exe [425800 2021-11-18] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\dynabookSystemService.exe [44786376 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\TOSTABSYSSVC.exe [298192 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)
R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\RMService.exe [447296 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\c\AppData\Roaming\Zoom"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation -> Symantec Corporation)
U4 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R1 googledrivefs3758; C:\WINDOWS\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-11] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl524a25d6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68EB5511-7D28-4BF5-9F63-378458E580B8}\MpKslDrv.sys [137464 2022-04-05] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [49120 2021-11-17] (Dynabook Inc. -> Dynabook Inc.)
R0 Thpevm; C:\WINDOWS\System32\drivers\Thpevm.SYS [27128 2021-11-18] (Dynabook Inc. -> Dynabook Inc.)
R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\TosSrvCtlDrv.sys [26816 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)
R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46656 2021-11-18] (Dynabook Inc. -> Dynabook Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2016-07-16] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 07:28 - 2022-04-05 07:30 - 000058555 _____ C:\Users\c\Desktop\FRST.txt
2022-04-05 07:27 - 2022-04-05 07:30 - 000000000 ____D C:\FRST
2022-04-05 07:22 - 2022-04-05 07:22 - 002365440 _____ (Farbar) C:\Users\c\Desktop\FRST64.exe
2022-04-05 06:09 - 2022-03-24 07:54 - 000384584 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3758.sys
2022-04-04 21:21 - 2022-04-02 08:48 - 096525792 _____ C:\Users\c\Desktop\I Did Push-ups & Pull-ups Every Day for 60 Days.mp4
2022-04-04 15:06 - 2022-04-04 15:38 - 000858921 _____ C:\Users\c\Desktop\Stock Price daily 4-4-2022.xlsx
2022-04-04 14:36 - 2022-04-04 14:37 - 000271025 _____ C:\Users\c\Desktop\development-services-case-management-service-request-form-cmu-app-25.pdf
2022-04-04 13:25 - 2022-04-04 13:25 - 000446292 _____ C:\Users\c\Desktop\Errors and Omissions Insurance (E&O) _ Travelers Insurance.pdf
2022-04-04 10:35 - 2022-04-04 10:35 - 000000000 ____D C:\Users\c\Desktop\Land Surveying
2022-04-04 08:08 - 2022-04-04 08:08 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-04-02 19:07 - 2022-04-02 19:07 - 002330220 _____ C:\Users\c\Desktop\Civil Service Commission Agenda for April 6 2022.pdf
2022-04-02 16:01 - 2022-04-04 20:40 - 000000000 ____D C:\Users\c\Desktop\41 Hermosa Av Long Beach
2022-04-02 14:23 - 2022-04-04 20:40 - 000000000 ____D C:\Users\c\Desktop\31 Hermosa Av Long Beach
2022-03-30 20:45 - 2022-03-30 20:45 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-30 15:54 - 2022-04-04 08:20 - 000000000 ____D C:\Users\c\Desktop\S Corp
2022-03-30 14:18 - 2022-03-30 15:54 - 000000000 ____D C:\Users\c\Desktop\2418 Louella Av SB 9
2022-03-29 14:08 - 2022-04-04 15:05 - 000000000 ____D C:\Users\c\Desktop\13905 Olive View Dr
2022-03-27 19:49 - 2022-03-27 19:50 - 000703146 _____ C:\Users\c\Desktop\Laurelwood Dr update.pdf
2022-03-25 19:24 - 2022-03-25 19:24 - 000000000 ____D C:\Users\c\Desktop\BSS and road const videos
2022-03-25 19:00 - 2022-03-25 19:00 - 002574875 _____ C:\Users\c\Desktop\The Confidence Gap - The Atlantic.pdf
2022-03-25 11:26 - 2022-04-04 17:32 - 000000000 ____D C:\Users\c\Desktop\12127 Lucille St
2022-03-21 21:26 - 2022-03-21 21:26 - 000375022 _____ C:\Users\c\Desktop\how-to-login-loginpage.pdf
2022-03-21 19:30 - 2022-03-21 19:30 - 000233469 _____ C:\Users\c\Desktop\Global Teams Should Have Office Visits, Not Offsites.pdf
2022-03-21 19:27 - 2022-03-21 19:27 - 000469156 _____ C:\Users\c\Desktop\0170840620937885.pdf
2022-03-21 18:27 - 2022-03-21 17:46 - 376001246 _____ C:\Users\c\Desktop\Is Hybrid Work Here to Stay.mp4
2022-03-21 16:42 - 2022-03-30 14:19 - 000000000 ___RD C:\Users\c\Desktop\Urban Lot Split
2022-03-12 20:44 - 2022-03-12 20:45 - 000000000 ____D C:\Users\c\Desktop\Econ
2022-03-11 14:22 - 2022-03-11 14:22 - 001343320 _____ (Google LLC) C:\Users\c\Downloads\ChromeSetup.exe
2022-03-10 14:41 - 2022-03-10 14:41 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-10 14:40 - 2022-03-10 14:40 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-10 14:39 - 2022-03-10 14:39 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-10 14:38 - 2022-03-10 14:38 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-10 14:38 - 2022-03-10 14:38 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-10 13:56 - 2022-03-10 13:56 - 000000000 ___HD C:\$WinREAgent
2022-03-10 11:22 - 2022-03-10 11:59 - 000000000 ____D C:\Users\c\Desktop\Ext blk
2022-03-10 10:53 - 2022-03-14 14:35 - 000000000 ____D C:\Users\c\Desktop\382 E California Bl Pasadena
2022-03-10 07:07 - 2022-03-10 07:12 - 000000000 ____D C:\Users\c\Desktop\Bin 2
2022-03-09 18:29 - 2022-03-09 18:29 - 000000000 ____D C:\Users\c\Desktop\理财达人秀
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 07:25 - 2020-09-03 12:20 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C0982E36-30E1-41C9-A994-41EFFC416BD3}
2022-04-05 07:22 - 2016-03-28 12:58 - 000000000 ____D C:\Program Files\CCleaner
2022-04-05 07:20 - 2022-01-28 07:38 - 000000000 ____D C:\Users\c\AppData\Roaming\vlc
2022-04-05 07:20 - 2020-09-03 11:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-05 07:10 - 2021-02-20 08:45 - 000000000 ____D C:\Users\c\AppData\LocalLow\IGDump
2022-04-05 07:07 - 2014-03-06 06:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-05 06:11 - 2020-12-23 16:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-04-05 06:09 - 2021-10-16 09:17 - 000002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-04-05 06:08 - 2018-12-10 13:44 - 000000000 ____D C:\Users\c\AppData\LocalLow\Mozilla
2022-04-05 06:04 - 2017-08-06 15:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-05 06:04 - 2015-08-15 09:25 - 000000000 __SHD C:\Users\c\IntelGraphicsProfiles
2022-04-04 21:21 - 2021-10-18 19:10 - 000000000 ____D C:\Users\c\AppData\Roaming\Allavsoft
2022-04-04 20:57 - 2017-12-01 00:33 - 000000000 ____D C:\Users\c\AppData\Local\Packages
2022-04-04 13:02 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-04 08:36 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-04 08:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-04 08:07 - 2020-09-03 12:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-04 08:07 - 2020-09-03 11:43 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-04 08:06 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-03 16:17 - 2020-09-03 13:42 - 000000000 ____D C:\Users\c\Desktop\Bin
2022-04-03 09:30 - 2020-09-03 11:00 - 000000000 ____D C:\Users\c
2022-04-03 08:26 - 2020-09-08 16:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-03 08:23 - 2021-05-17 07:59 - 000000000 ____D C:\Sight Survey Jobs
2022-04-02 07:57 - 2020-12-25 16:43 - 000000000 ____D C:\Users\c\Documents\Zoom
2022-04-01 16:00 - 2014-04-08 20:54 - 000000000 ____D C:\Users\c\AppData\Local\CrashDumps
2022-04-01 15:00 - 2020-12-09 13:56 - 000000000 ____D C:\Users\c\AppData\Roaming\RealtimeBoard
2022-04-01 14:05 - 2020-12-09 13:55 - 000000000 ____D C:\Users\c\AppData\Local\RealtimeBoard
2022-04-01 14:04 - 2020-12-09 13:56 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miro
2022-03-31 16:34 - 2020-09-08 16:52 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-31 16:34 - 2020-09-08 16:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-28 11:15 - 2021-02-19 09:30 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-03-25 16:01 - 2014-04-12 08:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-24 06:53 - 2020-09-03 12:04 - 002316746 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-24 06:53 - 2020-09-03 10:39 - 000784294 _____ C:\WINDOWS\system32\perfh00A.dat
2022-03-24 06:53 - 2020-09-03 10:39 - 000152874 _____ C:\WINDOWS\system32\perfc00A.dat
2022-03-24 06:53 - 2020-09-03 10:29 - 000427366 _____ C:\WINDOWS\system32\prfh0804.dat
2022-03-24 06:53 - 2020-09-03 10:29 - 000132888 _____ C:\WINDOWS\system32\prfc0804.dat
2022-03-24 06:53 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-24 06:45 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-17 21:38 - 2020-09-03 12:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-03-17 15:08 - 2021-03-08 19:58 - 000000000 ____D C:\Users\c\AppData\Local\WebEx
2022-03-17 15:07 - 2021-03-08 19:58 - 000000000 ____D C:\Users\c\AppData\LocalLow\WebEx
2022-03-15 06:41 - 2018-06-03 22:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 13:33 - 2021-01-28 10:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-10 17:12 - 2020-09-03 11:43 - 002541672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-10 17:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-10 17:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-10 17:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-10 17:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-10 17:08 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-03-10 17:07 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-10 17:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-10 17:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-10 17:07 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-10 15:00 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-10 14:37 - 2020-09-03 11:54 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-10 13:55 - 2014-04-20 06:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-10 13:39 - 2014-04-20 06:32 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-09 18:58 - 2022-02-24 15:48 - 000000000 ____D C:\Users\c\Desktop\Lisa FD Bakup 3-9-2022
2022-03-09 07:26 - 2021-03-17 08:10 - 000000000 ____D C:\ProgramData\RogueKiller
2022-03-08 13:42 - 2021-01-13 09:37 - 000000000 ____D C:\Users\c\AppData\Local\ElevatedDiagnostics
2022-03-08 13:23 - 2021-04-12 07:46 - 000000000 ____D C:\Program Files\Java
2022-03-08 13:23 - 2017-06-30 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-03-08 13:23 - 2014-04-12 08:40 - 000000000 ____D C:\Program Files (x86)\Java
2022-03-08 13:22 - 2021-04-12 07:46 - 000192736 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-03-08 09:34 - 2021-10-16 09:20 - 000000000 ____D C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-03-08 09:34 - 2018-04-01 16:07 - 000000000 ____D C:\Users\c\AppData\Local\Package Cache
2022-03-08 09:28 - 2021-03-17 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-03-08 09:28 - 2021-03-17 08:10 - 000000000 ____D C:\Program Files\RogueKiller
2022-03-08 09:28 - 2014-04-20 08:14 - 000001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2022-03-08 09:28 - 2014-04-20 08:14 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2022-03-06 21:31 - 2021-03-26 21:29 - 000000000 ____D C:\Users\c\Desktop\U Michigan
2022-03-06 09:23 - 2021-07-16 10:24 - 000000000 ____D C:\Users\c\Desktop\BA corp stmts
==================== Files in the root of some directories ========
2021-10-18 21:21 - 2021-10-18 21:21 - 000000046 _____ () C:\Users\c\AppData\Roaming\Camdata.ini
2021-10-18 21:21 - 2021-10-18 21:21 - 000000408 _____ () C:\Users\c\AppData\Roaming\CamLayout.ini
2021-10-18 21:21 - 2021-10-18 21:21 - 000000408 _____ () C:\Users\c\AppData\Roaming\CamShapes.ini
2021-10-18 18:54 - 2021-10-18 18:55 - 000004536 _____ () C:\Users\c\AppData\Roaming\CamStudio.cfg
2021-10-18 18:52 - 2021-10-18 18:52 - 000000096 _____ () C:\Users\c\AppData\Roaming\version2.xml
2021-02-16 13:21 - 2021-02-16 13:21 - 000000000 _____ () C:\Users\c\AppData\Local\oobelibMkey.log
==================== FLock ==============================
2015-07-06 08:12 C:\Users\lillian3443\Google Drive
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
April 5th, 2022, 10:45 AM
#3
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by c (05-04-2022 07:32:42)
Running from C:\Users\c\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) (2020-09-03 19:24:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2517961349-2002184368-2333218459-500 - Administrator - Disabled)
c (S-1-5-21-2517961349-2002184368-2333218459-1001 - Administrator - Enabled) => C:\Users\c
DefaultAccount (S-1-5-21-2517961349-2002184368-2333218459-503 - Limited - Disabled)
Guest (S-1-5-21-2517961349-2002184368-2333218459-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2517961349-2002184368-2333218459-1003 - Limited - Enabled)
lillian3443 (S-1-5-21-2517961349-2002184368-2333218459-1004 - Limited - Enabled) => C:\Users\lillian3443
WDAGUtilityAccount (S-1-5-21-2517961349-2002184368-2333218459-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{11CAD2D3-0918-4C25-ADEA-6A2E2D8224D2}) (Version: 4.17.1.4410 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{52c19095-d66a-43cc-a45a-ee9434df7074}) (Version: 4.15.1.4190 - Open Media LLC)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Connect (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Allavsoft 3.24.3.8064 (HKLM-x32\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Atom (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\atom) (Version: 1.29.0 - GitHub Inc.)
Authy Desktop (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
AutoCAD 2021 - English (HKLM\...\{28B89EEF-4101-0409-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 - English (HKLM\...\AutoCAD 2021 - English) (Version: 24.0.47.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
Autodesk Featured Apps 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Save to Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
Aventail Access Manager (HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.64.496 - SonicWALL Inc)
Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.64.241 - SonicWALL Inc)
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.91 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\ActiveTouchMeetingClient) (Version: 42.3.1 - Cisco Webex LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 11.2.1.53537 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 56.0.9.0 - Google LLC)
Google Video Support Plugin (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP ENVY 5660 series Basic Device Software (HKLM\...\{2C0721C5-0CD8-46BC-9D7D-666D3B171CFF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
KA Lite version 0.14.0 (HKLM-x32\...\KA Lite-Foundation for Learning Equality_is1) (Version: 0.14.0 - Foundation for Learning Equality)
KeePass Password Safe 2.50 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.50 - Dominik Reichl)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Miro (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\RealtimeBoard) (Version: 0.7.8 - Miro)
Movavi Video Editor 14 Plus (x64) (HKLM\...\Movavi Video Editor 14 Plus (x64)) (Version: 14.3.0 - Movavi)
Mozilla Firefox (x86 en-US) (HKLM-x32\...\Mozilla Firefox 93.0 (x86 en-US)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP ENVY 5660 series (HKLM\...\{03EDBA70-A4E9-4AC9-A76A-8EE5172684BF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Python 2.7.18 (HKLM-x32\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D5}) (Version: 2.7.18150 - Python Software Foundation)
Python 3.10.2 (64-bit) (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{c60fd5ac-367d-4e3a-a975-f157502ac30a}) (Version: 3.10.2150.0 - Python Software Foundation)
Python 3.10.2 Core Interpreter (64-bit) (HKLM\...\{6475B354-B0F6-4837-8738-784937D647B2}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Development Libraries (64-bit) (HKLM\...\{8277936D-8A34-4758-893C-0B29342A6F27}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Documentation (64-bit) (HKLM\...\{B51A07AD-9BCE-485D-8721-C7C83992794B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Executables (64-bit) (HKLM\...\{EDEE3162-8399-42D4-9D7C-7DA21275BFD0}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 pip Bootstrap (64-bit) (HKLM\...\{08B7036F-0609-4634-9A5F-1688230E9D9D}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Standard Library (64-bit) (HKLM\...\{D862D299-FDC2-4571-B3A1-27CEE951D2D1}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Tcl/Tk Support (64-bit) (HKLM\...\{7863DF45-23BB-4D83-97B3-CF08F3192F5B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Test Suite (64-bit) (HKLM\...\{D68594E9-2F98-4EA0-8A94-5D7D9FF51960}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Utility Scripts (64-bit) (HKLM\...\{300F0759-8294-4971-9FAD-7AB19FA7B270}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.6.5 (32-bit) (HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\{3346977b-49da-4095-8f4d-f56f103e52e9}) (Version: 3.6.5150.0 - Python Software Foundation)
Python 3.6.5 Add to Path (32-bit) (HKLM-x32\...\{1D3BE06D-5E44-48FF-8D61-B744808EBE46}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Core Interpreter (32-bit) (HKLM-x32\...\{58E1C809-82C5-4EDF-B69B-188A6C81F21F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Development Libraries (32-bit) (HKLM-x32\...\{21FD2EE0-8D55-49DC-A1B0-771696DDEE98}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Documentation (32-bit) (HKLM-x32\...\{5C613D87-0AED-48A9-A216-3A3783463D6C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Executables (32-bit) (HKLM-x32\...\{9107CF1A-A09C-4035-B29E-E79B4098AB8C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 pip Bootstrap (32-bit) (HKLM-x32\...\{C024F06C-0E37-4529-945F-7920A9CFFD78}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Standard Library (32-bit) (HKLM-x32\...\{8C2E8A7D-95CC-491C-AB9C-DE785A137D00}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Tcl/Tk Support (32-bit) (HKLM-x32\...\{052FD2FB-034D-4CDD-864E-798DE45C742A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Test Suite (32-bit) (HKLM-x32\...\{86533809-919A-4858-AFC4-4226B86C5291}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python 3.6.5 Utility Scripts (32-bit) (HKLM-x32\...\{5C0C82E9-B580-4EE4-894A-4451A23B0E2C}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{463B0974-B1E1-401E-8F59-B0F9F81258E4}) (Version: 3.10.7581.0 - Python Software Foundation)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 15.4.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.4.0.0 - Adlice Software)
ScottradeELITE 2013 (HKLM-x32\...\{33B2F0C4-FBCE-4CDB-B98D-6D945068A150}) (Version: 5.2.0.0 - Scottrader)
ScottradeELITE v5 (HKLM-x32\...\{7E94DCE4-F1F3-47AF-A2D4-8A81008D9B1F}) (Version: 5.3.0.0 - Scottrade Inc.)
Sight Survey 2016 (HKLM-x32\...\{3D387B2D-B0C0-48FF-872A-3434AC81C6DF}) (Version: 1.0 - Carlson Software)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SQLite ODBC Driver (remove only) (HKLM-x32\...\SQLite ODBC Driver) (Version: - )
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 10.1.0.0 - Stellar Information Technology Pvt Ltd.)
Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
UCheck version 4.1.1.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 4.1.1.0 - Adlice Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002106) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{6B44CEF7-ECA7-4132-8D18-BD92DE0DC48F}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002106) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{6B44CEF7-ECA7-4132-8D18-BD92DE0DC48F}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002106) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{6B44CEF7-ECA7-4132-8D18-BD92DE0DC48F}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
WinX DVD Ripper Platinum 8.20.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Zoom (HKLM-x32\...\{4A8EC6EE-9A85-4A18-9C29-EC37E55CADB6}) (Version: 5.8.1435 - Zoom)
Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.75.0_x64__hvr7qkvwfhvx6 [2021-09-04] (Magik Hub) [MS Ad]
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2015-09-20] (Adobe Systems Incorporated)
Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.94.0_x64__pwbj9vvecjh7j [2022-03-30] (Amazon Development Centre (London) Ltd)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_2.0.3615.0_x64__vwcaa66y1ah8t [2021-04-28] (K-NFB Reading Technologies, Inc.)
CBS Sports -> C:\Program Files\WindowsApps\2BDFC20A.CBSSports_3.5.5.0_x64__bd059sf7kn2rm [2021-12-26] (CBS Interactive Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_3.7.0.0_neutral__fphbd361v8tya [2021-12-03] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.2.1.0_x64__a76a11dkgb644 [2021-10-12] (iHeartMedia.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-11-05] (Instagram)
Khan Academy -> C:\Program Files\WindowsApps\KhanAcademy.KhanAcademy_1.4.0.0_neutral__h7gxd2e83qjmg [2015-09-20] (Khan Academy)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2021-04-28] (AMZN Mobile LLC)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-20] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-03-28] (Ennova Research)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-12-04] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-08] (Microsoft Corporation)
RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2021-09-04] (Tiny Opener)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-09-20] (Toshiba America Information Systems, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-10] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2015-09-20] (Microsoft Corporation) [MS Ad]
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-04-21] (Zinio LLC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\c\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\c\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\c\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll (Google LLC -> Google LLC)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\56.0.9.0\drivefsext.dll [2022-03-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-17] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\c\Desktop\Ext blk\Files from Bl EHD\EHDD Material\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (chi.ming.gong@lacity.org) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\c\Desktop\Bin\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\c\Desktop\Bin\cmg7590@gmail.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\c\Desktop\Bin\Tubi - Free Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=fehabnkmajokachfhgpobflpljindncg
ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Tubi - Free Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=fehabnkmajokachfhgpobflpljindncg
ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tubi - Free Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=fehabnkmajokachfhgpobflpljindncg
ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Chi (cmg.smtclasses@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\c\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Chi Ming (cmg7590@gmail.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2014-03-06 06:03 - 2013-07-02 15:29 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-03-06 06:03 - 2012-04-20 14:17 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\xerces-c_3_1.dll
2014-03-06 06:03 - 2012-04-20 14:17 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icudt48.dll
2014-03-06 06:03 - 2012-04-20 14:17 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icuuc48.dll
2014-04-20 07:21 - 2009-07-19 14:48 - 000134144 _____ (Vivid Document Imaging Technologies) [File not signed] C:\WINDOWS\System32\PDFVC64.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001 -> {D30688FC-DCE4-4925-BDF6-DB294B4743F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> DefaultScope {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
SearchScopes: HKU\S-1-5-21-2517961349-2002184368-2333218459-1004 -> {1BCC4178-EF4F-4571-A5AE-E37AA2CD374E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-11-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2009-11-27] (International Business Machines Corporation -> IBM Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2022-02-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\sharepoint.com -> hxxps://studentlaccd-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2019-01-20 13:15 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-02-16 13:07 - 2018-02-16 13:07 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 LLM-Win8-Laptop.mshome.net # 2023 2 3 15 20 7 56 742
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Python35-32;C:\Python35-32\Lib\site-packages\;C:\Python35-32\Scripts\;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\c\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2517961349-2002184368-2333218459-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "Win8PDF"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe_ID0EYTHM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_48555157F9018AAD449F1763D57508C7"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "708A6BCA9F22CC304DD693961BCF6B09DB76A694._service_run"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-2517961349-2002184368-2333218459-1001\...\StartupApproved\Run: => "GoogleDriveFS"
-
April 5th, 2022, 10:45 AM
#4
part 2 Addition.txt
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BEE0F98F-DCB6-4574-A1DC-D3E3A0155B09}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{C518D753-6F95-4129-A31A-66A8C1547EB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{79DAB9F0-EB65-44E0-8A43-318DDAD2768D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{78D21A4D-7FD4-4D40-9A8B-20433D883741}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{F750F970-6BF7-4542-9555-0663101006A2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{E18F9BD0-6BF9-47F1-A4A9-F6AF19A8BBA1}] => (Allow) LPort=50901
FirewallRules: [{5A49BF34-9E5A-45BF-9086-31DD2D37DB8A}] => (Allow) LPort=50900
FirewallRules: [{C3C2F011-164C-4F8E-8B96-95C76C1B1FDF}] => (Allow) LPort=3704
FirewallRules: [{BA2D35C1-868E-4F7B-8B29-0150CCAECBAF}] => (Allow) LPort=3703
FirewallRules: [{0968D024-C3E0-47B7-A9C0-E394358C59FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14A3CE72-FE99-4384-ABAD-635F5584D247}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7A0ECF99-CDDF-4C43-A312-608D8A33DBD6}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [UDP Query User{0D417FD2-EDA2-4CCF-90BF-C5982F229714}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [{834452D9-7981-4CE6-8482-4E1A3B76A895}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{006929CD-8219-4B7F-A0AE-97D04593D25C}] => (Allow) LPort=5357
FirewallRules: [{F1F5D1F9-46F6-4E79-8E2E-4E3FBEE4FF4A}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{78FF71A2-12EE-4E15-A5DF-ECB5D5240681}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
FirewallRules: [{AD4CE048-DB8A-4136-89E7-E28B7948FF4E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
FirewallRules: [{96596EC8-7E9F-417F-AF78-E4B1C1B9BE3E}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
FirewallRules: [{00559030-10B6-4F49-96FF-0E1B4BE6061A}] => (Allow) C:\Users\c\AppData\Local\ScottradeElite\ScottradeELITELauncher.exe (Scottrade, Inc. -> Scottrade)
FirewallRules: [{629B5330-96A5-466C-9442-23BE4063725C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7B27641A-2992-40E3-AA56-98E9F745894F}] => (Allow) C:\Users\c\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{ECDD8879-CDBC-400A-80B0-5B4B23DC4DE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{136E9FA3-E8B4-4308-890B-694AA75DD203}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1913DF20-0659-4CB2-B00C-50F299679D70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C956F09-9960-4BE2-967A-0E05EF505404}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E78F839B-1205-45F6-BB1A-0BFBFFD7679A}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe => No File
FirewallRules: [UDP Query User{EA34BE96-5177-45C3-B2EE-8AB88252F9FB}C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe] => (Block) C:\users\c\appdata\local\realtimeboard\app-0.4.6\miro.exe => No File
FirewallRules: [{0F3D8B8C-00B0-48D7-AB22-F21819125B4C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05FBB6D5-2E03-454E-B99C-07AFBB3FAB15}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59CEA875-26E1-4611-A659-BBC3BBA229B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3392AED3-2200-4C07-8FAB-CF76141154BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C7D26805-6B4D-4407-BF58-6E51D3F77720}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe => No File
FirewallRules: [UDP Query User{D649A351-E7BC-449F-A43B-C27E654CFF85}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe => No File
FirewallRules: [{FF6C8F86-1322-4533-B88C-57EB96A23024}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{094324E4-268E-41BB-92A9-1E4D775F70FD}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38EA1A4A-609E-485D-B246-A54532D0BACB}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{EE86E34D-E8AD-49B8-A4F1-39920FB23199}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe => No File
FirewallRules: [UDP Query User{0C4D5BA8-EAF6-4AEA-B855-2F45766F3841}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe => No File
FirewallRules: [{8E2F50AB-502B-4C54-AE34-862614400117}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0FBFCFB-A442-4360-B6CE-FF129C4DB7BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{378DEC0E-047C-418A-B875-46198049F501}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13B4907F-EC5F-4704-A9D2-D5D7EB45D3A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{309437F2-871F-417E-AB5B-509F0BEA3268}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2302819-5D35-4749-877C-A0CA3C4DD2D6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E82A276-72C1-447D-AB97-6C6B9F264CF2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D1B5547D-A985-406F-9A8C-A7A9B1AE65BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F8835304-8EAF-4A6B-A406-3BD484D24DB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4BCE18B7-9281-411B-8B94-6D2E70E30B79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
18-03-2022 13:31:51 Scheduled Checkpoint
27-03-2022 12:43:37 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/04/2022 09:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15656
Error: (04/04/2022 09:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15656
Error: (04/04/2022 09:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/04/2022 03:30:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 16.0.5278.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: d7c
Start Time: 01d84870f25bbff1
Termination Time: 0
Application Path: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Report Id: 65edf478-5703-4457-b23b-500137e49b70
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (04/04/2022 03:11:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 16.0.5278.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2550
Start Time: 01d848704e601a5f
Termination Time: 0
Application Path: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Report Id: 5a4c354e-33ab-451d-823a-c9ee4db4683d
Faulting package full name:
Faulting package-relative application ID:
Hang type: Unknown
Error: (04/03/2022 08:54:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15641
Error: (04/03/2022 08:54:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15641
Error: (04/03/2022 08:54:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (04/05/2022 07:10:09 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
Error: (04/04/2022 09:26:13 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:13 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:12 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:12 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:12 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:12 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (04/04/2022 09:26:12 PM) (Source: DCOM) (EventID: 10010) (User: LLM-WIN8-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2022-04-04 08:31:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 17:31:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 16:38:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 09:12:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-02 07:21:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-04-05 07:37:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2022-04-05 07:20:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: TOSHIBA 1.60 01/16/2014
Motherboard: TOSHIBA VG10ST
Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 8104.14 MB
Available physical RAM: 4222.19 MB
Total Virtual: 10889.37 MB
Available Virtual: 7023.75 MB
==================== Drives ================================
Drive c: (TI10684700A) (Fixed) (Total:920.33 GB) (Free:582.95 GB) NTFS
Drive f: () (Fixed) (Total:0.82 GB) (Free:0.25 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:9.14 GB) (Free:9.1 GB) NTFS
Drive i: (easystore) (Fixed) (Total:931.48 GB) (Free:227.6 GB) NTFS
\\?\Volume{0e4900f6-53b7-11e3-adbb-0c54a51af203}\ (System) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{0e4900fe-53b7-11e3-adbb-0c54a51af203}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== End of Addition.txt =======================
-
April 6th, 2022, 02:39 AM
#5
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
======================================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
April 6th, 2022, 11:32 AM
#6
RK:
Program : RogueKiller Anti-Malware
Version : 15.4.0.0
x64 : Yes
Program Date : Mar 7 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : c
User is Admin : Yes
Date : 2022/04/06 14:33:53
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 3282
Found items : 0
Total scanned : 146239
Signatures Version : 20220406_063035
Truesight Driver : Yes
Updates Count : 8
************************* Warnings *************************
************************* Updates *************************
iTunes (64-bit), version 12.12.2.2
[+] Available Version : 12.12.3.5
[+] Size : 417 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\iTunes\
Malwarebytes version 4.5.4.168 (64-bit), version 4.5.4.168
[+] Available Version : 4.5.7
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware
Google Chrome (32-bit), version 99.0.4844.84
[+] Available Version : 100.0.4896.75
[+] Size : 353 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Google\Chrome\Application
K-Lite Codec Pack 13.7.5 Basic (32-bit), version 13.7.5
[+] Available Version : 16.9.5
[+] Size : 63.9 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\K-Lite Codec Pack\
Mozilla Firefox (x86 en-US) (32-bit), version 93.0
[+] Available Version : 99.0
[+] Size : 192 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Mozilla Firefox
Zoom (32-bit), version 5.8.1435
[+] Available Version : 5.10.1
[+] Size : 136 MB
[+] Wow6432 : Yes
[+] Portable : No
Python 3.6.5 (32-bit) (64-bit), version 3.6.5150.0
[+] Available Version : 3.10.4000.0
[+] Size : 88.7 MB
[+] Wow6432 : No
[+] Portable : No
Python 3.10.2 (64-bit) (64-bit), version 3.10.2150.0
[+] Available Version : 3.10.4000.0
[+] Size : 99.6 MB
[+] Wow6432 : No
[+] Portable : No
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
-
April 6th, 2022, 11:33 AM
#7
MBAM:
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/6/22
Scan Time: 7:51 AM
Log File: faa30fe6-b5b8-11ec-a569-202564469259.json
-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.53323
License: Free
-System Information-
OS: Windows 10 (Build 19043.1586)
CPU: x64
File System: NTFS
User: LLM-Win8-Laptop\c
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 429382
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 20 min, 16 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
April 6th, 2022, 11:33 AM
#8
ADW
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-06-2022
# Duration: 00:00:26
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\lillian3443\AppData\Local\iLivid
Deleted C:\Users\lillian3443\AppData\Local\torch
***** [ Files ] *****
Deleted C:\Windows\System32\wsusnative64.exe
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SlimCleaner Plus
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WinZip Malware Protector
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.Pokki File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7157 octets] - [06/04/2022 08:20:57]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
April 6th, 2022, 11:48 AM
#9
I don't see anything malicious there.
I suggest new topic in Windows forum.
-
April 6th, 2022, 06:25 PM
#10
-
April 7th, 2022, 02:42 AM
#11
You're very welcome
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|