Very Slow
Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: Very Slow

  1. #1
    Join Date
    Apr 2022
    Posts
    16

    Very Slow

    Win 10 64 bit Intel Core i5-2450mcpu@2.50 GHz,8.0 GB Ram, Intel HD Graphics 3000. 1tb HD.
    Hi the laptop has been running really slow recently so i ran ccleaner and defragged the HD,
    Can someone please check my scan's to see what's wrong Thankyou.

    Win 10 64 bit Intel Core i5-2450mcpu@2.50 GHz,8.0 GB Ram, Intel HD Graphics 3000. 1tb HD.
    Hi the laptop has been running really slow recently so i ran ccleaner and defragged the HD,
    Can someone please check my scan's to see what's wrong Thankyou.

    Win 10 64 bit Intel Core i5-2450mcpu@2.50 GHz,8.0 GB Ram, Intel HD Graphics 3000. 1tb HD.
    Hi the laptop has been running really slow recently so i ran ccleaner and defragged the HD,
    Can someone please check my scan's to see what's wrong Thankyou.
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Tracy\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-12]
    Edge StartupUrls: Default -> "hxxp://google.com/"

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll [2020-06-20] (Adobe Systems Incorporated -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll [2020-06-20] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default [2022-04-11]
    CHR Extension: (Slides) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
    CHR Extension: (Docs) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
    CHR Extension: (Google Drive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
    CHR Extension: (YouTube) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
    CHR Extension: (Sheets) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
    CHR Extension: (Google Docs Offline) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Gmail) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-04-11]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-04-11]
    CHR Extension: (Slides) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-24]
    CHR Extension: (Docs) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-24]
    CHR Extension: (Google Drive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-24]
    CHR Extension: (YouTube) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-24]
    CHR Extension: (Sheets) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-24]
    CHR Extension: (Gmail) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-24]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-04-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-04]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-11]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2020-06-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-06] (HP Inc. -> HP Inc.)
    R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTHelperService.exe [635328 2019-12-10] (SMART Technologies ULC -> SMART Technologies)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2016-04-22] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
    R3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [18952 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [28168 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-10] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-10] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-12 01:23 - 2022-04-12 01:25 - 000021753 _____ C:\Users\Tracy\Desktop\FRST.txt
    2022-04-12 01:22 - 2022-04-12 01:25 - 000000000 ____D C:\FRST
    2022-04-12 01:17 - 2022-04-12 01:18 - 002365952 _____ (Farbar) C:\Users\Tracy\Desktop\FRST64.exe
    2022-04-11 05:53 - 2022-04-11 05:53 - 000000017 _____ C:\Users\Tracy\AppData\Local\resmon.resmoncfg
    2022-04-11 04:56 - 2022-04-11 04:56 - 000000000 ____D C:\Users\Tracy\AppData\Local\mbam
    2022-04-11 00:48 - 2022-04-11 00:48 - 000000000 ____D C:\Program Files\Google
    2022-04-10 21:17 - 2022-04-10 21:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
    2022-04-10 19:32 - 2022-04-10 19:32 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Tracy
    2022-04-10 19:32 - 2022-04-10 19:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2022-04-10 19:23 - 2022-04-10 19:24 - 037890424 _____ (Piriform Software Ltd) C:\Users\Tracy\Downloads\ccsetup591.exe
    2022-03-30 13:34 - 2022-03-30 13:34 - 000122795 _____ C:\Users\Tracy\Downloads\ActiveMums flyer.pdf
    2022-03-28 16:01 - 2022-03-28 16:01 - 000068590 _____ C:\Users\Tracy\Downloads\INV0032 Gavin Scott PT - Invoice.pdf
    2022-03-23 13:39 - 2022-03-23 13:39 - 000067848 _____ C:\Users\Tracy\Downloads\INV0030 Abernethy Trust - Mar 22 - Invoice.pdf
    2022-03-16 19:33 - 2022-03-16 19:33 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (4) (1).pdf
    2022-03-16 19:32 - 2022-03-16 19:32 - 000186586 _____ C:\Users\Tracy\Downloads\attachments (2) (1).zip
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (4).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (3).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (2).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000186586 _____ C:\Users\Tracy\Downloads\attachments (2).zip
    2022-03-14 20:35 - 2022-03-14 20:35 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2022-03-14 20:34 - 2022-03-14 20:34 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
    2022-03-14 20:34 - 2022-03-14 20:34 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
    2022-03-14 20:33 - 2022-03-14 20:33 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2022-03-14 20:33 - 2022-03-14 20:33 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
    2022-03-14 19:42 - 2022-03-14 19:42 - 000000000 ___HD C:\$WinREAgent

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-12 01:26 - 2018-10-02 19:15 - 000000000 ____D C:\Program Files (x86)\Google
    2022-04-12 01:19 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-04-11 21:58 - 2016-04-23 16:16 - 000000000 ____D C:\Program Files\CCleaner
    2022-04-11 21:40 - 2020-09-02 12:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-04-11 21:38 - 2020-09-02 12:46 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7989237F-FAA2-419A-82AC-640340C616BA}
    2022-04-11 20:20 - 2018-10-02 19:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-04-11 20:06 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-04-11 20:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-04-11 16:01 - 2020-09-02 12:46 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2022-04-11 15:15 - 2020-09-02 12:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-04-11 15:15 - 2020-08-25 18:52 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-04-11 06:02 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2022-04-11 06:01 - 2018-07-16 21:32 - 000000000 ____D C:\ProgramData\RogueKiller
    2022-04-11 06:00 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2022-04-11 05:52 - 2020-09-02 18:26 - 000000000 ____D C:\Users\Tracy\AppData\Local\Deployment
    2022-04-10 21:59 - 2018-07-06 12:55 - 000000000 ____D C:\Users\Tracy\AppData\Local\PlaceholderTileLogoFolder
    2022-04-10 21:06 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
    2022-04-10 21:05 - 2020-02-10 19:10 - 000000000 ____D C:\Users\Tracy\AppData\Local\D3DSCache
    2022-04-10 20:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-04-10 20:19 - 2020-09-06 08:37 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-04-10 20:19 - 2020-09-06 08:37 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2022-04-10 20:15 - 2016-04-23 16:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2022-04-10 20:03 - 2020-09-02 12:36 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-04-10 19:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2022-04-10 19:40 - 2020-08-29 19:24 - 000000000 ___DC C:\WINDOWS\Panther
    2022-04-10 19:27 - 2018-03-02 10:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-04-10 19:23 - 2020-08-30 19:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2022-04-07 13:22 - 2022-01-06 20:57 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-676086880-3456233089-3657626659-1001
    2022-04-07 13:22 - 2021-10-07 20:23 - 000002379 _____ C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-04-07 13:22 - 2020-09-02 12:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-676086880-3456233089-3657626659-1001
    2022-04-07 13:20 - 2022-01-31 20:45 - 000000000 ____D C:\Users\Tracy\Desktop\Community Council
    2022-04-07 13:13 - 2020-09-06 08:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-04-07 13:12 - 2020-09-06 08:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2022-03-30 13:44 - 2020-11-19 16:22 - 000000000 ____D C:\Users\Tracy\Desktop\SharpFit Personal Training
    2022-03-23 21:13 - 2020-08-30 19:35 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
    2022-03-23 21:12 - 2020-08-30 19:35 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
    2022-03-23 14:28 - 2020-09-02 12:16 - 000504664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-03-23 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
    2022-03-16 19:29 - 2018-03-01 19:32 - 000000000 ____D C:\Users\Tracy\AppData\Local\Packages
    2022-03-14 20:32 - 2020-09-02 12:20 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2022-03-14 19:45 - 2016-08-18 21:19 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2022-03-14 19:42 - 2016-04-22 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-03-14 19:35 - 2016-04-22 23:48 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    ==================== Files in the root of some directories ========

    2022-04-11 05:53 - 2022-04-11 05:53 - 000000017 _____ () C:\Users\Tracy\AppData\Local\resmon.resmoncfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  2. #2
    Join Date
    Apr 2022
    Posts
    16
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2022 03
    Ran by Tracy (12-04-2022 01:28:40)
    Running from C:\Users\Tracy\Desktop
    Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2020-09-02 11:48:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-676086880-3456233089-3657626659-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-676086880-3456233089-3657626659-503 - Limited - Disabled)
    Guest (S-1-5-21-676086880-3456233089-3657626659-501 - Limited - Disabled)
    Tracy (S-1-5-21-676086880-3456233089-3657626659-1001 - Administrator - Enabled) => C:\Users\Tracy
    WDAGUtilityAccount (S-1-5-21-676086880-3456233089-3657626659-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ActivInspire Core Resources (ENU) v1 (HKLM-x32\...\{9A24B29A-118D-4E9C-9A27-3D2B38C749F0}) (Version: 1.6.3 - Promethean)
    ActivInspire Help (GBR) v2 (HKLM-x32\...\{4770FF35-E30C-4532-B142-DFB1380B77C9}) (Version: 2.0.0 - Promethean)
    ActivInspire v2 (HKLM-x32\...\{7B7B72DE-D731-498E-B85E-DE34648A18CA}) (Version: 2.19.69200 - Promethean)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\{9BFB1FAB-8FC4-4FAA-9B2D-2B121834B659}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
    AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.3.6.0 - iMobie Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.7.32 - Canon Inc.)
    Canon Utilities Map Utility (HKLM-x32\...\Map Utility Parent) (Version: 1.8.1.2 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
    Crumble 1.2.13 (HKLM-x32\...\{BA9B1940-1DFA-4062-93D0-53560901FF1B}) (Version: 1.2.13 - Redfern Electronics Limited)
    ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    iTunes (HKLM\...\{1881A808-898B-45F4-80E8-A34C1B6008C5}) (Version: 12.12.2.2 - Apple Inc.)
    Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.36 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.36 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
    Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
    Sky Go 1.5.16.0 (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.5.16.0 - Sky)
    SMART English (United Kingdom) Handwriting Resources (HKLM-x32\...\{B5D5D9DC-3361-43D7-ADED-916CC6E90A03}) (Version: 15.1.10.0 - SMART Technologies ULC)
    SMART Gallery Essentials (HKLM-x32\...\{B1BCD573-39C5-48CD-A2A7-F6525BB7072B}) (Version: 2.0.2.0 - SMART Technologies ULC)
    SMART Ink (HKLM-x32\...\{431EB801-5D66-409A-B208-AEF76AD7F677}) (Version: 5.6.132.0 - SMART Technologies ULC)
    SMART Lesson Activity Toolkit (HKLM-x32\...\{8AD57A09-153E-4F6D-A269-0AD8AC54B82A}) (Version: 2.0.7.0 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{F0215213-10A6-43DB-9BE4-3FD3DB5D8E53}) (Version: 19.1.2790.0 - SMART Technologies ULC)
    SMART Product Drivers (HKLM-x32\...\{8F02AE90-9219-42E6-AD41-0C0055227B9B}) (Version: 12.15.139.0 - SMART Technologies ULC)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
    TechSmith Screen Capture Codec (HKLM-x32\...\{84FE50F5-B0F3-4D18-8BE8-A4DEEE0C37AD}) (Version: 4.1.1.0 - TechSmith Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    Zoom (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-30] (Microsoft Studios) [MS Ad]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation)
    Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-01-21] (Adobe Systems Incorporated)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-21] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [854016 2016-12-12] (TechSmith Corporation) [File not signed]

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Tracy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\SharpFit - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

    ==================== Loaded Modules (Whitelisted) =============

    2020-09-02 12:24 - 2020-09-02 12:24 - 000649360 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCP120.dll
    2020-09-02 12:24 - 2020-09-02 12:24 - 000952464 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCR120.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\sharepoint.com -> hxxps://abernethytrust-files.sharepoint.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-30 23:42 - 2015-07-30 23:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tracy\Pictures\Phone - June 2020\IMG_1335.JPG
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Image Transfer Utility.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "ETDCtrl"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "sbsdk-server"
    HKLM\...\StartupApproved\Run32: => "SMART Board Service"
    HKLM\...\StartupApproved\Run32: => "SMART Ink"
    HKLM\...\StartupApproved\Run32: => "SMARTNotification"
    HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{EDE4AE7B-19AB-400E-B18A-D03082BD0F8A}] => (Allow) C:\Users\Tracy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{7A2C79DE-C51D-4E9E-918F-51C53FEF2D0A}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{C011B890-D78B-4A05-A92D-7BA0AB090911}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{4D585AE2-D492-4A06-B0BC-15849A5CBD35}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{F79841BF-8341-4125-9935-8EA335A794EA}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{032EBC81-EBF2-4BA9-8008-1FA9A67FCFD4}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{C933435E-5A01-407F-ACA4-90851B741DB1}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{740A365E-7B9F-4FBA-AD68-056AB9ABFEF3}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{8D232408-B19B-41A8-9E54-0D66876956DD}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{CA4FE102-D72E-4042-A3E2-425C57CD202C}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{367894F2-4747-455D-B144-BB835B540BF1}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [UDP Query User{4D967012-F371-4667-A985-FFA406775ADF}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [TCP Query User{9D9EDB64-A571-4E62-AE0D-3C3DBC78A171}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{34FAF0DC-9CEB-433A-B603-61D7C58DCF7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{8D89C4AB-28B5-42B1-A5D8-4F5B5EA008CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{42E616DE-9519-4E70-92B3-448317624323}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7F519FB8-AC86-420A-A4CA-58B5E1B86E2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{81FE2635-D82D-4965-B560-2ECFA91604B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{92F1C454-5280-4165-B7AF-FE4EED617EA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{22A2458A-B0B9-415C-9FE8-A267CBB09272}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F5E35182-9F01-455C-BFDD-9039F1F08A00}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{B8964F9C-C123-499F-B459-FA201B3FF58A}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{454FA8BE-CDF4-4606-A055-1C48868DB8A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AD1DFDE4-FF22-452E-BA01-5680EB6C2D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{342AE68D-0D7B-4B8E-83F8-F2A02F19394B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{858D37E3-6530-4536-B904-0AEB21A17A97}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{DCA3F161-ADF4-4DD7-A252-79E2EEFD1B0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{8470D4A0-6BBD-484F-A0C0-3B1868552065}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3ADA747C-2E7C-4D94-98BC-62A96F04DAE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{EA48F9F8-13D3-47F2-BF6A-6F72295A00C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{305DF7AB-7806-4C95-B736-2D9169550DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{60AFCFC2-1F37-4D50-A016-1B2A0FE13964}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D1F2A0D2-2D9A-4470-91AC-DA91461F71AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F667EC61-077D-4416-90A1-7425E529387B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C1899F30-57A7-4B99-9BDC-0A7D3048EDBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1D7D0B1F-2E1E-4BD4-99DC-C50267E1E16C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C9A851A8-4EC7-4CFB-8770-F73CE2DDB3AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A0A59144-20AB-4518-8873-FAB2940964D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E6537DCD-9A0F-4F3B-8EF1-451E77A53BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E27F9D7B-35BE-48C0-A84E-B1711C0E04E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{6A894B92-BA40-42D1-9DCC-04DFE2C0FB88}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{7879778F-B587-4D9B-9F17-92BF8DB57899}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

  3. #3
    Join Date
    Apr 2022
    Posts
    16
    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-30] (Microsoft Studios) [MS Ad]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation)
    Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-01-21] (Adobe Systems Incorporated)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-21] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [854016 2016-12-12] (TechSmith Corporation) [File not signed]

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Tracy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\SharpFit - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

    ==================== Loaded Modules (Whitelisted) =============

    2020-09-02 12:24 - 2020-09-02 12:24 - 000649360 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCP120.dll
    2020-09-02 12:24 - 2020-09-02 12:24 - 000952464 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCR120.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\sharepoint.com -> hxxps://abernethytrust-files.sharepoint.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-30 23:42 - 2015-07-30 23:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tracy\Pictures\Phone - June 2020\IMG_1335.JPG
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Image Transfer Utility.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "ETDCtrl"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "sbsdk-server"
    HKLM\...\StartupApproved\Run32: => "SMART Board Service"
    HKLM\...\StartupApproved\Run32: => "SMART Ink"
    HKLM\...\StartupApproved\Run32: => "SMARTNotification"
    HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{EDE4AE7B-19AB-400E-B18A-D03082BD0F8A}] => (Allow) C:\Users\Tracy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{7A2C79DE-C51D-4E9E-918F-51C53FEF2D0A}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{C011B890-D78B-4A05-A92D-7BA0AB090911}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{4D585AE2-D492-4A06-B0BC-15849A5CBD35}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{F79841BF-8341-4125-9935-8EA335A794EA}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{032EBC81-EBF2-4BA9-8008-1FA9A67FCFD4}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{C933435E-5A01-407F-ACA4-90851B741DB1}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{740A365E-7B9F-4FBA-AD68-056AB9ABFEF3}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{8D232408-B19B-41A8-9E54-0D66876956DD}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{CA4FE102-D72E-4042-A3E2-425C57CD202C}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{367894F2-4747-455D-B144-BB835B540BF1}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [UDP Query User{4D967012-F371-4667-A985-FFA406775ADF}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [TCP Query User{9D9EDB64-A571-4E62-AE0D-3C3DBC78A171}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{34FAF0DC-9CEB-433A-B603-61D7C58DCF7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{8D89C4AB-28B5-42B1-A5D8-4F5B5EA008CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{42E616DE-9519-4E70-92B3-448317624323}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7F519FB8-AC86-420A-A4CA-58B5E1B86E2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{81FE2635-D82D-4965-B560-2ECFA91604B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{92F1C454-5280-4165-B7AF-FE4EED617EA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{22A2458A-B0B9-415C-9FE8-A267CBB09272}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F5E35182-9F01-455C-BFDD-9039F1F08A00}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{B8964F9C-C123-499F-B459-FA201B3FF58A}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{454FA8BE-CDF4-4606-A055-1C48868DB8A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AD1DFDE4-FF22-452E-BA01-5680EB6C2D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{342AE68D-0D7B-4B8E-83F8-F2A02F19394B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{858D37E3-6530-4536-B904-0AEB21A17A97}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{DCA3F161-ADF4-4DD7-A252-79E2EEFD1B0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{8470D4A0-6BBD-484F-A0C0-3B1868552065}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3ADA747C-2E7C-4D94-98BC-62A96F04DAE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{EA48F9F8-13D3-47F2-BF6A-6F72295A00C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{305DF7AB-7806-4C95-B736-2D9169550DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{60AFCFC2-1F37-4D50-A016-1B2A0FE13964}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D1F2A0D2-2D9A-4470-91AC-DA91461F71AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F667EC61-077D-4416-90A1-7425E529387B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C1899F30-57A7-4B99-9BDC-0A7D3048EDBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1D7D0B1F-2E1E-4BD4-99DC-C50267E1E16C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C9A851A8-4EC7-4CFB-8770-F73CE2DDB3AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A0A59144-20AB-4518-8873-FAB2940964D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E6537DCD-9A0F-4F3B-8EF1-451E77A53BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E27F9D7B-35BE-48C0-A84E-B1711C0E04E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{6A894B92-BA40-42D1-9DCC-04DFE2C0FB88}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{7879778F-B587-4D9B-9F17-92BF8DB57899}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

  4. #4
    Join Date
    Apr 2022
    Posts
    16
    I don't know why I can't post the last part of my log ,it keep's saying I've sent more than 7 images but i haven't sent any images.

  5. #5
    Join Date
    Apr 2022
    Posts
    16
    Scan Parameters: Quick Scan

    Date: 2022-03-30 14:14:47
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-03-30 13:34:12
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    Event[0]:

    Date: 2022-03-14 18:59:06
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.359.1714.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18900.3
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2022-03-07 17:19:15
    Description:
    Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2022-02-27 19:36:57
    Description:
    Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
    Security intelligence Attempted: Current
    Error Code: 0x80070003
    Error description: The system cannot find the path specified.
    Security intelligence version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    Date: 2022-02-25 20:09:01
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.359.905.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18900.3
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2022-02-15 16:56:54
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.359.253.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18900.3
    Error code: 0x8050a003
    Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

    CodeIntegrity:
    ===============
    Date: 2022-04-11 20:04:46
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2022-04-11 05:06:50
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 17HX.M045.20121127.SSH 11/27/2012
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 46%
    Total physical RAM: 8103.19 MB
    Available physical RAM: 4353.58 MB
    Total Virtual: 9383.19 MB
    Available Virtual: 5815.32 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:930.12 GB) (Free:363.32 GB) NTFS

    \\?\Volume{e969db02-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
    \\?\Volume{e969db02-0000-0000-0000-40a7e8000000}\ () (Fixed) (Total:0.9 GB) (Free:0.42 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E969DB02)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=930.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=919 MB) - (Type=27)

    ==================== End of Addition.txt



    I don't understand i havn't sent any images only scan texts=======================

  6. #6
    Join Date
    Apr 2022
    Posts
    16
    I think that's all of the scan now, if there's anything missing let me know

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    "I don't know why I can't post the last part of my log ,it keep's saying I've sent more than 7 images but i haven't sent any images."
    Sometimes the board reads ": )" as a smiley, which would be an image. If it happens, try to post logs in smaller chunks.

    Both logs are somewhat incomplete. At some point we'll run FRST again. Make sure you post complete logs.

    For now...

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  8. #8
    Join Date
    Apr 2022
    Posts
    16
    Malwarebytes and Roguekiller were clean no logs.
    Adwcleaner, # -------------------------------
    # Malwarebytes AdwCleaner 8.3.2.0
    # -------------------------------
    # Build: 03-23-2022
    # Database: 2022-03-15.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 04-15-2022
    # Duration: 00:00:03
    # OS: Windows 10 Home
    # Cleaned: 0
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1406 octets] - [15/04/2022 02:00:41]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.2.0
    # -------------------------------
    # Build: 03-23-2022
    # Database: 2022-03-15.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 04-15-2022
    # Duration: 00:00:34
    # OS: Windows 10 Home
    # Scanned: 32023
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  10. #10
    Join Date
    Apr 2022
    Posts
    16
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022
    Ran by Tracy (administrator) on DESKTOP-VMU9O35 (SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711) (15-04-2022 20:02:36)
    Running from C:\Users\Tracy\Desktop
    Loaded Profiles: Tracy
    Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language: English (United Kingdom)
    Default browser: Chrome
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20204\OfficeClickToRun.exe
    (C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (C:\Users\Tracy\Desktop\malwarebytes\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\Tracy\Desktop\malwarebytes\mbamtray.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
    (services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
    (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\Tracy\Desktop\malwarebytes\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
    (svchost.exe ->) (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1613_none_7df538047ca074bb\TiWorker.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2016-04-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTNotification.exe [209856 2019-12-10] (SMART Technologies ULC -> SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2772416 2019-12-10] (SMART Technologies ULC -> SMART Technologies)
    HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\Common Files\SMART Technologies\SystemMenu\SMARTSystemMenu.exe [654272 2019-12-01] (SMART Technologies ULC -> SMART Technologies)
    HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\sbsdk-server\NodeLauncher.exe [68544 2019-11-08] (SMART Technologies ULC -> SMART Technologies)
    HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTInk.exe [287680 2019-12-11] (SMART Technologies ULC -> SMART Technologies)
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5412632 2022-04-07] (Adobe Inc. -> Adobe Systems Incorporated)
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36705520 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
    HKLM\...\Print\Monitors\HP a011 Status Monitor: C:\WINDOWS\system32\hpinkstsa011LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
    HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050A J611 series): HPDiscoPMa011.dll
    HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\WINDOWS\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
    HKLM\...\Print\Monitors\SMART Local Port: C:\WINDOWS\system32\smrtlocalmon.dll [38336 2019-12-11] (SMART Technologies ULC -> SMART Technologies ULC)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-11] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2017-12-29]
    ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (Canon Inc. -> CANON INC.)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2E20E3E2-9A54-4CB4-9E6C-EE5E2A021163} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-06] (HP Inc. -> HP Inc.)
    Task: {331C2436-4543-4A0F-AA08-8422EB2DB9BD} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [6438536 2017-03-27] (Hewlett Packard -> HP Inc.)
    Task: {3F012C4F-4660-4B4F-ADDB-DCACD9EBE23E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [696808 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {40701BF8-FE5E-4D64-AA72-E7823A40A1A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
    Task: {47EFBCFA-D13B-41A6-AF5D-CA94C437D5F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
    Task: {492CFA4B-9B75-4985-B6AE-FF75FC4B31A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {5DD324D7-C67A-4A0D-92BE-5358DCF8DDB4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {61DB24FF-E01D-4730-80E8-F3A47A15E44F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2020-06-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {6C1C8665-4103-4304-B776-90A67632AA1C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {70A3FB59-DCBF-4201-AFFE-7661A1460291} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
    Task: {7CACF95F-9D82-4177-9FB9-950D1F7D8145} - System32\Tasks\GoogleUpdateTaskMachineCore1d575116895713a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
    Task: {90033F91-0006-49C1-AA8F-1D4A8F5BEFC6} - System32\Tasks\CCleanerSkipUAC - Tracy => C:\Program Files\CCleaner\CCleaner.exe [30836464 2022-04-07] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {94D21C88-553D-4B3B-9A43-601946302E48} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-04-07] (Piriform Software Ltd -> Piriform)
    Task: {AF5D7A49-7DE1-48AE-8D21-905DEA06D1E4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {B556D2FD-1AD5-462A-A4F2-933A0CC7173A} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4102784 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B8AC8C8E-AE92-4211-9ECC-821A0EB84C8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {B9A3535D-A217-4CB8-BD89-1B1B99B43CE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {BA514F7F-B279-4300-8E41-087BDF4A4908} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-06] (HP Inc. -> HP Inc.)
    Task: {BD5C9F35-BA40-46F1-B9F5-81790237FB18} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {C1AD9B5C-1FB3-4741-BE1B-BD84FDD39613} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D6197ABA-7814-47D2-9B90-FCCE0A11011F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {E43B994B-105D-4D44-BCB8-D945587FD22F} - System32\Tasks\GoogleUpdateTaskMachineUA1d5751168b13301 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
    Task: {F25F987E-AD90-4686-B6CA-E9E35A02376E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Internet (Whitelisted) ====================

  11. #11
    Join Date
    Apr 2022
    Posts
    16
    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{2874807c-4053-4258-b26e-31d08b4cd700}: [DhcpNameServer] 192.168.1.254

    Edge:
    =======
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Tracy\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-15]
    Edge StartupUrls: Default -> "hxxp://google.com/"

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll [2020-06-20] (Adobe Systems Incorporated -> )
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll [2020-06-20] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Profile 3
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default [2022-04-12]
    CHR Extension: (Slides) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
    CHR Extension: (Docs) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
    CHR Extension: (Google Drive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
    CHR Extension: (YouTube) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
    CHR Extension: (Sheets) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
    CHR Extension: (Google Docs Offline) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
    CHR Extension: (Gmail) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-04-12]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-04-12]
    CHR Extension: (Slides) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-24]
    CHR Extension: (Docs) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-24]
    CHR Extension: (Google Drive) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-24]
    CHR Extension: (YouTube) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-24]
    CHR Extension: (Sheets) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-24]
    CHR Extension: (Gmail) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-24]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-04-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-04]
    CHR Profile: C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-12]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2020-06-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-06] (HP Inc. -> HP Inc.)
    R2 MBAMService; C:\Users\Tracy\Desktop\malwarebytes\MBAMService.exe [8348856 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
    S2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTHelperService.exe [635328 2019-12-10] (SMART Technologies ULC -> SMART Technologies)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
    S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
    R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2016-04-22] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider)
    R3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [18952 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [28168 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2022-04-14] (Adlice -> )
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-10] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-10] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-15 20:01 - 2022-04-15 20:01 - 000000000 ____D C:\Users\Tracy\Desktop\FRST-OlderVersion
    2022-04-15 01:59 - 2022-04-15 01:59 - 008551608 _____ (Malwarebytes) C:\Users\Tracy\Downloads\adwcleaner(1).exe
    2022-04-15 01:58 - 2022-04-15 02:00 - 000000000 ____D C:\AdwCleaner
    2022-04-15 01:58 - 2022-04-15 01:58 - 008540344 _____ (Malwarebytes) C:\Users\Tracy\Downloads\AdwCleaner.exe
    2022-04-15 01:01 - 2022-04-15 01:01 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2022-04-15 01:01 - 2022-04-15 01:01 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2022-04-15 01:01 - 2022-04-15 01:01 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2022-04-15 01:01 - 2022-04-15 01:01 - 000002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2022-04-15 01:01 - 2022-04-15 01:01 - 000002042 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2022-04-15 01:01 - 2022-04-15 01:00 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2022-04-15 01:00 - 2022-04-15 01:00 - 000000000 ____D C:\ProgramData\Malwarebytes
    2022-04-15 00:58 - 2022-04-15 01:03 - 000000000 ____D C:\Users\Tracy\Desktop\malwarebytes
    2022-04-15 00:57 - 2022-04-15 00:57 - 002443448 _____ (Malwarebytes) C:\Users\Tracy\Downloads\MBSetup (2).exe

  12. #12
    Join Date
    Apr 2022
    Posts
    16
    2022-04-15 00:26 - 2022-04-15 00:26 - 002443448 _____ (Malwarebytes) C:\Users\Tracy\Downloads\MBSetup.exe
    2022-04-15 00:05 - 2022-04-15 00:04 - 002395856 _____ (Malwarebytes) C:\Users\Tracy\Desktop\mbshlext.dll
    2022-04-15 00:05 - 2022-04-15 00:04 - 000095928 _____ (Microsoft Corporation) C:\Users\Tracy\Desktop\offreg.dll
    2022-04-15 00:05 - 2022-04-15 00:01 - 002443448 _____ (Malwarebytes) C:\Users\Tracy\Desktop\mbuns.exe
    2022-04-15 00:03 - 2022-04-15 00:03 - 007273144 _____ (Malwarebytes) C:\Users\Tracy\Desktop\MBAMInstallerService.exe
    2022-04-15 00:01 - 2022-04-15 00:01 - 002443448 _____ (Malwarebytes) C:\Users\Tracy\Downloads\MBSetup (1).exe
    2022-04-14 21:14 - 2022-04-14 21:14 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2022-04-14 21:14 - 2022-04-14 21:14 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2022-04-14 21:14 - 2022-04-14 21:14 - 000000000 ___HD C:\$WinREAgent
    2022-04-14 21:14 - 2022-04-14 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2022-04-14 21:14 - 2022-04-14 21:14 - 000000000 ____D C:\Program Files\RogueKiller
    2022-04-14 21:12 - 2022-04-14 21:12 - 042624352 _____ (Adlice Software ) C:\Users\Tracy\Desktop\RogueKiller_setup.exe
    2022-04-12 15:52 - 2022-04-12 15:52 - 000001175 _____ C:\Users\Tracy\Desktop\Notepad.lnk
    2022-04-12 01:28 - 2022-04-12 19:15 - 000043998 _____ C:\Users\Tracy\Desktop\Addition.txt
    2022-04-12 01:23 - 2022-04-15 20:09 - 000022727 _____ C:\Users\Tracy\Desktop\FRST.txt
    2022-04-12 01:22 - 2022-04-15 20:07 - 000000000 ____D C:\FRST
    2022-04-12 01:17 - 2022-04-15 20:01 - 002366464 _____ (Farbar) C:\Users\Tracy\Desktop\FRST64.exe
    2022-04-11 05:53 - 2022-04-11 05:53 - 000000017 _____ C:\Users\Tracy\AppData\Local\resmon.resmoncfg
    2022-04-11 04:56 - 2022-04-11 04:56 - 000000000 ____D C:\Users\Tracy\AppData\Local\mbam
    2022-04-11 00:48 - 2022-04-11 00:48 - 000000000 ____D C:\Program Files\Google
    2022-04-10 21:17 - 2022-04-10 21:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
    2022-04-10 19:32 - 2022-04-10 19:32 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Tracy
    2022-04-10 19:32 - 2022-04-10 19:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2022-04-10 19:23 - 2022-04-10 19:24 - 037890424 _____ (Piriform Software Ltd) C:\Users\Tracy\Downloads\ccsetup591.exe
    2022-03-30 13:34 - 2022-03-30 13:34 - 000122795 _____ C:\Users\Tracy\Downloads\ActiveMums flyer.pdf
    2022-03-28 16:01 - 2022-03-28 16:01 - 000068590 _____ C:\Users\Tracy\Downloads\INV0032 Gavin Scott PT - Invoice.pdf
    2022-03-23 13:39 - 2022-03-23 13:39 - 000067848 _____ C:\Users\Tracy\Downloads\INV0030 Abernethy Trust - Mar 22 - Invoice.pdf
    2022-03-16 19:33 - 2022-03-16 19:33 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (4) (1).pdf
    2022-03-16 19:32 - 2022-03-16 19:32 - 000186586 _____ C:\Users\Tracy\Downloads\attachments (2) (1).zip
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (4).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (3).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000214980 _____ C:\Users\Tracy\Downloads\Extension (2).pdf
    2022-03-16 19:31 - 2022-03-16 19:31 - 000186586 _____ C:\Users\Tracy\Downloads\attachments (2).zip

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-04-15 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-04-15 20:09 - 2016-04-23 16:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2022-04-15 20:06 - 2018-10-02 19:15 - 000000000 ____D C:\Program Files (x86)\Google
    2022-04-15 20:00 - 2020-09-02 12:46 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7989237F-FAA2-419A-82AC-640340C616BA}
    2022-04-15 20:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-04-15 04:12 - 2020-09-02 12:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-04-15 04:08 - 2016-04-23 16:16 - 000000000 ____D C:\Program Files\CCleaner
    2022-04-15 02:14 - 2018-07-16 21:32 - 000000000 ____D C:\ProgramData\RogueKiller
    2022-04-15 01:44 - 2020-09-02 18:26 - 000000000 ____D C:\Users\Tracy\AppData\Local\Deployment
    2022-04-15 01:01 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2022-04-14 23:19 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-04-14 21:56 - 2016-08-18 21:19 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2022-04-14 21:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-04-14 21:09 - 2016-04-22 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-04-14 17:55 - 2016-04-22 23:48 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2022-04-12 13:46 - 2020-09-02 12:20 - 000000000 ____D C:\Users\Tracy
    2022-04-12 13:05 - 2020-09-06 08:37 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-04-12 13:05 - 2020-09-06 08:37 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2022-04-12 12:03 - 2020-09-02 12:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-04-12 12:03 - 2020-08-25 18:52 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-04-12 02:23 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2022-04-11 20:20 - 2018-10-02 19:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-04-11 16:01 - 2020-09-02 12:46 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2022-04-10 21:59 - 2018-07-06 12:55 - 000000000 ____D C:\Users\Tracy\AppData\Local\PlaceholderTileLogoFolder
    2022-04-10 21:06 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
    2022-04-10 21:05 - 2020-02-10 19:10 - 000000000 ____D C:\Users\Tracy\AppData\Local\D3DSCache
    2022-04-10 20:03 - 2020-09-02 12:36 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-04-10 19:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2022-04-10 19:40 - 2020-08-29 19:24 - 000000000 ___DC C:\WINDOWS\Panther
    2022-04-10 19:27 - 2018-03-02 10:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-04-10 19:23 - 2020-08-30 19:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2022-04-07 13:22 - 2022-01-06 20:57 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-676086880-3456233089-3657626659-1001
    2022-04-07 13:22 - 2021-10-07 20:23 - 000002379 _____ C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-04-07 13:22 - 2020-09-02 12:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-676086880-3456233089-3657626659-1001
    2022-04-07 13:20 - 2022-01-31 20:45 - 000000000 ____D C:\Users\Tracy\Desktop\Community Council
    2022-04-07 13:13 - 2020-09-06 08:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2022-04-07 13:12 - 2020-09-06 08:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2022-03-30 13:44 - 2020-11-19 16:22 - 000000000 ____D C:\Users\Tracy\Desktop\SharpFit Personal Training
    2022-03-23 21:13 - 2020-08-30 19:35 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
    2022-03-23 21:12 - 2020-08-30 19:35 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
    2022-03-23 14:28 - 2020-09-02 12:16 - 000504664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-03-23 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-03-23 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
    2022-03-16 19:29 - 2018-03-01 19:32 - 000000000 ____D C:\Users\Tracy\AppData\Local\Packages

    ==================== Files in the root of some directories ========

    2022-04-11 05:53 - 2022-04-11 05:53 - 000000017 _____ () C:\Users\Tracy\AppData\Local\resmon.resmoncfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  13. #13
    Join Date
    Apr 2022
    Posts
    16
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
    Ran by Tracy (15-04-2022 20:14:31)
    Running from C:\Users\Tracy\Desktop
    Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2020-09-02 11:48:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-676086880-3456233089-3657626659-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-676086880-3456233089-3657626659-503 - Limited - Disabled)
    Guest (S-1-5-21-676086880-3456233089-3657626659-501 - Limited - Disabled)
    Tracy (S-1-5-21-676086880-3456233089-3657626659-1001 - Administrator - Enabled) => C:\Users\Tracy
    WDAGUtilityAccount (S-1-5-21-676086880-3456233089-3657626659-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ActivInspire Core Resources (ENU) v1 (HKLM-x32\...\{9A24B29A-118D-4E9C-9A27-3D2B38C749F0}) (Version: 1.6.3 - Promethean)
    ActivInspire Help (GBR) v2 (HKLM-x32\...\{4770FF35-E30C-4532-B142-DFB1380B77C9}) (Version: 2.0.0 - Promethean)
    ActivInspire v2 (HKLM-x32\...\{7B7B72DE-D731-498E-B85E-DE34648A18CA}) (Version: 2.19.69200 - Promethean)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\{9BFB1FAB-8FC4-4FAA-9B2D-2B121834B659}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
    AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.3.6.0 - iMobie Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.7.32 - Canon Inc.)
    Canon Utilities Map Utility (HKLM-x32\...\Map Utility Parent) (Version: 1.8.1.2 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
    Crumble 1.2.13 (HKLM-x32\...\{BA9B1940-1DFA-4062-93D0-53560901FF1B}) (Version: 1.2.13 - Redfern Electronics Limited)
    ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    iTunes (HKLM\...\{1881A808-898B-45F4-80E8-A34C1B6008C5}) (Version: 12.12.2.2 - Apple Inc.)
    Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
    Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.15028.20204 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
    Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
    RogueKiller version 15.4.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.4.0.0 - Adlice Software)
    Sky Go 1.5.16.0 (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.5.16.0 - Sky)
    SMART English (United Kingdom) Handwriting Resources (HKLM-x32\...\{B5D5D9DC-3361-43D7-ADED-916CC6E90A03}) (Version: 15.1.10.0 - SMART Technologies ULC)
    SMART Gallery Essentials (HKLM-x32\...\{B1BCD573-39C5-48CD-A2A7-F6525BB7072B}) (Version: 2.0.2.0 - SMART Technologies ULC)
    SMART Ink (HKLM-x32\...\{431EB801-5D66-409A-B208-AEF76AD7F677}) (Version: 5.6.132.0 - SMART Technologies ULC)
    SMART Lesson Activity Toolkit (HKLM-x32\...\{8AD57A09-153E-4F6D-A269-0AD8AC54B82A}) (Version: 2.0.7.0 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{F0215213-10A6-43DB-9BE4-3FD3DB5D8E53}) (Version: 19.1.2790.0 - SMART Technologies ULC)
    SMART Product Drivers (HKLM-x32\...\{8F02AE90-9219-42E6-AD41-0C0055227B9B}) (Version: 12.15.139.0 - SMART Technologies ULC)
    Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
    TechSmith Screen Capture Codec (HKLM-x32\...\{84FE50F5-B0F3-4D18-8BE8-A4DEEE0C37AD}) (Version: 4.1.1.0 - TechSmith Corporation) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    Zoom (HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-10] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-30] (Microsoft Studios) [MS Ad]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation)
    Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-01-21] (Adobe Systems Incorporated)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-21] (Spotify AB) [Startup Task]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Tracy\Desktop\malwarebytes\mbshlext.dll [2022-04-15] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Tracy\Desktop\malwarebytes\mbshlext.dll [2022-04-15] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [854016 2016-12-12] (TechSmith Corporation) [File not signed]

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

  14. #14
    Join Date
    Apr 2022
    Posts
    16
    ShortcutWithArgument: C:\Users\Tracy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\SharpFit - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-03-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-10] (Microsoft Corporation -> Microsoft Corporation)

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\sharepoint.com -> hxxps://abernethytrust-files.sharepoint.com

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-30 23:42 - 2015-07-30 23:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tracy\Pictures\Phone - June 2020\IMG_1335.JPG
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\StartupFolder: => "Image Transfer Utility.lnk"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "ETDCtrl"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "sbsdk-server"
    HKLM\...\StartupApproved\Run32: => "SMART Board Service"
    HKLM\...\StartupApproved\Run32: => "SMART Ink"
    HKLM\...\StartupApproved\Run32: => "SMARTNotification"
    HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"
    HKLM\...\StartupApproved\Run32: => "ETDCtrl"
    HKLM\...\StartupApproved\Run32: => "SecurityHealth"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudPhotos"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "HP Deskjet 3050A J611 series (NET)"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
    HKU\S-1-5-21-676086880-3456233089-3657626659-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{EDE4AE7B-19AB-400E-B18A-D03082BD0F8A}] => (Allow) C:\Users\Tracy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{7A2C79DE-C51D-4E9E-918F-51C53FEF2D0A}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{C011B890-D78B-4A05-A92D-7BA0AB090911}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
    FirewallRules: [{4D585AE2-D492-4A06-B0BC-15849A5CBD35}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{F79841BF-8341-4125-9935-8EA335A794EA}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{032EBC81-EBF2-4BA9-8008-1FA9A67FCFD4}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{C933435E-5A01-407F-ACA4-90851B741DB1}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{740A365E-7B9F-4FBA-AD68-056AB9ABFEF3}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{8D232408-B19B-41A8-9E54-0D66876956DD}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
    FirewallRules: [{CA4FE102-D72E-4042-A3E2-425C57CD202C}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{367894F2-4747-455D-B144-BB835B540BF1}] => (Block) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [UDP Query User{4D967012-F371-4667-A985-FFA406775ADF}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [TCP Query User{9D9EDB64-A571-4E62-AE0D-3C3DBC78A171}C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\tracy\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
    FirewallRules: [{34FAF0DC-9CEB-433A-B603-61D7C58DCF7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{8D89C4AB-28B5-42B1-A5D8-4F5B5EA008CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{42E616DE-9519-4E70-92B3-448317624323}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7F519FB8-AC86-420A-A4CA-58B5E1B86E2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{81FE2635-D82D-4965-B560-2ECFA91604B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{92F1C454-5280-4165-B7AF-FE4EED617EA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{22A2458A-B0B9-415C-9FE8-A267CBB09272}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F5E35182-9F01-455C-BFDD-9039F1F08A00}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{B8964F9C-C123-499F-B459-FA201B3FF58A}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
    FirewallRules: [{454FA8BE-CDF4-4606-A055-1C48868DB8A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AD1DFDE4-FF22-452E-BA01-5680EB6C2D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{342AE68D-0D7B-4B8E-83F8-F2A02F19394B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{858D37E3-6530-4536-B904-0AEB21A17A97}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{DCA3F161-ADF4-4DD7-A252-79E2EEFD1B0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{8470D4A0-6BBD-484F-A0C0-3B1868552065}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3ADA747C-2E7C-4D94-98BC-62A96F04DAE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{EA48F9F8-13D3-47F2-BF6A-6F72295A00C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{305DF7AB-7806-4C95-B736-2D9169550DFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{60AFCFC2-1F37-4D50-A016-1B2A0FE13964}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D1F2A0D2-2D9A-4470-91AC-DA91461F71AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F667EC61-077D-4416-90A1-7425E529387B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C1899F30-57A7-4B99-9BDC-0A7D3048EDBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1D7D0B1F-2E1E-4BD4-99DC-C50267E1E16C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{C9A851A8-4EC7-4CFB-8770-F73CE2DDB3AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A0A59144-20AB-4518-8873-FAB2940964D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E6537DCD-9A0F-4F3B-8EF1-451E77A53BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E27F9D7B-35BE-48C0-A84E-B1711C0E04E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  15. #15
    Join Date
    Apr 2022
    Posts
    16
    (Google LLC -> Google LLC)
    FirewallRules: [{7632D481-F84A-4B76-A32E-8A54F0ED45D4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Restore Points =========================

    12-04-2022 14:31:28 Scheduled Checkpoint
    14-04-2022 21:09:28 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (04/15/2022 03:38:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 03:32:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 02:57:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 02:38:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 02:04:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 01:44:52 AM) (Source: Microsoft Office 16) (EventID: 2001) (User: )
    Description: Microsoft PowerPoint: Rejected Safe Mode action : The Start screen closed unexpectedly the last two times it started. Do you want to turn it off? You can turn it back on later in Options..

    Error: (04/15/2022 01:29:59 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (04/15/2022 01:18:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimiser couldn't complete re-trim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    System errors:
    =============
    Error: (04/15/2022 07:57:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 07:57:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 07:57:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 04:13:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 04:13:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 04:13:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 04:13:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

    Error: (04/15/2022 04:13:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll


    Windows Defender:
    ================
    Date: 2022-04-15 20:12:59
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...0&enterprise=0
    Name: PUABundler:Win32/PiriformBundler
    Severity: Low
    Category: Potentially Unwanted Software
    Path: containerfile:_C:\Users\Tracy\Downloads\ccsetup544.exe; file:_C:\Users\Tracy\Downloads\ccsetup544.exe; file:_C:\Users\Tracy\Downloads\ccsetup544.exe->(nsis-instdata); file:_C:\Users\Tracy\Downloads\ccsetup563.exe; file:_C:\Users\Tracy\Downloads\Downloads\ccsetup513.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: Real-Time Protection
    Process Name: C:\Users\Tracy\Desktop\FRST64.exe
    Security intelligence Version: AV: 1.363.434.0, AS: 1.363.434.0, NIS: 1.363.434.0
    Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5

    Date: 2022-04-15 01:20:42
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-04-15 00:48:48
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2022-04-14 23:14:27
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...0&enterprise=0
    Name: PUABundler:Win32/PiriformBundler
    Severity: Low
    Category: Potentially Unwanted Software
    Path: containerfile:_C:\Users\Tracy\Downloads\ccsetup544.exe; file:_C:\Users\Tracy\Downloads\ccsetup544.exe; file:_C:\Users\Tracy\Downloads\ccsetup544.exe->(nsis-instdata); file:_C:\Users\Tracy\Downloads\ccsetup563.exe; file:_C:\Users\Tracy\Downloads\Downloads\ccsetup513.exe
    Detection Origin: Local machine
    Detection Type: FastPath

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •