Infected with fake ad pop-ups - posting FRST and Addition

[uber_beetle]

Been a long time, hoping you guys can help me out again. Part 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023

Ran by Terry (administrator) on DESKTOP-JH8LNA8 (TOSHIBA Satellite L775D) (03-10-2023 20:51:46)

Running from C:\Users\Terry\Downloads\FRST64.exe

Loaded Profiles: defaultuser0 & Terry

Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\CoreUI\Launch.exe

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Windows\System32\mfevtps.exe

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe

(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>

(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe <4>

(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>

(Microsoft Corporation -> Microsoft Corporation) C:\Users\Terry\AppData\Local\Microsoft\OneDrive\23.189.0910.0001\Microsoft.SharePoint.exe

(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(services.exe ->) (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe <2>

(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe

(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe

(services.exe ->) (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\McCSPServiceHost.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_7\mcapexe.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe

(services.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(services.exe ->) (PEGATRON CORPORATION -> ) C:\UBIOS\GFNEXSrv.exe

(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(services.exe ->) (TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

 

[uber_beetle]

==================== Registry (Whitelisted) ===================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] (Lexmark International, Inc. -> )

HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] (Lexmark International, Inc. -> )

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3953344 2017-06-02] (Synaptics Incorporated -> Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc -> Raptr, Inc)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [203264 2009-10-10] (ArcSoft, Inc. -> ArcSoft Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)

HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [30736 2021-04-27] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [Google Update] => C:\Users\Terry\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe [223008 2023-09-19] (Google LLC -> Google LLC)

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [MusicManager] => C:\Users\Terry\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [6517248 2020-09-02] (Google Inc.) [File not signed]

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [Plays] => C:\Users\Terry\AppData\Local\Plays\update.exe [1945736 2019-11-16] (Plays.tv, Inc -> )

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-28] (Valve Corp. -> Valve Corporation)

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [277688 2021-04-21] (TEFINCOM S.A. -> TEFINCOM S.A.)

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Run: [MicrosoftEdgeAutoLaunch_6EC8B8D74E885E2E49052EFAC7544F80] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\MountPoints2: {6ed3424c-0c18-11e7-af8a-806e6f6e6963} - "D:\autoplay.exe"

HKLM\...\Windows x64\Print Processors\Lexmark S300-S400 Series Print Processor: C:\Windows\System32\spool\prtprocs\x64\lxeadrpp.dll [189440 2009-11-04] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55872 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)

HKLM\...\Print\Monitors\S300-S400 Series Port: C:\WINDOWS\system32\lxealmpm.DLL [892416 2009-12-09] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\117.0.5938.149\Installer\chrmstp.exe [2023-10-03] (Google LLC -> Google LLC)

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION



==================== Scheduled Tasks (Whitelisted) =================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



Task: {39566BAD-0A04-4341-964C-0F4C585FC43A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION

Task: {0C378060-2B38-429F-AFB7-6EF8320BBB35} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {421C684E-5CBC-489F-BF89-342A589CA9FE} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {7A275101-ED77-427A-9456-DDDA10B37A39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)

Task: {71B8F663-AC96-44EC-951B-A0F781532209} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-18] (Google Inc -> Google Inc.)

Task: {77CB6F26-CCA2-4DA8-8521-9D0E0F80AF50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-18] (Google Inc -> Google Inc.)

Task: {A4688FA7-039F-4C75-8AFC-FBC98BCA389F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058471508-124884304-2479839303-1001Core => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-06-24] (Google Inc -> Google Inc.)

Task: {60099902-2641-481B-A6F3-F429FF05CAB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058471508-124884304-2479839303-1001UA => C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2017-06-24] (Google Inc -> Google Inc.)

Task: {DD11D625-2B34-44E9-836C-E365E0CF4B43} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4560872 2022-09-22] (McAfee, LLC -> McAfee, LLC)

Task: {43B502B9-CE94-4CFC-AAB1-3B599665C93C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.108\DADUpdater.exe [4094568 2023-02-17] (McAfee, LLC -> McAfee, LLC)

Task: {C8B2AD7A-3614-4E65-A046-4AB24472B846} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [931056 2023-02-20] (McAfee, LLC -> McAfee, LLC)

Task: {B4E4024B-120C-4EB3-9267-8BA466B53E5E} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.944\mcdatrep.exe [1212072 2023-04-14] (MUSARUBRA US LLC -> Trellix)

Task: {AA0D4315-5123-4C95-A5D5-DEE388C7592B} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [931056 2023-02-20] (McAfee, LLC -> McAfee, LLC)

Task: {AD5CD04D-A391-43C1-B605-14ABA04450E5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [768288 2022-03-24] (McAfee, LLC -> McAfee, LLC)

Task: {E8D90A69-C4BB-439F-8D02-2F71B2025254} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {43F66742-7B92-449E-9E8E-F5AC93DFD90F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26974216 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {2D74FC85-4A1B-4E88-BC5F-50E8794A6155} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Task: {C76A02BB-3007-4D8C-ACCE-733ABEBE81E0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160920 2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

 

[uber_beetle]

Task: {47828D31-1D8D-432E-BA13-C24F813BAD50} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Task: {DDBA5D8E-2B76-4953-8552-50E4181A9B05} - System32\Tasks\Opera scheduled Autoupdate 1491327425 => C:\Program Files\Opera\launcher.exe [2744224 2023-09-28] (Opera Norway AS -> Opera Software)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)





==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



Tcpip\Parameters: [DhcpNameServer] 192.168.86.1

Tcpip\..\Interfaces\{04b4e98d-8c8b-4861-9e28-d9aae027190a}: [DhcpNameServer] 192.168.86.1

Tcpip\..\Interfaces\{e9aba452-c7bc-4b43-a45a-c97c8441ef8e}: [DhcpNameServer] 103.86.99.99 103.86.96.96 103.86.96.100 103.86.99.100



Edge:

=======

DownloadDir: C:\Users\Terry\Downloads

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

Edge Profile: C:\Users\Terry\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03]

Edge DownloadDir: Default -> C:\Users\Terry\Downloads

Edge Extension: (Google Docs Offline) - C:\Users\Terry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-01]

Edge Extension: (Edge relevant text changes) - C:\Users\Terry\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19]



FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-07-15] [Legacy] [not signed]

FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2023-01-11] (McAfee, LLC -> )

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-06] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-06] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2023-01-10] (McAfee, LLC -> )

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin HKU\S-1-5-21-4058471508-124884304-2479839303-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Terry\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-10-10] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FF Plugin HKU\S-1-5-21-4058471508-124884304-2479839303-1001: jpl.nasa.gov/NASAEyes -> C:\Users\Terry\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2019-01-25] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)



Chrome:

=======

CHR Profile: C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default [2023-10-03]

CHR Notifications: Default -> hxxps://bringatrailer.com; hxxps://calendar.google.com; hxxps://file.1040.com; hxxps://meet.google.com; hxxps://www2.notif-next.com

CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2017-03-18]

CHR Extension: (Moonlit Reflection) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apakhamomlpjegjclmgimiapigoeoglb [2020-05-29]

CHR Extension: (Panorama Viewer) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbplklgcjnhehkoigoankacpmehafhfk [2017-09-21]

CHR Extension: (Google Play Music) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-11-21]

CHR Extension: (Google Docs Offline) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]

CHR Extension: (Star Atlas) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2019-03-12]

CHR Extension: (EasyHome Homestyler) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2017-05-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]



Opera:

=======

OPR Profile: C:\Users\Terry\AppData\Roaming\Opera Software\Opera Stable [2022-10-30]

OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

OPR Extension: (Rich Hints Agent) - C:\Users\Terry\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-29]

OPR Extension: (Opera Wallet) - C:\Users\Terry\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-10-29]

OPR Extension: (Amazon Assistant Promotion) - C:\Users\Terry\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-06-25]



==================== Services (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft, Inc. -> ArcSoft Inc.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

 

[uber_beetle]

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-02-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103264 2022-10-08] (Apple Inc. -> Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12859472 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)

R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe [708528 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)

S2 DSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDTabSysSvc.exe [320496 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)

R2 DSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe [470504 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)

R2 dynabookSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe [24162712 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)

R2 GFNEXSrv; c:\UBIOS\GFNEXSrv.exe [133640 2010-04-23] (PEGATRON CORPORATION -> )

R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [3000848 2021-04-27] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287968 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)

R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC)

R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_7\McApExe.exe [816696 2022-10-17] (McAfee, LLC -> McAfee, LLC)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.4.105.0\McCSPServiceHost.exe [3379584 2022-10-10] (McAfee, LLC -> McAfee, LLC)

S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)

R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1215944 2022-09-15] (MUSARUBRA US LLC -> McAfee, LLC)

R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1571608 2022-10-09] (McAfee, LLC -> McAfee, LLC)

R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-04-21] (TEFINCOM S.A. -> TEFINCOM S.A.)

R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4248712 2022-10-14] (McAfee, LLC -> McAfee, LLC)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2017-01-05] (CyberLink Corp. -> CyberLink)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)



===================== Drivers (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)

S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2022-03-30] (AVAST Software s.r.o. -> The OpenVPN Project)

S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2022-03-30] (Avast Software s.r.o. -> WireGuard LLC)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77888 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

R3 dhotkey; C:\WINDOWS\System32\drivers\dhotkey.sys [52736 2023-03-22] (Dynabook Inc. -> Dynabook Inc.)

R1 dsrvctldrv; C:\WINDOWS\System32\drivers\dsrvctldrv.sys [30256 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)

R0 DVALZ_O; C:\WINDOWS\System32\drivers\DVALZ_O.SYS [47464 2022-07-18] (Dynabook Inc. -> Dynabook Inc.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)

R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476224 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349760 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84440 2022-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Trellix US LLC.)

R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [445504 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [920128 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [665424 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)

S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [119632 2022-07-07] (Musarubra US LLC -> Trellix US LLC.)

R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [112712 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [234584 2022-09-15] (Musarubra US LLC -> Trellix US LLC.)

S3 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-01] (TEFINCOM S.A. -> )

R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-11-14] (TEFINCOM S.A. -> WireGuard LLC)

R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)

R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-21] (Symantec Corporation -> Symantec Corporation)

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

S3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [49120 2021-11-17] (Dynabook Inc. -> Dynabook Inc.)

R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_5be63eebe47f1577\TosSrvCtlDrv.sys [26816 2022-02-15] (Dynabook Inc. -> Dynabook Inc.)

S0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46656 2021-11-18] (Dynabook Inc. -> Dynabook Inc.)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-09-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-09-19] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-19] (Microsoft Windows -> Microsoft Corporation)

S3 mfeaack01; \Device\mfeaack01.sys [X]

S3 mfeavfk01; \Device\mfeavfk01.sys [X]

S3 mfencbdc01; \Device\mfencbdc01.sys [X]

 

[uber_beetle]

==================== NetSvcs (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== One month (created) (Whitelisted) =========



(If an entry is included in the fixlist, the file/folder will be moved.)



2023-10-03 20:51 - 2023-10-03 20:53 - 000035100 _____ C:\Users\Terry\Downloads\FRST.txt

2023-10-03 20:51 - 2023-10-03 20:51 - 000000000 ____D C:\Users\Terry\Downloads\FRST-OlderVersion

2023-10-03 20:50 - 2023-10-03 20:52 - 000000000 ____D C:\FRST

2023-10-03 20:50 - 2023-10-03 20:51 - 002382848 _____ (Farbar) C:\Users\Terry\Downloads\FRST64.exe

2023-10-03 20:34 - 2023-10-03 20:42 - 000000000 ____D C:\ProgramData\HitmanPro

2023-10-03 20:34 - 2023-10-03 20:34 - 014248944 _____ (SurfRight B.V.) C:\Users\Terry\Downloads\HitmanPro_x64.exe

2023-10-03 20:02 - 2023-10-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2023-10-03 05:45 - 2023-10-03 05:46 - 000000000 ____D C:\Users\Terry\AppData\Local\Malwarebytes

2023-10-03 05:45 - 2023-10-03 05:45 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2023-10-03 05:45 - 2023-10-03 05:45 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2023-10-03 05:45 - 2023-10-03 05:45 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2023-10-03 05:44 - 2023-10-03 05:44 - 000000000 ____D C:\Program Files\Malwarebytes

2023-10-03 05:43 - 2023-10-03 05:43 - 002606880 _____ (Malwarebytes) C:\Users\Terry\Downloads\MBSetup-5.5.exe

2023-10-02 14:45 - 2023-10-02 14:45 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2023-09-22 10:41 - 2023-09-22 10:41 - 000213220 _____ C:\Users\Terry\Downloads\NJ_Earned_Sick_Leave_-_English.pdf

2023-09-22 10:15 - 2023-09-22 10:15 - 000596655 _____ C:\Users\Terry\Downloads\NJ_-_FLA_Fact_Sheet.pdf

2023-09-22 10:15 - 2023-09-22 10:15 - 000264201 _____ C:\Users\Terry\Downloads\NJ_Family_Leave_Insurance_-_English.pdf

2023-09-22 09:59 - 2023-09-22 09:59 - 002488147 _____ C:\Users\Terry\Downloads\Form 4 - Report of Professional Experience - Terence Hampton.pdf

2023-09-21 09:36 - 2023-09-21 09:36 - 000110103 _____ C:\Users\Terry\Downloads\Label-200599334.pdf

2023-09-19 08:46 - 2023-09-19 08:46 - 000204329 _____ C:\Users\Terry\Downloads\Exit Questionnaire TJH.pdf

2023-09-19 08:22 - 2023-09-19 08:22 - 000197874 _____ C:\Users\Terry\Downloads\Exit Questionnaire Fillable.pdf

2023-09-17 15:41 - 2023-09-17 15:45 - 000501706 _____ C:\Users\Terry\Downloads\I-9_(1).pdf

2023-09-17 15:39 - 2023-09-17 15:39 - 000226026 _____ C:\Users\Terry\Downloads\NYC_-_SexHarass_Factsheet_English.pdf

2023-09-17 15:36 - 2023-09-17 15:36 - 000135761 _____ C:\Users\Terry\Downloads\New_York_City_Earned_Sick_and_Safe_Time.pdf

2023-09-17 15:32 - 2023-09-17 15:32 - 000314483 _____ C:\Users\Terry\Downloads\NY_-_p764-NY_Heros_Acr-standard_rev-03-04-22_0.pdf

2023-09-17 15:17 - 2023-09-17 15:17 - 000297632 _____ C:\Users\Terry\Downloads\I-9_instructions.pdf

2023-09-17 15:16 - 2023-09-17 15:16 - 000048451 _____ C:\Users\Terry\Downloads\FICA_Tax_and_Exemptions.pdf

2023-09-17 15:12 - 2023-09-17 15:12 - 000197132 _____ C:\Users\Terry\Downloads\ACI 2.pdf

2023-09-17 15:12 - 2023-09-17 15:12 - 000184613 _____ C:\Users\Terry\Downloads\ACI Post Installed.pdf

2023-09-17 15:12 - 2023-09-17 15:12 - 000178600 _____ C:\Users\Terry\Downloads\ACI 1.pdf

2023-09-17 14:52 - 2023-09-17 14:52 - 000234602 _____ C:\Users\Terry\Downloads\ACI 2020-01-13 17.11.30 - Page 1.pdf

2023-09-12 13:25 - 2023-09-12 13:25 - 000000000 ___HD C:\$WinREAgent

2023-09-10 14:49 - 2023-09-10 14:49 - 008383072 _____ (Chromstera Browser Research) C:\Users\Terry\Downloads\Setup.exe

2023-09-09 14:44 - 2023-09-09 14:44 - 000023800 _____ C:\Users\Terry\Downloads\Chase3134_Activity20230907.xlsx

2023-09-09 14:44 - 2023-09-09 14:44 - 000021761 _____ C:\Users\Terry\Downloads\Chase3134_Activity20230708_20230807_20230907.xlsx

2023-09-07 21:58 - 2023-09-07 21:58 - 000006772 _____ C:\Users\Terry\Downloads\Chase3134_Activity20230708_20230807_20230907.CSV

2023-09-07 21:44 - 2023-09-09 14:44 - 000006776 _____ C:\Users\Terry\Downloads\Chase3134_Activity20230907.CSV



==================== One month (modified) ==================



(If an entry is included in the fixlist, the file/folder will be moved.)



2023-10-03 20:48 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-10-03 20:42 - 2023-08-23 05:38 - 000002427 _____ C:\Users\Terry\Desktop\Work - Edge.lnk

2023-10-03 20:41 - 2021-12-15 12:09 - 000000000 ____D C:\WINDOWS\SystemTemp

2023-10-03 20:41 - 2017-03-18 14:27 - 000000000 ____D C:\Program Files (x86)\Google

2023-10-03 20:30 - 2021-03-16 00:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2023-10-03 20:19 - 2021-03-16 01:12 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{481144DD-884E-4600-A5F0-1CEC32FCB74A}

2023-10-03 15:41 - 2017-03-18 14:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2023-10-03 10:07 - 2022-09-19 21:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee

2023-10-03 06:46 - 2019-10-03 20:36 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData

2023-10-03 06:07 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2023-10-03 05:45 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2023-10-03 05:44 - 2020-09-21 05:31 - 000000000 ____D C:\ProgramData\Malwarebytes

2023-10-02 16:03 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2023-10-02 14:44 - 2017-06-02 23:46 - 000000000 ____D C:\Program Files\Microsoft Office

2023-10-02 07:46 - 2022-06-24 21:18 - 000003958 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1491327425

2023-10-02 07:46 - 2017-06-30 17:37 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk

2023-10-02 07:46 - 2017-04-04 13:36 - 000000000 ____D C:\Program Files\Opera

2023-10-01 14:23 - 2023-01-21 11:03 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-10-01 14:23 - 2020-03-12 23:29 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-10-01 14:23 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps

2023-10-01 14:13 - 2021-03-16 01:07 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2023-10-01 14:13 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF

2023-10-01 14:07 - 2020-06-26 22:38 - 000000000 ____D C:\Program Files (x86)\Steam

2023-10-01 14:06 - 2021-03-16 01:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2023-10-01 14:06 - 2021-03-16 00:56 - 000008192 ___SH C:\DumpStack.log.tmp

2023-10-01 14:05 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2023-09-30 07:34 - 2021-12-10 22:09 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4058471508-124884304-2479839303-1001

2023-09-30 07:34 - 2021-03-16 01:12 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4058471508-124884304-2479839303-1001

2023-09-30 07:34 - 2021-03-16 00:59 - 000002379 _____ C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-09-22 08:00 - 2020-09-05 14:49 - 000000000 ____D C:\Users\Terry\Desktop\recipe pdfs - for upload to Drive

2023-09-21 19:55 - 2018-07-09 20:03 - 000000000 ____D C:\ProgramData\Packages

2023-09-19 00:43 - 2021-03-16 01:12 - 000003974 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058471508-124884304-2479839303-1001UA

2023-09-19 00:43 - 2021-03-16 01:12 - 000003706 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4058471508-124884304-2479839303-1001Core

2023-09-19 00:35 - 2021-03-16 01:12 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2023-09-19 00:35 - 2021-03-16 01:12 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

2023-09-17 14:55 - 2017-06-05 07:21 - 000000000 ____D C:\Users\Terry\AppData\Roaming\Microsoft\Word

2023-09-13 00:33 - 2021-03-16 00:56 - 005121808 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2023-09-13 00:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2023-09-12 13:46 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2023-09-12 13:40 - 2021-03-16 00:59 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2023-09-12 13:11 - 2017-03-19 14:18 - 000000000 ____D C:\WINDOWS\system32\MRT

2023-09-12 13:02 - 2017-03-19 14:17 - 177941912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2023-09-11 22:32 - 2017-03-24 23:59 - 000000000 ____D C:\Users\Terry\AppData\Local\CrashDumps

2023-09-09 14:44 - 2017-06-04 22:13 - 000000000 ____D C:\Users\Terry\AppData\Roaming\Microsoft\Excel

2023-09-05 16:57 - 2023-07-20 04:54 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0

2023-09-05 16:57 - 2021-03-16 01:12 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0

 

[uber_beetle]

==================== Files in the root of some directories ========



2020-02-28 07:42 - 2003-09-03 07:46 - 000010960 _____ () C:\Program Files (x86)\EULA.txt

2020-02-28 07:42 - 2020-05-23 20:23 - 000000731 _____ () C:\Program Files (x86)\INSTALL.LOG

2020-02-28 07:42 - 2003-12-18 11:33 - 000020102 _____ () C:\Program Files (x86)\Readme.txt

2018-04-11 18:00 - 2018-04-11 18:01 - 000000132 _____ () C:\Users\Terry\AppData\Roaming\Adobe BMP Format CS6 Prefs

2018-02-05 22:40 - 2018-02-05 22:40 - 000000132 _____ () C:\Users\Terry\AppData\Roaming\Adobe PNG Format CS6 Prefs

2018-09-26 05:29 - 2018-09-26 05:29 - 000000000 _____ () C:\Users\Terry\AppData\Local\oobelibMkey.log

2021-09-06 22:23 - 2021-09-06 22:23 - 000000000 _____ () C:\Users\Terry\AppData\Local\{365D3E51-628C-4568-8ABF-799091C48C55}



==================== SigCheck ============================



(There is no automatic fix for files that do not pass verification.)



==================== End of FRST.txt ========================

 

[uber_beetle]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023

Ran by Terry (03-10-2023 20:54:55)

Running from C:\Users\Terry\Downloads

Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2021-03-16 05:13:08)

Boot Mode: Normal

==========================================================





==================== Accounts: =============================





(If an entry is included in the fixlist, it will be removed.)



Administrator (S-1-5-21-4058471508-124884304-2479839303-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-4058471508-124884304-2479839303-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-4058471508-124884304-2479839303-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-4058471508-124884304-2479839303-501 - Limited - Disabled)

Terry (S-1-5-21-4058471508-124884304-2479839303-1001 - Administrator - Enabled) => C:\Users\Terry

WDAGUtilityAccount (S-1-5-21-4058471508-124884304-2479839303-504 - Limited - Disabled)



==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AV: Norton Security Suite (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}

AV: Norton Security Suite (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}

AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181}

FW: Norton Security Suite (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

FW: Norton Security Suite (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}



==================== Installed Programs ======================



(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)

Adobe AIR (HKLM-x32\...\{FE23D063-934D-4829-A0D8-00634CE79B4A}) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.0.421 - Adobe Systems Incorporated)

Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)

Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)

Adobe Help Manager (HKLM-x32\...\{AF37176A-78CA-545B-34EF-8B6A21514DD1}) (Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824265200}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Adobe Widget Browser (HKLM-x32\...\{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}) (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (HKLM\...\{CF84CD21-FC52-857E-AF41-9DEE9C76D245}) (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)

AMD Steady Video Plug-In (HKLM\...\{94BFDEF9-D91D-4B5D-8A60-08514C7191AF}) (Version: 2.08.0000 - AMD) Hidden

AMD Wireless Display v3.0 (HKLM\...\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}) (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{44325855-D4CA-4994-A27A-39FE50CE6A8E}) (Version: 16.0.0.30 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)

ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)

Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)

BeerSmith 3 (HKLM-x32\...\BeerSmith 3) (Version: - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Catalyst Control Center - Branding (HKLM-x32\...\{11087D24-567D-7D88-69C6-D7A08B5F4C47}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)

Document Capture Pro (HKLM-x32\...\{14AF4959-445C-4A4E-9C5A-D7C7C2273A1B}) (Version: 1.07.0011 - Seiko Epson Corporation)

Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{8D30A0F9-425D-4C3A-9D23-AC21DAA90614}) (Version: 3.10.0068 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Gear 360 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

Gear 360 ActionDirector (HKLM-x32\...\{1F01D6CB-E445-405b-84D1-75B8EB5237D0}) (Version: 2.0.0.1619 - CyberLink Corp.) Hidden

Gear 360 Live Broadcast (HKLM-x32\...\{9A99DE5B-8A05-4E61-9804-E148B53A00CA}) (Version: 1.0.0419.0 - CyberLink Corp.) Hidden

Gear Watch Designer 1.5.2 (HKLM-x32\...\Gear Watch Designer) (Version: 1.5.2 - Samsung Electronics)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.149 - Google LLC)

Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)

iTunes (HKLM\...\{44B55B48-DEF1-4384-A4E0-10933F65B44A}) (Version: 12.12.7.1 - Apple Inc.)

Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.2.2.458 - LeapFrog)

LeapFrogConnect2 (HKLM-x32\...\{40CDC498-1D98-4530-9068-2E85B9FFCB44}) (Version: 4.2.2.458 - LeapFrog) Hidden

LeapStart (HKLM-x32\...\{73A0EDF4-8B0B-4F8C-AAA4-05E7D06C2D45}) (Version: 4.2.2.458 - LeapFrog) Hidden

Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)

Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )

Malwarebytes version 4.6.3.282 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.3.282 - Malwarebytes)

McAfee Multi Access - Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R50 - McAfee, LLC)

 

[uber_beetle]

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)


Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16827.20130 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (HKLM-x32\...\{2757496A-3E74-320A-B007-36120A9F126D}) (Version: 14.15.26706 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (HKLM-x32\...\{39E15475-23F2-345D-8977-B5DC47A94E26}) (Version: 14.15.26706 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29913 (HKLM\...\{620A7633-7A09-42A8-8580-076A4483C4B0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29913 (HKLM\...\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}) (Version: 14.28.29913 - Microsoft Corporation) Hidden

Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden

Music Manager (HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\MusicManager) (Version: - Google, Inc.)

NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.37.2.0 - TEFINCOM S.A.)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Opera Stable 102.0.4880.78 (HKLM-x32\...\Opera 102.0.4880.78) (Version: 102.0.4880.78 - Opera Software)

PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden

Plays (HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\Plays) (Version: 3.0.0 - Plays.tv, Inc)

PS4 Remote Play (HKLM-x32\...\{7D35E02C-305D-4CBE-899F-E584CF2AA679}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.)

Python 3.6.2 (32-bit) (HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\{8388fa07-1617-4b8d-8ad8-6a940ad8052c}) (Version: 3.6.2150.0 - Python Software Foundation)

Python 3.6.2 Core Interpreter (32-bit) (HKLM-x32\...\{4542573C-6216-4584-BA90-72BAF7954404}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Development Libraries (32-bit) (HKLM-x32\...\{69E3E4A6-2A0F-4A32-9C2D-591EEC107289}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Documentation (32-bit) (HKLM-x32\...\{796410A7-1669-4FE4-8332-F684B61269E2}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Executables (32-bit) (HKLM-x32\...\{348C0EFF-60B1-4E68-88B8-33D7DF70DFCF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 pip Bootstrap (32-bit) (HKLM-x32\...\{6B2D61BA-C42D-4324-B23F-1D7B5A2808EF}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Standard Library (32-bit) (HKLM-x32\...\{79B4337D-166F-4BC0-B67A-F73806CC730E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{DF24AFFD-23AB-4A7D-A0E0-6410CE3B6B9D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

 

[uber_beetle]

Python 3.6.2 Test Suite (32-bit) (HKLM-x32\...\{433FD2E2-839C-4211-88B7-45C90F738842}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python 3.6.2 Utility Scripts (32-bit) (HKLM-x32\...\{9B79DE7E-E864-4758-8DFC-85DA43B19671}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden

Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)

QT5.10.1 (HKLM-x32\...\{5C60E178-F792-4CF7-A2E7-E7124DF1B2F0}) (Version: 1.0.1.0 - LeapFrog) Hidden

Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stellarium 0.20.2 (HKLM\...\Stellarium_is1) (Version: 0.20.2 - Stellarium team)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0021 - TOSHIBA)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)

Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version: - LeapFrog)

Use the entry named LeapFrogConnect2 to uninstall LeapStart (HKLM-x32\...\LeapStartPlugin) (Version: - LeapFrog)

WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC)

WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)

Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Zoom (HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)



Packages:

=========

Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.38.11.0_x64__kgqvnymyfvs32 [2023-09-12] (king.com)

Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)

Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_8.4.12.0_x86__h6adky7gbf63m [2023-09-12] (Gameloft SE)

Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-06-01] (Meta)

Fhotoroom -> C:\Program Files\WindowsApps\SupportingComputersInc.Fhotoroom_15.1.52.0_x64__pxc4cxt3rds1p [2023-07-25] (Supporting Computers Inc) [MS Ad]

Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-10-06] (Fitbit)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]

Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-12] (Microsoft Corporation)

Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2022-10-19] (Sling TV LLC)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-21] (Microsoft Studios) [MS Ad]

Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2023-07-25] (VideoLAN)

West Coast NZ by Ian Rushton -> C:\Program Files\WindowsApps\Microsoft.WestCoastNZbyIanRushton_1.1.0.0_neutral__8wekyb3d8bbwe [2017-08-01] (Microsoft Corporation)



==================== Custom CLSID (Whitelisted): ==============



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{2919A592-BF5E-4AF5-A658-84454D70841E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.202\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{5D44759C-CF3F-433D-9EA0-267E45577C77}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.212\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{5D770BF6-899F-4E6D-97F1-F5B9D769B59D}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.34.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{69545769-8D02-4B07-A481-AD374CD8D5D1}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.132\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll (Google LLC -> Google LLC)

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{CA07EE63-A212-4373-AE82-FBF92FCA8DCC}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.242\psuser_64.dll => No File

 

[uber_beetle]

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{DA06AAE8-5748-4509-850F-17AA522F8372}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.272\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll (Google LLC -> Google LLC)

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll (Google LLC -> Google LLC)

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-4058471508-124884304-2479839303-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Terry\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)

ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]

ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-10-03] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-10-03] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)

ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]



==================== Codecs (Whitelisted) ====================



==================== Shortcuts & WMI ========================



(The entries could be listed to be restored or removed.)



ShortcutWithArgument: C:\Users\Terry\Desktop\Work - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"

ShortcutWithArgument: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi



==================== Loaded Modules (Whitelisted) =============



2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2015-08-21 22:09 - 2015-08-21 22:09 - 000214528 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll

2017-02-11 20:28 - 2015-09-28 14:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll



==================== Alternate Data Streams (Whitelisted) ========



(If an entry is included in the fixlist, only the ADS will be removed.)



AlternateDataStreams: C:\Users\Terry\Downloads\HitmanPro_x64.exe:MBAM.Zone.Identifier [138]



==================== Safe Mode (Whitelisted) ==================



(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"



==================== Association (Whitelisted) =================



==================== Internet Explorer (Whitelisted) ==========



BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-08-06] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

 

[uber_beetle]

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-06] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-02] (Microsoft Corporation -> Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2023-01-11] (McAfee, LLC -> McAfee, LLC)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2023-01-10] (McAfee, LLC -> McAfee, LLC)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)



(If an entry is included in the fixlist, it will be removed from the registry.)



IE trusted site: HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\sharepoint.com -> hxxps://obps-files.sharepoint.com



==================== Hosts content: =========================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts



==================== Other Areas ===========================



(Currently there is no automatic fix for this section.)



HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\

HKU\S-1-5-21-4058471508-124884304-2479839303-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg

DNS Servers: 192.168.86.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.



Network Binding:

=============

Ethernet 2: AppEx Networks Accelerator -> appex_acc (enabled)

Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

Ethernet: AppEx Networks Accelerator -> appex_acc (enabled)

Wi-Fi: AppEx Networks Accelerator -> appex_acc (enabled)

Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)



==================== MSCONFIG/TASK MANAGER disabled items ==



(If an entry is included in the fixlist, it will be removed.)



HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run: => "lxeamon.exe"

HKLM\...\StartupApproved\Run: => "EzPrint"

HKLM\...\StartupApproved\Run: => "SynTPEnh"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"

HKLM\...\StartupApproved\Run32: => "EEventManager"

HKLM\...\StartupApproved\Run32: => "StartCCC"

HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKLM\...\StartupApproved\Run32: => "Raptr"

HKLM\...\StartupApproved\Run32: => "SwitchBoard"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "LeapFrog Connect 2 Launcher"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "MusicManager"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "NordVPN"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "Plays"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "Norton Download Manager{COMCAST-NSS2210085-SOS}"

HKU\S-1-5-21-4058471508-124884304-2479839303-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_6EC8B8D74E885E2E49052EFAC7544F80"



==================== FirewallRules (Whitelisted) ================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



FirewallRules: [{401E3A00-DADF-48B6-92F9-35F46F39B854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tron 2.0\TronLauncher.exe (Disney Interactive) [File not signed]

FirewallRules: [{FC3477B0-F503-42B9-87AB-597E23554EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tron 2.0\TronLauncher.exe (Disney Interactive) [File not signed]

FirewallRules: [{D865D1C5-BDAD-4744-9794-713D6B4F2127}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File

FirewallRules: [{13AC1F1C-3E67-42BC-96AD-4634BD0700CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{E6A21CEE-79C3-402B-BD63-34F61938C055}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{6CD58AC6-518F-49A4-843F-41043D7B7EC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe (Gearbox Software) [File not signed]

FirewallRules: [{8900991B-5241-4591-89F6-30157360B452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Homeworld\HWLauncher\Launcher.exe (Gearbox Software) [File not signed]

FirewallRules: [{064B96CD-DF2B-44D8-9F3A-1591EA7411C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

FirewallRules: [{21BF4993-FB57-42ED-978B-565576C5EA27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File

FirewallRules: [{36CB8B9B-11D2-489E-8933-3D1BA885BE5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{8D250F26-544B-43D3-9475-F53E6E098243}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)

FirewallRules: [{360B58A3-22B0-4672-901F-09AD335B57C7}] => (Allow) C:\Users\Terry\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{CC8EF85D-F240-4820-8590-970458044748}] => (Allow) C:\Users\Terry\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

 

[uber_beetle]

FirewallRules: [UDP Query User{3A40D0A5-1924-4678-8EE9-6BABDDAF4568}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [TCP Query User{73C813C4-B1AD-4B8C-A516-47DBDD90863E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{4BE1DAAB-D2C1-4775-95D8-FBD6C42CC07F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright (c) 2018 Plays.tv, LLC)

FirewallRules: [{01B4BA8E-E0E6-40C6-929F-9239B979BC7B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright (c) 2018 Plays.tv, LLC)

FirewallRules: [{55C863C8-FFB2-474B-B006-6C4C88D24307}] => (Allow) C:\WINDOWS\system32\LXEAcoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{D12B8CB5-C06D-4FCC-A345-645C31DC7EBF}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe => No File

FirewallRules: [{541FCD07-592F-4601-B5C0-3186D0C2A7D7}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe => No File

FirewallRules: [{5B79066E-F4B0-452C-ACE8-8C1D9E02949E}] => (Allow) C:\WINDOWS\system32\LXEAcoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{AE7407F4-F597-411C-AEC8-53C7A834CEE3}] => (Allow) C:\WINDOWS\system32\LXEAcoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{9A735D0C-3601-4752-BA99-F2A88E013217}] => (Allow) C:\WINDOWS\system32\lxeacoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{7AF92224-D901-444F-A2A5-B6DC05AF603E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{F7A61918-E41C-44C8-B552-FB41DB572E82}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)

FirewallRules: [{410A3CCF-048D-4BB5-8AC9-28DFD28BCE38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{0F734EBD-1568-475A-8525-813FF6272575}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{C66A2C43-24C0-43D7-B925-46902BDEE713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{6F9552C6-1586-4CA8-9646-E59548A2ADBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{06F33B11-06F7-40DD-9806-B76BD09AF6FD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)

FirewallRules: [{AE4E52E0-F415-41DD-9E23-4A3C8A9DFC0D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)

FirewallRules: [{70C2B004-E923-453A-BCEB-56752C9F4D6F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)

FirewallRules: [{E5E5F663-1D26-4B65-8709-CE06C3B15DD9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)

FirewallRules: [{56B8AC6A-8EBD-456A-BCF5-4836463D9488}] => (Allow) C:\Program Files\Samsung\ActionDirector2\PDR10.EXE => No File

FirewallRules: [TCP Query User{FAE61529-7D11-4609-BB6A-DFE6AB356040}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe => No File

FirewallRules: [UDP Query User{3F9A88BE-B172-4380-B42B-6343526AB731}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe => No File

FirewallRules: [TCP Query User{A014E723-F336-4895-A67A-7F4E3AC43993}C:\windows\syswow64\lxeacoms.exe] => (Allow) C:\windows\syswow64\lxeacoms.exe (Lexmark International, Inc. -> )

FirewallRules: [UDP Query User{206B8EE6-CAFF-4CCD-B95F-6AFFD6735215}C:\windows\syswow64\lxeacoms.exe] => (Allow) C:\windows\syswow64\lxeacoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{F2C3961B-91BC-4F47-AEE8-09FF2ADD57C5}] => (Block) C:\windows\syswow64\lxeacoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{FFB4FCDD-9DE1-414B-ADBE-436FD6A1B5F3}] => (Block) C:\windows\syswow64\lxeacoms.exe (Lexmark International, Inc. -> )

FirewallRules: [{8F8B72F1-90E3-4055-A24B-44E348AF463B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E1EFFD07-2842-4797-A620-FAE1AB77B88E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{323FCF4E-8CA5-4B99-87D4-008BD0581E85}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)

FirewallRules: [{FEC8BB5D-74A3-48FB-96C2-AD0EF931C414}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)

FirewallRules: [{E6309914-BAB8-4744-AA9B-BAB3A428CABF}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{5392126D-9098-4855-9789-FD462CE73732}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{83349734-A2A4-460B-8A4F-1ADA0D89E9D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{76025A7E-D0D2-4A58-A4E3-678FBA3CFEC3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{28837F5F-C665-474D-B5D0-FC7BEC547FA8}] => (Allow) C:\Program Files\Opera\102.0.4880.56\opera.exe (Opera Norway AS -> Opera Software)

FirewallRules: [{3B56BC9B-A6A8-4E7B-B2CE-A90A60AB4412}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{DCB7FC50-EA9A-4DC9-85E9-6E9FAEE89259}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{5478BAE0-B3E1-43C9-BF2E-7ACD5092234E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{19F16910-AED6-4D57-9569-F2CC61FE6A87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{6C2A348D-0352-49B0-8BF0-05796A841BAA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{BED28490-8B8F-4AC6-A33A-25735D2A1CE6}] => (Allow) C:\Program Files\Opera\102.0.4880.78\opera.exe (Opera Norway AS -> Opera Software)

FirewallRules: [{52894886-ACFE-4D20-A667-9A1502D5AF49}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)



==================== Restore Points =========================



22-09-2023 02:35:33 Scheduled Checkpoint

01-10-2023 01:37:14 Scheduled Checkpoint



==================== Faulty Device Manager Devices ============





==================== Event log errors: ========================



Application errors:

==================

Error: (10/01/2023 02:06:42 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.



Error: (09/29/2023 09:30:47 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SearchApp.exe version 10.0.19041.3393 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.



Process ID: 2470



Start Time: 01d9f00a6f5dea70



Termination Time: 4294967295



Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe



Report Id: a83aa6a3-6a56-4f5b-b731-cdde1b2e2e46



Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy



Faulting package-relative application ID: ShellFeedsUI



Hang type: Quiesce



Error: (09/25/2023 07:35:54 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

 

[uber_beetle]

Error: (09/22/2023 07:58:47 AM) (Source: Application Hang) (EventID: 1002) (User: )


Description: The program SearchApp.exe version 10.0.19041.3393 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.



Process ID: 3864



Start Time: 01d9e637509581e5



Termination Time: 4294967295



Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe


Report Id: fc7fd4ad-952a-47cf-baa2-84ea08e8b13c



Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy



Faulting package-relative application ID: ShellFeedsUI



Hang type: Quiesce



Error: (09/13/2023 12:37:34 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.



Error: (09/13/2023 12:33:12 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.

.



Error: (09/13/2023 12:33:12 AM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]



Error: (09/11/2023 10:32:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BackgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7

Faulting module name: ntdll.dll, version: 10.0.19041.3324, time stamp: 0xda4a9f63

Exception code: 0xc0000374

Fault offset: 0x00000000000ff459

Faulting process id: 0x808

Faulting application start time: 0x01d9e52167b31478

Faulting application path: C:\WINDOWS\system32\BackgroundTaskHost.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: a3f67bd4-34b0-4ad4-b7e9-d80117eaeb1b

Faulting package full name: Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App





System errors:

=============

Error: (10/01/2023 02:05:40 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)

Description: The BITS service failed to start. Error 2147500053.



Error: (10/01/2023 02:05:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JH8LNA8)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.



Error: (10/01/2023 02:05:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JH8LNA8)

Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.



Error: (10/01/2023 08:04:14 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4



Error: (09/29/2023 08:02:39 PM) (Source: disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.



Error: (09/27/2023 05:56:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4



Error: (09/26/2023 10:13:39 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4



Error: (09/26/2023 07:13:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4





Windows Defender:

================

Date: 2022-03-30 06:19:55

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



Date: 2022-03-29 23:40:57

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan



CodeIntegrity:

===============

Date: 2023-10-03 20:57:16

Description:

Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.





==================== Memory info ===========================



BIOS: American Megatrends Inc. 1.50 10/18/2011

Motherboard: PEGATRON CORPORATION TKBSS

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics

Percentage of memory in use: 79%

Total physical RAM: 5610.11 MB

Available physical RAM: 1136.34 MB

Total Virtual: 7295.75 MB

Available Virtual: 1496.17 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:487.74 GB) (Free:152.12 GB) (Model: Crucial_CT525MX300SSD1) NTFS

Drive d: (HomeWorld2) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS



\\?\Volume{e71e7d34-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS

\\?\Volume{e71e7d34-0000-0000-0000-c00e7a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.18 GB) NTFS



==================== MBR & Partition Table ====================



==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 489 GB) (Disk ID: E71E7D34)

Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=487.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=836 MB) - (Type=27)



==================== End of Addition.txt =======================