Inactive HELP: Removing Virus using Farbar

ZoeJ2022

Posts: 25   +0
Hello,

My (Windows 11) laptop has recently detected multiple viruses, and despite scanning and cleaning with MalwareBytes and Windows Defender they still seem to be inside my computer. Defender detects these whilst MalwareBytes tends to miss them. I'm worried and I'm not too knowledgeable about viruses and have used Farbar to generate some logs in the hopes that someone could help me.

I have pasted the FRST.txt and Addition.txt files from my scan below for more details.

Please ask me if you need more information!

Thank you,
ZoeJ2022
 

ZoeJ2022

Posts: 25   +0
FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by zo8j2 (administrator) on DESKTOP-VNCRUAG (Dell Inc. Inspiron 5593) (07-03-2022 20:25:32)
Running from C:\Users\zo8j2\Downloads
Loaded Profiles: zo8j2
Platform: Microsoft Windows 11 Home Version 21H2 22000.527 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\httpd.exe <2>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4789e47f6228caeb\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d8b7fef7fc5b1320\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_34f570cbe7f3d6c7\RstMwService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MariaDB Corporation Ab -> ) [File not signed] C:\xampp\mysql\bin\mysqld.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\SessionService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64.exe
(services.exe ->) (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe <2>
(sihost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.2.2.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-02] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2022-03-06] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [124599048 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2618248 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-05] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [Figma Agent] => C:\Users\zo8j2\AppData\Local\FigmaAgent\figma_agent.exe [6013152 2022-01-19] (Figma, Inc. -> )
HKLM\...\Windows x64\Print Processors\Canon MG3100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAR.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3100 series: C:\WINDOWS\system32\CNMLMAR.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.51\Installer\chrmstp.exe [2022-03-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18EE9872-DA67-43DD-9EB5-31D01E8DAC89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-19] (Google LLC -> Google LLC)
Task: {1EA48DD3-CEA2-479E-8423-77030E9995E1} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {1EE63CB4-F483-49FF-BD2A-B1FE5328C07E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2597DC96-0778-49C1-8B69-C6F73CF7725E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {38EA67A5-18CD-4725-AC95-7C9A9974D18F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {65FABBF2-FDDF-478B-8EEA-E23713AF1204} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4103816 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AD960C4-16CB-43DB-942E-1B1FBFDC3205} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6481872 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7242ABA3-9AAC-4624-844E-500CFDEEB275} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {761B1F23-3CB3-4CBE-9C12-2991CE23B134} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (No File)
Task: {77DE17E3-F6E3-4BFC-888C-4D62BC9228E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-19] (Google LLC -> Google LLC)
Task: {7A020A3E-238F-4BCB-BBB2-7B1E12879C94} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3304357071-3265175587-3679879120-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {829D2499-522F-4622-B7C8-93D7FEAD44C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {83595024-FC67-49C5-A517-F08869391144} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {83DEDDDD-69AD-4429-8CB9-4390CFC92DCC} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.104\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC)
Task: {911AA5B1-9460-4B4C-9ADD-B3DAE153D85B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9754932E-E027-40EB-9DC1-DAA01FF507F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580640 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B8D47FA-ED58-4A51-9061-C7F78724081C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {9C537CCE-3456-4878-AB31-2910DB24D3DC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111000 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A331BF67-C06F-47F5-B120-F1D39041E6CA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4724096 2022-01-06] (McAfee, LLC -> McAfee, LLC)
Task: {A69EEFBD-6C6D-44E1-9DAF-4B05F4D83A03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6481872 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7CCD3A6-9B7F-4A49-A2C1-06C3F1A8F782} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B01C5086-1331-40D6-920E-F4B5DF14EC9E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111000 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {C744FD0B-303D-4EF9-874A-84431B2A407D} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D6AEB4B9-09B3-42D3-B1E0-0D847F0888D7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580640 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC68F225-4505-4325-96F2-9D7F1346C6B8} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{a8a80b30-9bed-4423-af6e-4fcffdca4681}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{cdc1a4a0-5baa-4861-b945-5a3ad4208631}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\zo8j2\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-15]

FireFox:
========
FF DefaultProfile: 1xfdw3rg.default
FF ProfilePath: C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\1xfdw3rg.default [2020-11-03]
FF ProfilePath: C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release [2022-03-07]
FF Notifications: Mozilla\Firefox\Profiles\4wqx2hcb.default-release -> hxxps://www.dreamstime.com
FF Extension: (Grammarly for Firefox) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2022-03-04]
FF Extension: (React Developer Tools) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\@react-devtools.xpi [2022-01-24]
FF Extension: (InsertLearning) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\jid1-6W3Xsnc0k1KrUQ@jetpack.xpi [2020-11-30]
FF Extension: (Mailvelope) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2021-05-13]
FF Extension: (uBlock Origin) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-02-24]
FF Extension: (Futuristic Theme) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{97d79286-54b7-497b-a00d-273d08135110}.xpi [2021-01-11]
FF Extension: (Animated Kimi no Na wa) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{b7afe29e-2e0a-4f94-bd00-9c1efc629995}.xpi [2021-01-11]
FF Extension: (Vocaloid Miku Future) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{dc24feba-0bb5-4ebd-8a61-88b810f44464}.xpi [2021-01-11]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default [2021-11-06]
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=E211GB384G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/gossip/gossip-uk-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-06]
CHR Extension: (React Developer Tools) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2021-11-06]
CHR Extension: (Oceanic) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbacdmgjdfajabgglpjifcedoajdimg [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-14]
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-17]
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [29696 2021-02-17] (Apache Software Foundation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [436256 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3847712 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [462880 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50888 2021-06-24] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1024680 2021-09-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{B9AFAF52-2B5E-4B38-8519-BE208947011C} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-11-11] (Dell Inc -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncHelper.exe [3380616 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-03-02] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971912 2022-03-04] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [789752 2021-08-21] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\\McCSPServiceHost.exe [2825792 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1671760 2021-08-10] (McAfee, LLC -> McAfee, LLC)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [16159488 2021-02-18] (MariaDB Corporation Ab -> ) [File not signed]
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\OneDriveUpdaterService.exe [3851128 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-11-15] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2022-03-06] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X]
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-05] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-02] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [166032 2021-08-13] (Intel Corporation -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2022-03-06] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2022-03-02] (Zemana Ltd. -> Zemana Ltd.)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-07 20:25 - 2022-03-07 20:26 - 000032166 _____ C:\Users\zo8j2\Downloads\FRST.txt
2022-03-07 20:25 - 2022-03-07 20:26 - 000000000 ____D C:\FRST
2022-03-07 20:25 - 2022-03-07 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2022-03-07 20:24 - 2022-03-07 20:24 - 002312192 _____ (Farbar) C:\Users\zo8j2\Downloads\FRST64.exe
2022-03-07 20:22 - 2022-03-07 20:22 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-07 20:20 - 2022-03-07 20:21 - 000000000 ____D C:\AdwCleaner
2022-03-07 20:20 - 2022-03-07 20:20 - 008540344 _____ (Malwarebytes) C:\Users\zo8j2\Downloads\adwcleaner.exe
2022-03-06 09:28 - 2022-03-06 09:28 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2022-03-06 09:28 - 2022-03-06 09:28 - 000001261 _____ C:\Users\Public\Desktop\MalwareFox AntiMalware.lnk
2022-03-06 09:28 - 2022-03-06 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
2022-03-06 09:27 - 2022-03-06 09:27 - 006617512 _____ (Zemana Ltd. ) C:\Users\zo8j2\Downloads\MalwareFox.exe
2022-03-05 00:00 - 2022-03-05 15:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-03 21:00 - 2022-03-03 21:00 - 000036022 _____ C:\Users\zo8j2\Downloads\nickainley.zip
2022-03-03 21:00 - 2022-03-03 21:00 - 000000000 ____D C:\Users\zo8j2\Downloads\nickainley
2022-03-03 17:41 - 2022-03-03 17:41 - 000160515 _____ C:\Users\zo8j2\Downloads\AdobeColor-Music Online.jpeg
2022-03-02 21:29 - 2022-03-02 21:29 - 000007603 _____ C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg
2022-03-02 16:06 - 2022-03-02 16:06 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2022-03-02 16:04 - 2022-03-02 16:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-02 16:04 - 2022-03-02 16:04 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-02 16:03 - 2022-03-02 16:03 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-02 15:23 - 2022-03-02 15:23 - 000000000 ___HD C:\$SysReset
2022-03-02 14:54 - 2022-03-02 14:54 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\565452E8.sys
2022-03-02 14:52 - 2022-03-02 16:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-02 14:52 - 2022-03-02 14:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4634C5D2.sys
2022-03-02 14:51 - 2022-03-02 15:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-03-02 14:35 - 2022-03-07 20:27 - 000261715 _____ C:\WINDOWS\ZAM.krnl.trace
2022-03-02 14:35 - 2022-03-07 20:27 - 000053560 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2022-03-02 14:35 - 2022-03-06 09:28 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2022-03-02 14:35 - 2022-03-02 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2022-03-02 14:35 - 2022-03-02 14:35 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Zemana
2022-03-02 14:35 - 2022-03-02 14:35 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Wolf of Webstreet OPC Private Limited
2022-02-22 12:27 - 2022-02-22 12:27 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-02-22 12:27 - 2022-02-22 12:27 - 000015024 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-22 12:17 - 2022-02-22 12:17 - 000000000 ___HD C:\$WinREAgent
2022-02-19 19:29 - 2022-02-19 19:29 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Jedi
2022-02-19 19:29 - 2022-02-19 19:29 - 000000000 ____D C:\Users\zo8j2\.matplotlib
2022-02-19 19:23 - 2022-02-19 19:23 - 000000000 ____D C:\Users\zo8j2\AppData\Local\pip
2022-02-19 19:00 - 2022-02-19 19:01 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-02-19 19:00 - 2022-02-19 19:00 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Package Cache
2022-02-17 12:04 - 2022-02-17 12:04 - 000000000 ____D C:\ProgramData\Oracle
2022-02-17 12:03 - 2022-02-17 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProjectLibre
2022-02-10 09:06 - 2022-03-07 20:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-08 14:04 - 2022-02-08 14:04 - 000001764 _____ C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exercise.lnk
2022-02-05 15:15 - 2022-02-05 15:15 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-02-05 15:07 - 2022-02-05 15:07 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-07 20:27 - 2021-11-08 01:58 - 000885420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-07 20:27 - 2021-06-05 12:09 - 000000000 ____D C:\WINDOWS\INF
2022-03-07 20:24 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-07 20:24 - 2020-10-31 14:21 - 000000000 ____D C:\Users\zo8j2\AppData\LocalLow\Mozilla
2022-03-07 20:24 - 2020-06-19 12:57 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-07 20:24 - 2020-05-19 22:43 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2022-03-07 20:23 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-07 20:23 - 2021-06-05 12:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-07 20:23 - 2020-09-24 12:45 - 000000000 ___RD C:\Users\zo8j2\OneDrive - Glasgow Clyde College
2022-03-07 20:23 - 2020-06-17 12:21 - 000000000 ___RD C:\Users\zo8j2\OneDrive
2022-03-07 20:22 - 2021-11-08 02:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-07 20:22 - 2021-11-08 01:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-07 20:22 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-07 20:22 - 2021-06-05 12:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-07 20:22 - 2021-03-23 15:56 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-07 20:22 - 2020-06-17 20:07 - 000000000 ____D C:\ProgramData\Goodix
2022-03-07 20:22 - 2020-06-17 20:07 - 000000000 ____D C:\Intel
2022-03-07 20:22 - 2020-06-17 12:17 - 000000000 __SHD C:\Users\zo8j2\IntelGraphicsProfiles
2022-03-07 20:21 - 2020-05-19 22:46 - 000000000 ____D C:\ProgramData\Dell
2022-03-07 20:21 - 2020-05-19 22:41 - 000000000 ____D C:\Program Files\Dell
2022-03-07 20:20 - 2021-06-05 12:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-07 19:52 - 2020-09-07 08:13 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\discord
2022-03-07 19:52 - 2020-09-07 08:13 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Discord
2022-03-06 09:28 - 2021-11-07 19:30 - 000000000 ____D C:\Users\zo8j2
2022-03-05 15:35 - 2020-06-17 12:17 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Packages
2022-03-05 15:35 - 2020-05-19 22:59 - 000000000 ____D C:\ProgramData\Packages
2022-03-05 15:29 - 2020-10-31 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-05 15:29 - 2020-05-19 22:44 - 000000000 ____D C:\Program Files\McAfee
2022-03-05 15:28 - 2020-11-18 20:04 - 000000000 ____D C:\Users\zo8j2\AppData\Local\ElevatedDiagnostics
2022-03-05 15:28 - 2020-06-17 13:52 - 000000000 ____D C:\Program Files (x86)\Steam
2022-03-05 15:26 - 2020-06-17 21:27 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-05 15:24 - 2020-11-13 13:58 - 000000000 ____D C:\Users\zo8j2\AppData\Local\CrashDumps
2022-03-05 15:12 - 2021-11-08 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-03-05 15:12 - 2020-10-31 14:21 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-04 23:00 - 2021-12-04 09:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-03-04 22:47 - 2021-01-22 13:57 - 000000000 __RSD C:\Users\zo8j2\Documents\McAfee Vaults
2022-03-03 22:51 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Figma
2022-03-03 09:13 - 2020-10-09 20:33 - 000000000 ____D C:\Users\zo8j2\AppData\Local\D3DSCache
2022-03-03 09:11 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Figma
2022-03-03 09:03 - 2021-11-08 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-03-02 21:25 - 2020-06-19 12:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-02 21:25 - 2020-06-19 12:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-02 16:06 - 2021-11-07 19:30 - 000000000 ____D C:\Users\DefaultAppPool
2022-03-02 16:04 - 2021-06-05 12:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-01 23:30 - 2021-06-05 12:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-01 23:29 - 2021-12-11 22:26 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-01 23:29 - 2021-11-08 01:56 - 000472984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-24 18:43 - 2021-12-11 22:27 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-24 18:43 - 2021-12-11 22:26 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3304357071-3265175587-3679879120-1001
2022-02-24 18:43 - 2021-12-04 10:01 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-02-22 20:47 - 2020-09-18 23:00 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Code
2022-02-22 12:36 - 2021-06-05 12:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-22 12:27 - 2021-11-08 01:59 - 003101696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-19 19:00 - 2020-05-19 22:48 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-18 13:02 - 2021-08-08 13:40 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\npm-cache
2022-02-15 11:54 - 2021-12-15 11:01 - 000002404 _____ C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2022-02-15 11:54 - 2021-12-15 11:01 - 000002396 _____ C:\Users\zo8j2\Desktop\Microsoft Teams (work or school).lnk
2022-02-14 23:05 - 2021-11-08 02:02 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2022-02-13 15:22 - 2020-09-18 22:55 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-02-11 10:45 - 2020-06-19 23:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-11 10:40 - 2020-06-19 23:54 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 20:54 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Local\FigmaAgent
2022-02-10 00:49 - 2020-05-19 22:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-05 15:15 - 2021-06-05 12:01 - 000000000 ____D C:\WINDOWS\servicing
2022-02-05 14:53 - 2021-06-02 18:46 - 000903678 _____ C:\WINDOWS\ntbtlog.txt
2022-02-05 14:53 - 2021-06-02 18:46 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== Files in the root of some directories ========

2021-01-13 01:03 - 2021-08-17 00:47 - 001094784 _____ () C:\Program Files\UnityCrashHandler64.exe
2021-01-13 01:03 - 2021-08-17 00:47 - 025951360 _____ () C:\Program Files\UnityPlayer.dll
2021-12-16 11:56 - 2021-12-16 11:57 - 000002546 _____ () C:\Users\zo8j2\AppData\Local\krita-sysinfo.log
2021-12-16 11:56 - 2021-12-16 12:04 - 000000591 _____ () C:\Users\zo8j2\AppData\Local\krita.log
2021-12-16 12:04 - 2021-12-16 12:04 - 000000039 _____ () C:\Users\zo8j2\AppData\Local\kritadisplayrc
2021-12-16 11:56 - 2021-12-16 12:04 - 000016435 _____ () C:\Users\zo8j2\AppData\Local\kritarc
2021-05-27 21:42 - 2021-05-27 21:42 - 000000794 _____ () C:\Users\zo8j2\AppData\Local\recently-used.xbel
2022-03-02 21:29 - 2022-03-02 21:29 - 000007603 _____ () C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

ZoeJ2022

Posts: 25   +0
Addition.TXT (This requested under 5000 characters so I have split it to multiple posts below. Sorry about that!)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by zo8j2 (07-03-2022 20:28:45)
Running from C:\Users\zo8j2\Downloads
Microsoft Windows 11 Home Version 21H2 22000.527 (X64) (2021-11-08 02:03:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3304357071-3265175587-3679879120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3304357071-3265175587-3679879120-503 - Limited - Disabled)
Guest (S-1-5-21-3304357071-3265175587-3679879120-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3304357071-3265175587-3679879120-504 - Limited - Disabled)
zo8j2 (S-1-5-21-3304357071-3265175587-3679879120-1001 - Administrator - Enabled) => C:\Users\zo8j2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
Anki (HKLM-x32\...\Anki) (Version: 2.1.38 - )
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Cisco Packet Tracer 7.3.1 64Bit (HKLM\...\Cisco Packet Tracer 7.3.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Citra (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{74883e7d-b25a-436c-99d0-fe8578d85197}) (Version: 1.0.0 - Citra Team)
Dell Digital Delivery Services (HKLM-x32\...\{560DFD4A-23E2-45DD-A223-A4B3FA356913}) (Version: 4.0.92.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{0B5978E6-D912-4E4F-B117-A164F68BC95C}) (Version: 3.0.9346 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{E0659C89-D276-4B77-A5EC-A8F2F042E78F}) (Version: 3.10.4.18 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E21419F5-2AA6-439C-B2C1-840083A05BC5}) (Version: 5.5.0.16041 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{db72dcd5-bf99-4888-b104-cb605b82ec8a}) (Version: 5.5.0.16041 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.4.0 - Dell Inc.)
Discord (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Figma (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Figma) (Version: 108.1.0 - Figma, Inc.)
Figma Agent (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\FigmaAgent) (Version: 108.1.0 - Figma, Inc.)
FileZilla Client 3.57.0 (HKLM-x32\...\FileZilla Client) (Version: 3.57.0 - Tim Kosse)
FluidUI Editor 1.0 (HKLM\...\FluidUI Editor) (Version: 1.0 - Fluid Software Ltd)
Git version 2.31.1 (HKLM\...\Git_is1) (Version: 2.31.1 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\GitHubDesktop) (Version: 2.9.6 - GitHub, Inc.)
GitMind 1.0.8 (HKLM-x32\...\a0e10d84-6512-552f-a0ec-5dd2e61ffe64) (Version: 1.0.8 - Apowersoft)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 3.0.35.600 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Intel Software Package (HKLM-x32\...\{e1d93543-7ba0-4927-aa7f-09c5fc7f25df}) (Version: 8.7.10600.20700 - Intel) Hidden
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10600.20700 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{7a82309b-956d-4788-8207-25897660c3d6}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Krita (x64) 4.4.8 (HKLM\...\Krita_x64) (Version: 4.4.8.0 - Krita Foundation)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R37 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14931.20120 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.14931.20120 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\a1a734b8150c1d83) (Version: 17.0.7513.25 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{572E990E-67FD-4014-884C-A730BFC7E1D7}) (Version: 4.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.64.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3066.826 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 97.0.2 (x64 en-GB)) (Version: 97.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.2 - Mozilla)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Node.js (HKLM\...\{93EE163B-2A10-4888-BC8C-DB9ED55D77FB}) (Version: 14.17.4 - Node.js Foundation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
osu! (HKLM-x32\...\{8dad1296-86b6-44de-8d84-7707970b796f}) (Version: latest - ppy Pty Ltd)
Pencil (HKLM-x32\...\Pencil) (Version: - Evolus)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
ProjectLibre (HKLM\...\{com.projectlibre1.main}}_is1) (Version: 1.9.3 - ProjectLibre)
Python 3.10.2 (64-bit) (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{c60fd5ac-367d-4e3a-a975-f157502ac30a}) (Version: 3.10.2150.0 - Python Software Foundation)
Python 3.10.2 Add to Path (64-bit) (HKLM\...\{F55A8CCD-A817-4C53-91B8-4B7E6C49DA7B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Core Interpreter (64-bit) (HKLM\...\{6475B354-B0F6-4837-8738-784937D647B2}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Development Libraries (64-bit) (HKLM\...\{8277936D-8A34-4758-893C-0B29342A6F27}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Documentation (64-bit) (HKLM\...\{B51A07AD-9BCE-485D-8721-C7C83992794B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Executables (64-bit) (HKLM\...\{EDEE3162-8399-42D4-9D7C-7DA21275BFD0}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 pip Bootstrap (64-bit) (HKLM\...\{08B7036F-0609-4634-9A5F-1688230E9D9D}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Standard Library (64-bit) (HKLM\...\{D862D299-FDC2-4571-B3A1-27CEE951D2D1}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Tcl/Tk Support (64-bit) (HKLM\...\{7863DF45-23BB-4D83-97B3-CF08F3192F5B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Test Suite (64-bit) (HKLM\...\{D68594E9-2F98-4EA0-8A94-5D7D9FF51960}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Utility Scripts (64-bit) (HKLM\...\{300F0759-8294-4971-9FAD-7AB19FA7B270}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0CD41B07-EDF9-4B77-8C7C-CCCA1C435970}) (Version: 3.10.7686.0 - Python Software Foundation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10518 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31248 - Realtek Semiconductor Corp.)
Roblox Player for zo8j2 (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for zo8j2 (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\roblox-studio) (Version: - Roblox Corporation)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{A0CDAD3D-0329-4E3E-8DC1-30E333D6564D}) (Version: 3.1.995 - Rivet Networks)
Spotify (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Spotify) (Version: 1.1.71.560.gc21c3367 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.22976 - Microsoft Corporation)
Twitch (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 38.0.1 - Ubisoft)
Unity (HKLM-x32\...\Unity) (Version: 2019.3.15f1 - Unity Technologies ApS)
Unity Hub 2.3.2 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.3.2 - Unity Technologies Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.684 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
XAMPP (HKLM\...\xampp) (Version: 8.0.3-0 - Bitnami)
Zoom (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
 

ZoeJ2022

Posts: 25   +0
Packages:
=========
Anki Universal -> C:\Program Files\WindowsApps\36558AnkiUniversal.AnkiUniversal_1.4.18.0_x64__qh2hfqm01f5q4 [2022-01-28] (Anki Universal)
Audiotonic – Audacity rebuilt for Windows 10 -> C:\Program Files\WindowsApps\BluskySoftwareInc.17062EE08491F_2.2.3.0_x86__61yk12x6sxn40 [2021-09-29] (Blusky Software Inc.)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.75.1.0_x64__kgqvnymyfvs32 [2022-03-02] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-06-21] (Canon Inc.)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.17.0_x64__2dgmkzkw4h30c [2022-01-21] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2022-01-28] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-11-06] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.7.0_x64__htrsf667h5kn2 [2022-02-14] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.4.18.0_x86__htrsf667h5kn2 [2021-11-15] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2022-01-28] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.76.2.0_x86__kgqvnymyfvs32 [2022-03-02] (king.com)
Free Virtual Keyboard -> C:\Program Files\WindowsApps\ComfortSoftwareGroup.FreeVirtualKeyboard_5.0.0.0_x64__2tsmkga83t66w [2021-06-03] (Comfort Software Group)
Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_1.1.0.0_x64__9waqn51p1ttv2 [2021-06-30] (Inkscape)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2022-01-28] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1024.0_x64__8j3eq9eme6ctt [2022-02-12] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2022-01-28] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-23] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-21] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.92.17.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Padlet -> C:\Program Files\WindowsApps\WallwisherInc.126506D8EE593_5.0.0.0_x64__xvp70cj3djx16 [2021-12-13] (Wallwisher Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation)
Python 3.10 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.752.0_x64__qbz5n2kfra8p0 [2022-02-19] (Python Software Foundation)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1001.0_x64__rh07ty8m5nkag [2021-10-27] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2022-01-28] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-06-17] (Waves Audio)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2206.9.0_x64__cv1g1gvanyjgm [2022-03-07] (WhatsApp Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{04271989-C4D2-EC68-1D17-A35CE8D40051} -> [OneDrive - Glasgow Clyde College] => C:\Users\zo8j2\OneDrive - Glasgow Clyde College [2020-09-24 12:45]
CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\zo8j2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\zo8j2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_e59109c0b9bfb49c\OptaneShellExt.dll [2021-09-14] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2022-03-06] (Zemana Ltd. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_e59109c0b9bfb49c\OptaneShellExt.dll [2021-09-14] (Intel Corporation -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2022-03-06] (Zemana Ltd. -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-24 23:06 - 2021-03-03 00:13 - 000281600 _____ () [File not signed] C:\xampp\apache\bin\libssh2.dll
2021-03-24 23:06 - 2020-02-17 12:44 - 000395264 _____ () [File not signed] C:\xampp\apache\bin\pcre.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000282112 _____ () [File not signed] C:\xampp\php\libpq.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 001598464 _____ () [File not signed] C:\xampp\php\libsqlite3.dll
2021-03-24 23:06 - 2021-02-17 13:10 - 000213504 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libapr-1.dll
2021-03-24 23:06 - 2021-02-17 13:10 - 000036864 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libapriconv-1.dll
2021-03-24 23:06 - 2021-02-17 13:11 - 000276480 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libaprutil-1.dll
2021-03-24 23:06 - 2021-02-17 13:11 - 000441344 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libhttpd.dll
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_access_compat.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_actions.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000020992 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_alias.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_allowmethods.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_asis.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000017920 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_auth_basic.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016384 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authn_core.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000015360 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authn_file.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000023552 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_core.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_groupfile.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_host.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_user.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000038400 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_autoindex.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000058880 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cache.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000032256 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cache_disk.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000026112 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cgi.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000094720 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dav.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023552 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dav_lock.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000016384 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dir.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_env.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_headers.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000048128 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_include.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000030720 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_info.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_isapi.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000031744 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_log_config.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_mime.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000036352 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_negotiation.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000106496 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_proxy.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000041984 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_proxy_ajp.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000064000 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_rewrite.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000018432 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_setenvif.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000024576 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_socache_shmcb.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000185856 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_ssl.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_status.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000015360 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_version.so
2021-03-24 23:06 - 2020-07-27 10:18 - 000140800 _____ (hxxps://nghttp2.org/) [File not signed] C:\xampp\apache\bin\nghttp2.dll
2021-12-05 13:26 - 2021-12-05 13:31 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.dll
2022-02-16 13:42 - 2022-02-16 13:43 - 000137168 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2021-01-09 07:35 - 2021-01-09 07:35 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-03-24 23:06 - 2021-02-17 13:03 - 003434496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\xampp\apache\bin\libcrypto-1_1-x64.dll
2021-03-24 23:06 - 2021-02-17 13:04 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\xampp\apache\bin\libssl-1_1-x64.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000086528 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_bz2.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000583168 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_curl.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000072704 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_exif.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 006751232 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_fileinfo.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000057344 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_ftp.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000054784 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_gettext.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 001447424 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_mbstring.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000110592 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_mysqli.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000142848 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_openssl.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000029696 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_pdo_mysql.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000028160 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_pdo_sqlite.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000035840 _____ (The PHP Group) [File not signed] C:\xampp\php\php8apache2_4.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 009031168 _____ (The PHP Group) [File not signed] C:\xampp\php\php8ts.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> DefaultScope {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-03-04] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-03-04] (McAfee, LLC -> McAfee, LLC)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\sharepoint.com -> hxxps://glasgowclydecollege-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-10-25 12:09 - 2020-10-25 12:14 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zo8j2\Downloads\552539-Chiaki-Nanami.png
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "Figma Agent"
 

ZoeJ2022

Posts: 25   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{154CB5AB-D1CE-4BBC-A678-BA51D28157DC}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [TCP Query User{9C2E0E31-B050-4210-BACA-FD119F508B39}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [UDP Query User{DB2D1596-4D29-4683-9BC9-F8020CF7DAD3}C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{08D719B2-0D2D-462F-8E06-4348E1800E86}C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{921665B8-1ADD-4E43-B475-4912D354EDB8}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [TCP Query User{79A613CA-A775-4818-8353-F29CC8843568}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [{8C3D69A9-EEC0-490F-A91C-177AE4A79D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVIBRATE Ultimate Edition\iVIBRATE Ultimate Edition.exe () [File not signed]
FirewallRules: [{C3115597-8D1A-4466-BFD0-9C779B3B567E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVIBRATE Ultimate Edition\iVIBRATE Ultimate Edition.exe () [File not signed]
FirewallRules: [{7242C548-69A0-4E85-9A5E-B00F42B9C31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club Plus\Doki Doki Literature Club Plus.exe () [File not signed]
FirewallRules: [{53D974E7-885E-4D37-8DD7-39D50BC88139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club Plus\Doki Doki Literature Club Plus.exe () [File not signed]
FirewallRules: [UDP Query User{8946FB93-3BB2-47A1-88E4-4114DBB25D59}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [TCP Query User{53B726C0-8AE4-4518-A997-0E36D8643E89}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{A1A0E7D3-7EE6-4EEE-BE66-A055CC1ACA23}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{A8D59906-C466-40EA-8F59-5F283FBF5771}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [UDP Query User{3F3F0636-1414-4A98-B68F-45E9D2813171}C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe] => (Block) C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{3258518F-C2E1-4162-8A3E-B5492B00DD0F}C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe] => (Block) C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{FF9A266E-11B6-4E84-89D6-DFD3FD008A01}C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B9D440D4-62C4-4D32-8F92-9489C78922D4}C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C273150-46C6-4B8C-BB49-344EC9FEED70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 4\The Jackbox Party Pack 4.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{0C3B3B8E-A6D7-4CEB-A888-A24FB5A48E8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 4\The Jackbox Party Pack 4.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{C2BAFE2F-9F7A-45B6-9975-9E941595151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL1XL\YDKJV1.EXE () [File not signed]
FirewallRules: [{B1564427-9301-48E9-B4A9-E282743A45CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL1XL\YDKJV1.EXE () [File not signed]
FirewallRules: [{5DE64F57-DD5E-4404-B009-0C625BCC81B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL2\YDKJV2.EXE () [File not signed]
FirewallRules: [{941E675B-CDDD-4FC3-AAE1-FDEB964BDE7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL2\YDKJV2.EXE () [File not signed]
FirewallRules: [{C5AEFC84-9281-45FF-991D-E3B06495A744}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL3\YDKJV3.EXE () [File not signed]
FirewallRules: [{77F13111-65C0-4976-B443-A506FCD2E75C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL3\YDKJV3.EXE () [File not signed]
FirewallRules: [{23FCABB7-7E7D-46F6-B278-A72A4D139441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{F4181DB6-1884-4BC4-B0AB-BBD792656870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{47897864-8F7C-4432-A20E-C91D6BD859CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A6500B18-B016-4034-A1A4-A889FEB5DEBC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FA62A4F1-2182-4623-ABBC-9862FA0B75C8}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{E698976D-8DC5-4D80-85B3-3ECE666B10FD}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{4971EC77-58CE-4CF9-BFE3-25BE64138FC7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{10FEAEBF-5A3F-479B-B594-F103DE35D68C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{33B7819E-08EA-4B1F-B6A6-9554B30F9188}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{10E192E0-24EA-43C4-87AB-3456C7DF816B}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{FB825FF5-924A-4078-967B-24148CD2A51A}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.4.0f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{54E7DA98-5091-408E-90E7-701C167222EC}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.4.0f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{4573E4BC-8781-4437-837B-E4874668AE76}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{96B5D9BA-DCD1-412D-B1A4-3A6EBD91D191}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{2AAA743F-C298-4269-9D98-F25DA56267D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{66BAB2FE-82FA-477B-93B9-2664897FCA41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{A0505959-5BF3-4A37-A589-D855B89C53EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0BF19CDB-7D8D-428A-8588-CD10E646EB7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{67C7E2ED-75D0-4663-9655-89875BA2EBF7}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3BD8EDD3-E79A-4D2F-BA75-BF0251A9872E}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2F10C9D6-28C9-439A-847D-96D77D0D5BCF}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{DFD323C0-E9D8-4B1F-8A23-17F62EEB6FC9}C:\users\zo8j2\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\zo8j2\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{20927102-9119-4823-A9E3-460EA190BF6E}C:\users\zo8j2\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\zo8j2\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35805D5B-2D35-4579-A5DC-DA37A4F56C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B67B84CE-2E51-4E7D-A17D-1F3E00D0292A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31B0E541-11DC-45B8-A7CB-9B2B1666AA61}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7861C93B-4F95-4AB4-AC13-B83DF7613FE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91A0BAE7-27DA-4BEE-AE6A-84B31A8CA662}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53602668-A5E2-483D-9378-D8AC3533376E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE1059F4-216A-459A-A5C4-6DBB4EC55511}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{411EB57F-B194-4EC3-91B0-5B8C7BC1FEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{3BC11B6D-F81D-441B-8079-BF12B41203D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{AAC51C0E-163E-42CE-B82C-8CC9DBFBDDB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63FDC5CE-38FF-4DEC-AB4A-D7685338ED9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC4EF216-1B95-4E84-8E8B-07AD90C97AF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{906B4E5C-F3BB-4790-A4FF-8214091C1967}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7563EB23-B91F-46BE-8200-71DD58E57E5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{953EB642-7942-4F6A-9087-C88F33DD5A48}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9295979A-4915-4E38-9D39-C6B2DA7750E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B9E7FA6-5BBE-4AA3-8047-75C3F466DE6F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

02-03-2022 14:18:51 Scheduled Checkpoint
07-03-2022 20:21:46 AdwCleaner_BeforeCleaning_07/03/2022_20:21:45

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2022 08:21:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9f371355-f70f-4074-a37b-1fef6a6ce2e7}

Error: (03/05/2022 03:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.22000.527, time stamp: 0x27a6d211
Faulting module name: MusUpdateHandlers.dll, version: 10.0.22000.434, time stamp: 0x45053d4e
Exception code: 0xc0000005
Fault offset: 0x0000000000092185
Faulting process id: 0x37b8
Faulting application start time: 0x01d830a4ebf0c570
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\MusUpdateHandlers.dll
Report Id: 682abc42-3ca7-4b96-b4fe-1960f7108de2
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/03/2022 08:06:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e5990d06-06c4-447d-99bb-6b070c3a9995}

Error: (03/03/2022 07:40:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e5990d06-06c4-447d-99bb-6b070c3a9995}


System errors:
=============
Error: (03/07/2022 08:24:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Remediation service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 08:24:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Browser Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 08:22:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RAPSService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 08:22:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartByte Network Service x64 service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 08:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Remediation service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 08:21:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Digital Delivery Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (03/07/2022 08:21:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/07/2022 08:21:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Storage Middleware Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2022-03-07 20:16:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-07 20:01:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:Win32/DefenderTamperingRestore
Severity: Severe
Category: Tool
Path: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.359.1530.0, AS: 1.359.1530.0, NIS: 1.359.1530.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-03-02 15:13:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2022-03-02 15:02:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:HTML/CryptoStealBTC
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\7S4M5NYK.htm; file:_C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\7S4M5NYK.htm->(SCRIPT0004)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\zo8j2\Desktop\mbar\mbar.exe
Security intelligence Version: AV: 1.359.1225.0, AS: 1.359.1225.0, NIS: 1.359.1225.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-03-02 14:44:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/MuProcSchtaskfromOffice.A
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12232:385598926489988; process:_pid:12232,ProcessStart:132907023402467799
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Security intelligence Version: AV: 1.359.1225.0, AS: 1.359.1225.0, NIS: 1.359.1225.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Event[0]

Date: 2022-02-05 14:53:08
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2022-03-07 20:24:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-07 20:24:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-07 20:24:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2022-03-07 20:24:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2022-03-07 20:23:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.18.0 10/06/2021
Motherboard: Dell Inc. 0FHJFF
Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 79%
Total physical RAM: 7959.47 MB
Available physical RAM: 1651.43 MB
Total Virtual: 12823.47 MB
Available Virtual: 5222.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:459.12 GB) (Free:321.8 GB) NTFS

\\?\Volume{cd7e2b49-5b7e-48bc-907e-3e1d0dac87df}\ () (Fixed) (Total:1.03 GB) (Free:0.1 GB) NTFS
\\?\Volume{0b7dd702-8532-4187-97db-104bf4ef2f81}\ (Image) (Fixed) (Total:14.7 GB) (Free:0.15 GB) NTFS
\\?\Volume{4740db9f-54ab-4616-9e84-57b3f50a6ae4}\ (DELLSUPPORT) (Fixed) (Total:1.71 GB) (Free:0.86 GB) NTFS
\\?\Volume{e1d8bec5-0aa6-4e97-86d7-b0f51eece990}\ (ESP) (Fixed) (Total:0.24 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0A3A0110)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,925   +506
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

ZoeJ2022

Posts: 25   +0
ROGUEKILLER
Program : RogueKiller Anti-Malware
Version : 15.4.0.0
x64 : Yes
Program Date : Mar 7 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.22000) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : zo8j2
User is Admin : Yes
Date : 2022/03/07 21:13:53
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 774
Found items : 13
Total scanned : 103533
Signatures Version : 20220307_144134
Truesight Driver : Yes
Updates Count : 4
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Rogue.MalwareFox (Malicious)] ZAM.exe [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED] -- %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe -> Killed [Tree]
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : ZAM.exe [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED]
[+] value : %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe
[+] Type : Process
[+] file_hash : 491305C09DD08519CAAC10F509902CD7F2BB2AF8734D0D714751F3ED202F6683
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Killed [Tree]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] ZAM.exe [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED] -- %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe -> ERROR [5]
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : ZAM.exe [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED]
[+] value : %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe
[+] Type : Process
[+] file_hash : 491305C09DD08519CAAC10F509902CD7F2BB2AF8734D0D714751F3ED202F6683
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 1
[+] status : 4
[+] status_str : ERROR [5]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] ZAMShellExt64.dll [Zemana Ltd.] -- %programfiles(x86)%\MalwareFox AntiMalware\ZAMShellExt64.dll -> Unloaded
[+] scan_what : 2
[+] vendors : Rogue.MalwareFox
[+] Name : ZAMShellExt64.dll [Zemana Ltd.]
[+] value : %programfiles(x86)%\MalwareFox AntiMalware\ZAMShellExt64.dll
[+] Type : DLL
[+] file_hash : 13A62B200D95075CEB742857927BB9C107F368D176AA638C71CCB10B85E2B97B
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 2
[+] status : 3
[+] status_str : Unloaded
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] ZAMSvc [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED] -- %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe -> Stopped
[+] scan_what : 0
[+] vendors : Rogue.MalwareFox
[+] Name : ZAMSvc [WOLF OF WEBSTREET (OPC) PRIVATE LIMITED]
[+] value : %programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe
[+] Type : Service
[+] file_hash : 491305C09DD08519CAAC10F509902CD7F2BB2AF8734D0D714751F3ED202F6683
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 3
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] HKEY_CLASSES_ROOT\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD} -- [%programfiles(x86)%\MalwareFox AntiMalware\ZAMShellExt64.dll] -> Deleted
[+] scan_what : 2
[+] vendors : Rogue.MalwareFox
[+] Name : HKEY_CLASSES_ROOT\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD}
[+] value : [%programfiles(x86)%\MalwareFox AntiMalware\ZAMShellExt64.dll]
[+] Type : Registry
[+] file_hash : 13A62B200D95075CEB742857927BB9C107F368D176AA638C71CCB10B85E2B97B
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|ZAM -- [%programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|ZAM
[+] value : [%programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe]
[+] Type : Registry
[+] file_hash : 491305C09DD08519CAAC10F509902CD7F2BB2AF8734D0D714751F3ED202F6683
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZAMSvc -- [%programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Rogue.MalwareFox
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZAMSvc
[+] value : [%programfiles(x86)%\MalwareFox AntiMalware\ZAM.exe]
[+] Type : Registry
[+] file_hash : 491305C09DD08519CAAC10F509902CD7F2BB2AF8734D0D714751F3ED202F6683
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] MalwareFox AntiMalware.lnk -- %SystemDrive%\Users\Public\Desktop\MalwareFox AntiMalware.lnk (lnk => C:\PROGRA~2\MALWAR~1\ZAM.exe []) -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : MalwareFox AntiMalware.lnk
[+] value : %SystemDrive%\Users\Public\Desktop\MalwareFox AntiMalware.lnk (lnk => C:\PROGRA~2\MALWAR~1\ZAM.exe [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] lang.lnk -- %_zo8j2_appdata%\Microsoft\Windows\Recent\lang.lnk (lnk => C:\PROGRA~2\MALWAR~1\lang []) -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : lang.lnk
[+] value : %_zo8j2_appdata%\Microsoft\Windows\Recent\lang.lnk (lnk => C:\PROGRA~2\MALWAR~1\lang [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] res.lnk -- %_zo8j2_appdata%\Microsoft\Windows\Recent\res.lnk (lnk => C:\PROGRA~2\MALWAR~1\res []) -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : res.lnk
[+] value : %_zo8j2_appdata%\Microsoft\Windows\Recent\res.lnk (lnk => C:\PROGRA~2\MALWAR~1\res [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] unins000.lnk -- %_zo8j2_appdata%\Microsoft\Windows\Recent\unins000.lnk (lnk => C:\PROGRA~2\MALWAR~1\unins000.dat []) -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : unins000.lnk
[+] value : %_zo8j2_appdata%\Microsoft\Windows\Recent\unins000.lnk (lnk => C:\PROGRA~2\MALWAR~1\unins000.dat [])
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] MalwareFox AntiMalware -- %programdata%\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware -> Deleted
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : MalwareFox AntiMalware
[+] value : %programdata%\Microsoft\Windows\Start Menu\Programs\MalwareFox AntiMalware
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Rogue.MalwareFox (Malicious)] MalwareFox AntiMalware -- %programfiles(x86)%\MalwareFox AntiMalware -> Removed at reboot [91]
[+] scan_what : 1
[+] vendors : Rogue.MalwareFox
[+] Name : MalwareFox AntiMalware
[+] value : %programfiles(x86)%\MalwareFox AntiMalware
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 12
[+] status : 5
[+] status_str : Removed at reboot [91]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0
 

ZoeJ2022

Posts: 25   +0
MALWAREBYTES
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/7/22
Scan Time: 9:18 PM
Log File: 1d8151f4-9e5c-11ec-b57a-c03eba0de16f.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.52029
License: Free

-System Information-
OS: Windows 11 (Build 22000.527)
CPU: x64
File System: NTFS
User: DESKTOP-VNCRUAG\zo8j2

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 345732
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

ZoeJ2022

Posts: 25   +0
ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-07-2022
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 5
# Awaiting reboot:4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [3670 octets] - [07/03/2022 20:20:51]
AdwCleaner[C00].txt - [4471 octets] - [07/03/2022 20:22:01]
AdwCleaner[S01].txt - [1941 octets] - [07/03/2022 21:24:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

ZoeJ2022

Posts: 25   +0
I want to mention that I had installed MalwareFox to help me scan for viruses alongside Malwarebytes and Windows Defender. Having it on my desktop isn't an unwanted installation or anything like that
 

Broni

Posts: 55,925   +506
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

ZoeJ2022

Posts: 25   +0
Here's the results:
FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by zo8j2 (administrator) on DESKTOP-VNCRUAG (Dell Inc. Inspiron 5593) (07-03-2022 22:05:15)
Running from C:\Users\zo8j2\Downloads
Loaded Profiles: zo8j2
Platform: Microsoft Windows 11 Home Version 21H2 22000.527 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe <12>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\httpd.exe <2>
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4789e47f6228caeb\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d8b7fef7fc5b1320\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_34f570cbe7f3d6c7\RstMwService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MariaDB Corporation Ab -> ) [File not signed] C:\xampp\mysql\bin\mysqld.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\drivers\SessionService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64.exe
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-02] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [124599048 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2618248 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-05] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Run: [Figma Agent] => C:\Users\zo8j2\AppData\Local\FigmaAgent\figma_agent.exe [6013152 2022-01-19] (Figma, Inc. -> )
HKLM\...\Windows x64\Print Processors\Canon MG3100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAR.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3100 series: C:\WINDOWS\system32\CNMLMAR.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.51\Installer\chrmstp.exe [2022-03-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18EE9872-DA67-43DD-9EB5-31D01E8DAC89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-19] (Google LLC -> Google LLC)
Task: {1EA48DD3-CEA2-479E-8423-77030E9995E1} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {1EE63CB4-F483-49FF-BD2A-B1FE5328C07E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2597DC96-0778-49C1-8B69-C6F73CF7725E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {38EA67A5-18CD-4725-AC95-7C9A9974D18F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {65FABBF2-FDDF-478B-8EEA-E23713AF1204} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4103816 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AD960C4-16CB-43DB-942E-1B1FBFDC3205} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6481872 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {7242ABA3-9AAC-4624-844E-500CFDEEB275} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {761B1F23-3CB3-4CBE-9C12-2991CE23B134} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (No File)
Task: {77DE17E3-F6E3-4BFC-888C-4D62BC9228E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-19] (Google LLC -> Google LLC)
Task: {7A020A3E-238F-4BCB-BBB2-7B1E12879C94} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3304357071-3265175587-3679879120-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {829D2499-522F-4622-B7C8-93D7FEAD44C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {83595024-FC67-49C5-A517-F08869391144} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {83DEDDDD-69AD-4429-8CB9-4390CFC92DCC} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.104\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC)
Task: {911AA5B1-9460-4B4C-9ADD-B3DAE153D85B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9754932E-E027-40EB-9DC1-DAA01FF507F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580640 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B8D47FA-ED58-4A51-9061-C7F78724081C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {9C537CCE-3456-4878-AB31-2910DB24D3DC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111000 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A331BF67-C06F-47F5-B120-F1D39041E6CA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4724096 2022-01-06] (McAfee, LLC -> McAfee, LLC)
Task: {A69EEFBD-6C6D-44E1-9DAF-4B05F4D83A03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6481872 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7CCD3A6-9B7F-4A49-A2C1-06C3F1A8F782} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B01C5086-1331-40D6-920E-F4B5DF14EC9E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111000 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C744FD0B-303D-4EF9-874A-84431B2A407D} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D6AEB4B9-09B3-42D3-B1E0-0D847F0888D7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580640 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC68F225-4505-4325-96F2-9D7F1346C6B8} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{a8a80b30-9bed-4423-af6e-4fcffdca4681}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{cdc1a4a0-5baa-4861-b945-5a3ad4208631}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\zo8j2\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-15]

FireFox:
========
FF DefaultProfile: 1xfdw3rg.default
FF ProfilePath: C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\1xfdw3rg.default [2020-11-03]
FF ProfilePath: C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release [2022-03-07]
FF Notifications: Mozilla\Firefox\Profiles\4wqx2hcb.default-release -> hxxps://www.dreamstime.com
FF Extension: (Grammarly for Firefox) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2022-03-04]
FF Extension: (React Developer Tools) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\@react-devtools.xpi [2022-01-24]
FF Extension: (InsertLearning) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\jid1-6W3Xsnc0k1KrUQ@jetpack.xpi [2020-11-30]
FF Extension: (Mailvelope) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2021-05-13]
FF Extension: (uBlock Origin) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-02-24]
FF Extension: (Futuristic Theme) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{97d79286-54b7-497b-a00d-273d08135110}.xpi [2021-01-11]
FF Extension: (Animated Kimi no Na wa) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{b7afe29e-2e0a-4f94-bd00-9c1efc629995}.xpi [2021-01-11]
FF Extension: (Vocaloid Miku Future) - C:\Users\zo8j2\AppData\Roaming\Mozilla\Firefox\Profiles\4wqx2hcb.default-release\Extensions\{dc24feba-0bb5-4ebd-8a61-88b810f44464}.xpi [2021-01-11]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default [2021-11-06]
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=E211GB384G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/gossip/gossip-uk-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-06]
CHR Extension: (React Developer Tools) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2021-11-06]
CHR Extension: (Oceanic) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbbacdmgjdfajabgglpjifcedoajdimg [2021-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-14]
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-17]
CHR Profile: C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [29696 2021-02-17] (Apache Software Foundation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [436256 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3847712 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [462880 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50888 2021-06-24] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1024680 2021-09-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{B9AFAF52-2B5E-4B38-8519-BE208947011C} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-11-11] (Dell Inc -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncHelper.exe [3380616 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-03-02] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971912 2022-03-04] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [789752 2021-08-21] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\\McCSPServiceHost.exe [2825792 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1671760 2021-08-10] (McAfee, LLC -> McAfee, LLC)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [16159488 2021-02-18] (MariaDB Corporation Ab -> ) [File not signed]
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\OneDriveUpdaterService.exe [3851128 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-13] (McAfee, LLC -> McAfee, LLC)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14419440 2022-03-07] (ADLICE -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-11-15] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X]
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-02-05] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-27] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-02] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 MpKsld8678778; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C61DA1E8-F754-412B-BB10-7B2EF4D2DD4D}\MpKslDrv.sys [135440 2022-03-07] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [166032 2021-08-13] (Intel Corporation -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2022-03-07] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2022-03-06] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2022-03-02] (Zemana Ltd. -> Zemana Ltd.)
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-07 22:05 - 2022-03-07 22:06 - 000032185 _____ C:\Users\zo8j2\Downloads\FRST.txt
2022-03-07 21:28 - 2022-03-07 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2022-03-07 21:24 - 2022-03-07 21:24 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-07 20:58 - 2022-03-07 21:24 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-03-07 20:58 - 2022-03-07 21:24 - 000000000 ____D C:\ProgramData\RogueKiller
2022-03-07 20:58 - 2022-03-07 20:58 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-03-07 20:58 - 2022-03-07 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-03-07 20:58 - 2022-03-07 20:58 - 000000000 ____D C:\Program Files\RogueKiller
2022-03-07 20:56 - 2022-03-07 20:57 - 042624352 _____ (Adlice Software ) C:\Users\zo8j2\Downloads\RogueKiller_setup.exe
2022-03-07 20:25 - 2022-03-07 22:05 - 000000000 ____D C:\FRST
2022-03-07 20:24 - 2022-03-07 20:24 - 002312192 _____ (Farbar) C:\Users\zo8j2\Downloads\FRST64.exe
2022-03-07 20:20 - 2022-03-07 20:21 - 000000000 ____D C:\AdwCleaner
2022-03-07 20:20 - 2022-03-07 20:20 - 008540344 _____ (Malwarebytes) C:\Users\zo8j2\Downloads\adwcleaner.exe
2022-03-06 09:28 - 2022-03-06 09:28 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2022-03-06 09:27 - 2022-03-06 09:27 - 006617512 _____ (Zemana Ltd. ) C:\Users\zo8j2\Downloads\MalwareFox.exe
2022-03-05 00:00 - 2022-03-05 15:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-03 21:00 - 2022-03-03 21:00 - 000036022 _____ C:\Users\zo8j2\Downloads\nickainley.zip
2022-03-03 21:00 - 2022-03-03 21:00 - 000000000 ____D C:\Users\zo8j2\Downloads\nickainley
2022-03-03 17:41 - 2022-03-03 17:41 - 000160515 _____ C:\Users\zo8j2\Downloads\AdobeColor-Music Online.jpeg
2022-03-02 21:29 - 2022-03-02 21:29 - 000007603 _____ C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg
2022-03-02 16:06 - 2022-03-02 16:06 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2022-03-02 16:04 - 2022-03-02 16:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-02 16:04 - 2022-03-02 16:04 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-02 16:04 - 2022-03-02 16:04 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-02 16:03 - 2022-03-02 16:03 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-02 15:23 - 2022-03-02 15:23 - 000000000 ___HD C:\$SysReset
2022-03-02 14:54 - 2022-03-02 14:54 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\565452E8.sys
2022-03-02 14:52 - 2022-03-02 16:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-02 14:52 - 2022-03-02 14:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4634C5D2.sys
2022-03-02 14:51 - 2022-03-02 15:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-03-02 14:35 - 2022-03-07 22:07 - 000111754 _____ C:\WINDOWS\ZAM.krnl.trace
2022-03-02 14:35 - 2022-03-07 22:07 - 000070819 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2022-03-02 14:35 - 2022-03-02 14:35 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2022-03-02 14:35 - 2022-03-02 14:35 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Zemana
2022-03-02 14:35 - 2022-03-02 14:35 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Wolf of Webstreet OPC Private Limited
2022-02-22 12:27 - 2022-02-22 12:27 - 000210432 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-02-22 12:27 - 2022-02-22 12:27 - 000015024 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-22 12:17 - 2022-02-22 12:17 - 000000000 ___HD C:\$WinREAgent
2022-02-19 19:29 - 2022-02-19 19:29 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Jedi
2022-02-19 19:29 - 2022-02-19 19:29 - 000000000 ____D C:\Users\zo8j2\.matplotlib
2022-02-19 19:23 - 2022-02-19 19:23 - 000000000 ____D C:\Users\zo8j2\AppData\Local\pip
2022-02-19 19:00 - 2022-02-19 19:01 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.10
2022-02-19 19:00 - 2022-02-19 19:00 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Package Cache
2022-02-17 12:04 - 2022-02-17 12:04 - 000000000 ____D C:\ProgramData\Oracle
2022-02-17 12:03 - 2022-02-17 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProjectLibre
2022-02-10 09:06 - 2022-03-07 21:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-08 14:04 - 2022-02-08 14:04 - 000001764 _____ C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exercise.lnk
2022-02-05 15:15 - 2022-02-05 15:15 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2022-02-05 15:07 - 2022-02-05 15:07 - 000339968 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000311296 _____ C:\WINDOWS\system32\EsclScan.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000188416 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-02-05 15:07 - 2022-02-05 15:07 - 000077824 _____ C:\WINDOWS\system32\APMonUI.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-07 22:03 - 2021-06-05 12:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-07 22:03 - 2020-06-17 20:07 - 000000000 ____D C:\ProgramData\Goodix
2022-03-07 21:42 - 2020-06-19 12:57 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-07 21:42 - 2020-05-19 22:43 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2022-03-07 21:38 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-07 21:35 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-07 21:29 - 2021-11-08 01:58 - 000885420 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-07 21:29 - 2021-06-05 12:09 - 000000000 ____D C:\WINDOWS\INF
2022-03-07 21:26 - 2020-10-31 14:21 - 000000000 ____D C:\Users\zo8j2\AppData\LocalLow\Mozilla
2022-03-07 21:25 - 2020-09-24 12:45 - 000000000 ___RD C:\Users\zo8j2\OneDrive - Glasgow Clyde College
2022-03-07 21:25 - 2020-06-17 12:21 - 000000000 ___RD C:\Users\zo8j2\OneDrive
2022-03-07 21:25 - 2020-06-17 12:17 - 000000000 __SHD C:\Users\zo8j2\IntelGraphicsProfiles
2022-03-07 21:24 - 2021-11-08 02:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-07 21:24 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-07 21:24 - 2021-06-05 12:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-07 21:24 - 2021-03-23 15:56 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-07 21:24 - 2020-06-17 20:07 - 000000000 ____D C:\Intel
2022-03-07 20:22 - 2021-11-08 01:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-07 20:21 - 2020-05-19 22:46 - 000000000 ____D C:\ProgramData\Dell
2022-03-07 20:21 - 2020-05-19 22:41 - 000000000 ____D C:\Program Files\Dell
2022-03-07 20:20 - 2021-06-05 12:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-07 19:52 - 2020-09-07 08:13 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\discord
2022-03-07 19:52 - 2020-09-07 08:13 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Discord
2022-03-06 09:28 - 2021-11-07 19:30 - 000000000 ____D C:\Users\zo8j2
2022-03-05 15:35 - 2020-06-17 12:17 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Packages
2022-03-05 15:35 - 2020-05-19 22:59 - 000000000 ____D C:\ProgramData\Packages
2022-03-05 15:29 - 2020-10-31 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-05 15:29 - 2020-05-19 22:44 - 000000000 ____D C:\Program Files\McAfee
2022-03-05 15:28 - 2020-11-18 20:04 - 000000000 ____D C:\Users\zo8j2\AppData\Local\ElevatedDiagnostics
2022-03-05 15:28 - 2020-06-17 13:52 - 000000000 ____D C:\Program Files (x86)\Steam
2022-03-05 15:26 - 2020-06-17 21:27 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-05 15:24 - 2020-11-13 13:58 - 000000000 ____D C:\Users\zo8j2\AppData\Local\CrashDumps
2022-03-05 15:12 - 2021-11-08 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-03-05 15:12 - 2020-10-31 14:21 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-04 23:00 - 2021-12-04 09:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-03-04 22:47 - 2021-01-22 13:57 - 000000000 __RSD C:\Users\zo8j2\Documents\McAfee Vaults
2022-03-03 22:51 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Figma
2022-03-03 09:13 - 2020-10-09 20:33 - 000000000 ____D C:\Users\zo8j2\AppData\Local\D3DSCache
2022-03-03 09:11 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Local\Figma
2022-03-03 09:03 - 2021-11-08 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-03-02 21:25 - 2020-06-19 12:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-02 21:25 - 2020-06-19 12:58 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-02 16:06 - 2021-11-07 19:30 - 000000000 ____D C:\Users\DefaultAppPool
2022-03-02 16:04 - 2021-06-05 12:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-01 23:30 - 2021-06-05 12:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-01 23:29 - 2021-12-11 22:26 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-01 23:29 - 2021-11-08 01:56 - 000472984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-01 23:28 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-24 18:43 - 2021-12-11 22:27 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-24 18:43 - 2021-12-11 22:26 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3304357071-3265175587-3679879120-1001
2022-02-24 18:43 - 2021-12-04 10:01 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-02-22 20:47 - 2020-09-18 23:00 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Code
2022-02-22 12:36 - 2021-06-05 12:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-22 12:27 - 2021-11-08 01:59 - 003101696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-19 19:00 - 2020-05-19 22:48 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-18 13:02 - 2021-08-08 13:40 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\npm-cache
2022-02-15 11:54 - 2021-12-15 11:01 - 000002404 _____ C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2022-02-15 11:54 - 2021-12-15 11:01 - 000002396 _____ C:\Users\zo8j2\Desktop\Microsoft Teams (work or school).lnk
2022-02-14 23:05 - 2021-11-08 02:02 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2022-02-13 15:22 - 2020-09-18 22:55 - 000000000 ____D C:\Users\zo8j2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2022-02-11 10:45 - 2020-06-19 23:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-11 10:40 - 2020-06-19 23:54 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 20:54 - 2021-08-30 18:12 - 000000000 ____D C:\Users\zo8j2\AppData\Local\FigmaAgent
2022-02-10 00:49 - 2020-05-19 22:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-05 15:15 - 2021-06-05 12:01 - 000000000 ____D C:\WINDOWS\servicing
2022-02-05 14:53 - 2021-06-02 18:46 - 000903678 _____ C:\WINDOWS\ntbtlog.txt
2022-02-05 14:53 - 2021-06-02 18:46 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== Files in the root of some directories ========

2021-01-13 01:03 - 2021-08-17 00:47 - 001094784 _____ () C:\Program Files\UnityCrashHandler64.exe
2021-01-13 01:03 - 2021-08-17 00:47 - 025951360 _____ () C:\Program Files\UnityPlayer.dll
2021-12-16 11:56 - 2021-12-16 11:57 - 000002546 _____ () C:\Users\zo8j2\AppData\Local\krita-sysinfo.log
2021-12-16 11:56 - 2021-12-16 12:04 - 000000591 _____ () C:\Users\zo8j2\AppData\Local\krita.log
2021-12-16 12:04 - 2021-12-16 12:04 - 000000039 _____ () C:\Users\zo8j2\AppData\Local\kritadisplayrc
2021-12-16 11:56 - 2021-12-16 12:04 - 000016435 _____ () C:\Users\zo8j2\AppData\Local\kritarc
2021-05-27 21:42 - 2021-05-27 21:42 - 000000794 _____ () C:\Users\zo8j2\AppData\Local\recently-used.xbel
2022-03-02 21:29 - 2022-03-02 21:29 - 000007603 _____ () C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

ZoeJ2022

Posts: 25   +0
ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by zo8j2 (07-03-2022 22:09:14)
Running from C:\Users\zo8j2\Downloads
Microsoft Windows 11 Home Version 21H2 22000.527 (X64) (2021-11-08 02:03:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3304357071-3265175587-3679879120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3304357071-3265175587-3679879120-503 - Limited - Disabled)
Guest (S-1-5-21-3304357071-3265175587-3679879120-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3304357071-3265175587-3679879120-504 - Limited - Disabled)
zo8j2 (S-1-5-21-3304357071-3265175587-3679879120-1001 - Administrator - Enabled) => C:\Users\zo8j2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
Anki (HKLM-x32\...\Anki) (Version: 2.1.38 - )
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Cisco Packet Tracer 7.3.1 64Bit (HKLM\...\Cisco Packet Tracer 7.3.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Citra (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{74883e7d-b25a-436c-99d0-fe8578d85197}) (Version: 1.0.0 - Citra Team)
Dell Digital Delivery Services (HKLM-x32\...\{560DFD4A-23E2-45DD-A223-A4B3FA356913}) (Version: 4.0.92.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{0B5978E6-D912-4E4F-B117-A164F68BC95C}) (Version: 3.0.9346 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{E0659C89-D276-4B77-A5EC-A8F2F042E78F}) (Version: 3.10.4.18 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E21419F5-2AA6-439C-B2C1-840083A05BC5}) (Version: 5.5.0.16041 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{db72dcd5-bf99-4888-b104-cb605b82ec8a}) (Version: 5.5.0.16041 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.4.0 - Dell Inc.)
Discord (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Figma (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Figma) (Version: 108.1.0 - Figma, Inc.)
Figma Agent (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\FigmaAgent) (Version: 108.1.0 - Figma, Inc.)
FileZilla Client 3.57.0 (HKLM-x32\...\FileZilla Client) (Version: 3.57.0 - Tim Kosse)
FluidUI Editor 1.0 (HKLM\...\FluidUI Editor) (Version: 1.0 - Fluid Software Ltd)
Git version 2.31.1 (HKLM\...\Git_is1) (Version: 2.31.1 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\GitHubDesktop) (Version: 2.9.6 - GitHub, Inc.)
GitMind 1.0.8 (HKLM-x32\...\a0e10d84-6512-552f-a0ec-5dd2e61ffe64) (Version: 1.0.8 - Apowersoft)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 3.0.35.600 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Intel Software Package (HKLM-x32\...\{e1d93543-7ba0-4927-aa7f-09c5fc7f25df}) (Version: 8.7.10600.20700 - Intel) Hidden
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10600.20700 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{7a82309b-956d-4788-8207-25897660c3d6}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Krita (x64) 4.4.8 (HKLM\...\Krita_x64) (Version: 4.4.8.0 - Krita Foundation)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R37 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14931.20120 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.14931.20120 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\a1a734b8150c1d83) (Version: 17.0.7513.25 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{572E990E-67FD-4014-884C-A730BFC7E1D7}) (Version: 4.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.64.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3066.826 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 97.0.2 (x64 en-GB)) (Version: 97.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.2 - Mozilla)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Node.js (HKLM\...\{93EE163B-2A10-4888-BC8C-DB9ED55D77FB}) (Version: 14.17.4 - Node.js Foundation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
osu! (HKLM-x32\...\{8dad1296-86b6-44de-8d84-7707970b796f}) (Version: latest - ppy Pty Ltd)
Pencil (HKLM-x32\...\Pencil) (Version: - Evolus)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
ProjectLibre (HKLM\...\{com.projectlibre1.main}}_is1) (Version: 1.9.3 - ProjectLibre)
Python 3.10.2 (64-bit) (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{c60fd5ac-367d-4e3a-a975-f157502ac30a}) (Version: 3.10.2150.0 - Python Software Foundation)
Python 3.10.2 Add to Path (64-bit) (HKLM\...\{F55A8CCD-A817-4C53-91B8-4B7E6C49DA7B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Core Interpreter (64-bit) (HKLM\...\{6475B354-B0F6-4837-8738-784937D647B2}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Development Libraries (64-bit) (HKLM\...\{8277936D-8A34-4758-893C-0B29342A6F27}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Documentation (64-bit) (HKLM\...\{B51A07AD-9BCE-485D-8721-C7C83992794B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Executables (64-bit) (HKLM\...\{EDEE3162-8399-42D4-9D7C-7DA21275BFD0}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 pip Bootstrap (64-bit) (HKLM\...\{08B7036F-0609-4634-9A5F-1688230E9D9D}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Standard Library (64-bit) (HKLM\...\{D862D299-FDC2-4571-B3A1-27CEE951D2D1}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Tcl/Tk Support (64-bit) (HKLM\...\{7863DF45-23BB-4D83-97B3-CF08F3192F5B}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Test Suite (64-bit) (HKLM\...\{D68594E9-2F98-4EA0-8A94-5D7D9FF51960}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python 3.10.2 Utility Scripts (64-bit) (HKLM\...\{300F0759-8294-4971-9FAD-7AB19FA7B270}) (Version: 3.10.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0CD41B07-EDF9-4B77-8C7C-CCCA1C435970}) (Version: 3.10.7686.0 - Python Software Foundation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10518 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31248 - Realtek Semiconductor Corp.)
Roblox Player for zo8j2 (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for zo8j2 (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\roblox-studio) (Version: - Roblox Corporation)
RogueKiller version 15.4.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.4.0.0 - Adlice Software)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SmartByte Drivers and Services (HKLM\...\{A0CDAD3D-0329-4E3E-8DC1-30E333D6564D}) (Version: 3.1.995 - Rivet Networks)
Spotify (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\Spotify) (Version: 1.1.71.560.gc21c3367 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.22976 - Microsoft Corporation)
Twitch (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 38.0.1 - Ubisoft)
Unity (HKLM-x32\...\Unity) (Version: 2019.3.15f1 - Unity Technologies ApS)
Unity Hub 2.3.2 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.3.2 - Unity Technologies Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.684 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
XAMPP (HKLM\...\xampp) (Version: 8.0.3-0 - Bitnami)
Zoom (HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
Anki Universal -> C:\Program Files\WindowsApps\36558AnkiUniversal.AnkiUniversal_1.4.18.0_x64__qh2hfqm01f5q4 [2022-01-28] (Anki Universal)
Audiotonic – Audacity rebuilt for Windows 10 -> C:\Program Files\WindowsApps\BluskySoftwareInc.17062EE08491F_2.2.3.0_x86__61yk12x6sxn40 [2021-09-29] (Blusky Software Inc.)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.75.1.0_x64__kgqvnymyfvs32 [2022-03-02] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-06-21] (Canon Inc.)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.17.0_x64__2dgmkzkw4h30c [2022-01-21] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.92.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2022-01-28] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-11-06] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.7.0_x64__htrsf667h5kn2 [2022-02-14] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.4.18.0_x86__htrsf667h5kn2 [2021-11-15] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2022-01-28] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.76.2.0_x86__kgqvnymyfvs32 [2022-03-02] (king.com)
Free Virtual Keyboard -> C:\Program Files\WindowsApps\ComfortSoftwareGroup.FreeVirtualKeyboard_5.0.0.0_x64__2tsmkga83t66w [2021-06-03] (Comfort Software Group)
Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_1.1.0.0_x64__9waqn51p1ttv2 [2021-06-30] (Inkscape)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2022-01-28] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1024.0_x64__8j3eq9eme6ctt [2022-02-12] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2022-01-28] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-23] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-21] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.92.17.0_x64__htrsf667h5kn2 [2022-01-28] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Padlet -> C:\Program Files\WindowsApps\WallwisherInc.126506D8EE593_5.0.0.0_x64__xvp70cj3djx16 [2021-12-13] (Wallwisher Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-10] (Microsoft Corporation)
Python 3.10 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.752.0_x64__qbz5n2kfra8p0 [2022-02-19] (Python Software Foundation)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1001.0_x64__rh07ty8m5nkag [2021-10-27] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2022-01-28] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2020-06-17] (Waves Audio)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2206.9.0_x64__cv1g1gvanyjgm [2022-03-07] (WhatsApp Inc.)
 

ZoeJ2022

Posts: 25   +0
==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{04271989-C4D2-EC68-1D17-A35CE8D40051} -> [OneDrive - Glasgow Clyde College] => C:\Users\zo8j2\OneDrive - Glasgow Clyde College [2020-09-24 12:45]
CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\zo8j2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\zo8j2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_e59109c0b9bfb49c\OptaneShellExt.dll [2021-09-14] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt32.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_e59109c0b9bfb49c\OptaneShellExt.dll [2021-09-14] (Intel Corporation -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6-x32: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt32.dll -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-24 23:06 - 2021-03-03 00:13 - 000281600 _____ () [File not signed] C:\xampp\apache\bin\libssh2.dll
2021-03-24 23:06 - 2020-02-17 12:44 - 000395264 _____ () [File not signed] C:\xampp\apache\bin\pcre.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000282112 _____ () [File not signed] C:\xampp\php\libpq.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 001598464 _____ () [File not signed] C:\xampp\php\libsqlite3.dll
2021-03-24 23:06 - 2021-02-17 13:10 - 000213504 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libapr-1.dll
2021-03-24 23:06 - 2021-02-17 13:10 - 000036864 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libapriconv-1.dll
2021-03-24 23:06 - 2021-02-17 13:11 - 000276480 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libaprutil-1.dll
2021-03-24 23:06 - 2021-02-17 13:11 - 000441344 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\bin\libhttpd.dll
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_access_compat.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_actions.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000020992 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_alias.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_allowmethods.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_asis.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000017920 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_auth_basic.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016384 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authn_core.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000015360 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authn_file.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000023552 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_core.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_groupfile.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_host.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_authz_user.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000038400 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_autoindex.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000058880 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cache.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000032256 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cache_disk.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000026112 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_cgi.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000094720 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dav.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023552 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dav_lock.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000016384 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_dir.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_env.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_headers.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000048128 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_include.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000030720 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_info.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_isapi.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000031744 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_log_config.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_mime.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000036352 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_negotiation.so
2021-03-24 23:06 - 2021-02-17 13:11 - 000106496 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_proxy.so
2021-03-24 23:06 - 2021-02-17 13:13 - 000041984 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_proxy_ajp.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000064000 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_rewrite.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000018432 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_setenvif.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000024576 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_socache_shmcb.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000185856 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_ssl.so
2021-03-24 23:06 - 2021-02-17 13:14 - 000027136 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_status.so
2021-03-24 23:06 - 2021-02-17 13:12 - 000015360 _____ (Apache Software Foundation) [File not signed] C:\xampp\apache\modules\mod_version.so
2021-03-24 23:06 - 2020-07-27 10:18 - 000140800 _____ (hxxps://nghttp2.org/) [File not signed] C:\xampp\apache\bin\nghttp2.dll
2021-12-05 13:26 - 2021-12-05 13:31 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.dll
2022-02-16 13:42 - 2022-02-16 13:43 - 000137168 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\WebView2Loader.dll
2021-01-09 07:35 - 2021-01-09 07:35 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-03-24 23:06 - 2021-02-17 13:03 - 003434496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\xampp\apache\bin\libcrypto-1_1-x64.dll
2021-03-24 23:06 - 2021-02-17 13:04 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\xampp\apache\bin\libssl-1_1-x64.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000086528 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_bz2.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000583168 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_curl.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000072704 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_exif.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 006751232 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_fileinfo.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000057344 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_ftp.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000054784 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_gettext.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 001447424 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_mbstring.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000110592 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_mysqli.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000142848 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_openssl.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000029696 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_pdo_mysql.dll
2021-03-24 23:06 - 2021-03-03 00:13 - 000028160 _____ (The PHP Group) [File not signed] C:\xampp\php\ext\php_pdo_sqlite.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 000035840 _____ (The PHP Group) [File not signed] C:\xampp\php\php8apache2_4.dll
2021-03-24 23:06 - 2021-03-03 00:12 - 009031168 _____ (The PHP Group) [File not signed] C:\xampp\php\php8ts.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> DefaultScope {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-03-04] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-03-04] (McAfee, LLC -> McAfee, LLC)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\sharepoint.com -> hxxps://glasgowclydecollege-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-10-25 12:09 - 2020-10-25 12:14 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zo8j2\Downloads\552539-Chiaki-Nanami.png
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\...\StartupApproved\Run: => "Figma Agent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{154CB5AB-D1CE-4BBC-A678-BA51D28157DC}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [TCP Query User{9C2E0E31-B050-4210-BACA-FD119F508B39}C:\program files (x86)\apowersoft\gitmind\gitmind.exe] => (Allow) C:\program files (x86)\apowersoft\gitmind\gitmind.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [UDP Query User{DB2D1596-4D29-4683-9BC9-F8020CF7DAD3}C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{08D719B2-0D2D-462F-8E06-4348E1800E86}C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\zo8j2\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{921665B8-1ADD-4E43-B475-4912D354EDB8}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [TCP Query User{79A613CA-A775-4818-8353-F29CC8843568}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [{8C3D69A9-EEC0-490F-A91C-177AE4A79D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVIBRATE Ultimate Edition\iVIBRATE Ultimate Edition.exe () [File not signed]
FirewallRules: [{C3115597-8D1A-4466-BFD0-9C779B3B567E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVIBRATE Ultimate Edition\iVIBRATE Ultimate Edition.exe () [File not signed]
FirewallRules: [{7242C548-69A0-4E85-9A5E-B00F42B9C31D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club Plus\Doki Doki Literature Club Plus.exe () [File not signed]
FirewallRules: [{53D974E7-885E-4D37-8DD7-39D50BC88139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club Plus\Doki Doki Literature Club Plus.exe () [File not signed]
FirewallRules: [UDP Query User{8946FB93-3BB2-47A1-88E4-4114DBB25D59}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [TCP Query User{53B726C0-8AE4-4518-A997-0E36D8643E89}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{A1A0E7D3-7EE6-4EEE-BE66-A055CC1ACA23}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{A8D59906-C466-40EA-8F59-5F283FBF5771}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [UDP Query User{3F3F0636-1414-4A98-B68F-45E9D2813171}C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe] => (Block) C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{3258518F-C2E1-4162-8A3E-B5492B00DD0F}C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe] => (Block) C:\users\zo8j2\documents\flashpoint 9.0 infinity\legacy\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{FF9A266E-11B6-4E84-89D6-DFD3FD008A01}C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B9D440D4-62C4-4D32-8F92-9489C78922D4}C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\zo8j2\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C273150-46C6-4B8C-BB49-344EC9FEED70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 4\The Jackbox Party Pack 4.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{0C3B3B8E-A6D7-4CEB-A888-A24FB5A48E8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 4\The Jackbox Party Pack 4.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{C2BAFE2F-9F7A-45B6-9975-9E941595151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL1XL\YDKJV1.EXE () [File not signed]
FirewallRules: [{B1564427-9301-48E9-B4A9-E282743A45CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL1XL\YDKJV1.EXE () [File not signed]
FirewallRules: [{5DE64F57-DD5E-4404-B009-0C625BCC81B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL2\YDKJV2.EXE () [File not signed]
FirewallRules: [{941E675B-CDDD-4FC3-AAE1-FDEB964BDE7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL2\YDKJV2.EXE () [File not signed]
FirewallRules: [{C5AEFC84-9281-45FF-991D-E3B06495A744}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL3\YDKJV3.EXE () [File not signed]
FirewallRules: [{77F13111-65C0-4976-B443-A506FCD2E75C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\YDKJ_VOL3\YDKJV3.EXE () [File not signed]
FirewallRules: [{23FCABB7-7E7D-46F6-B278-A72A4D139441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{F4181DB6-1884-4BC4-B0AB-BBD792656870}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{47897864-8F7C-4432-A20E-C91D6BD859CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A6500B18-B016-4034-A1A4-A889FEB5DEBC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FA62A4F1-2182-4623-ABBC-9862FA0B75C8}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{E698976D-8DC5-4D80-85B3-3ECE666B10FD}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{4971EC77-58CE-4CF9-BFE3-25BE64138FC7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{10FEAEBF-5A3F-479B-B594-F103DE35D68C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{33B7819E-08EA-4B1F-B6A6-9554B30F9188}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{10E192E0-24EA-43C4-87AB-3456C7DF816B}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{FB825FF5-924A-4078-967B-24148CD2A51A}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.4.0f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{54E7DA98-5091-408E-90E7-701C167222EC}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.4.0f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{4573E4BC-8781-4437-837B-E4874668AE76}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{96B5D9BA-DCD1-412D-B1A4-3A6EBD91D191}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{2AAA743F-C298-4269-9D98-F25DA56267D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{66BAB2FE-82FA-477B-93B9-2664897FCA41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{A0505959-5BF3-4A37-A589-D855B89C53EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0BF19CDB-7D8D-428A-8588-CD10E646EB7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{67C7E2ED-75D0-4663-9655-89875BA2EBF7}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3BD8EDD3-E79A-4D2F-BA75-BF0251A9872E}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2F10C9D6-28C9-439A-847D-96D77D0D5BCF}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{DFD323C0-E9D8-4B1F-8A23-17F62EEB6FC9}C:\users\zo8j2\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\zo8j2\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{20927102-9119-4823-A9E3-460EA190BF6E}C:\users\zo8j2\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\zo8j2\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35805D5B-2D35-4579-A5DC-DA37A4F56C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B67B84CE-2E51-4E7D-A17D-1F3E00D0292A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31B0E541-11DC-45B8-A7CB-9B2B1666AA61}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7861C93B-4F95-4AB4-AC13-B83DF7613FE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91A0BAE7-27DA-4BEE-AE6A-84B31A8CA662}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53602668-A5E2-483D-9378-D8AC3533376E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE1059F4-216A-459A-A5C4-6DBB4EC55511}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{411EB57F-B194-4EC3-91B0-5B8C7BC1FEFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{3BC11B6D-F81D-441B-8079-BF12B41203D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{AAC51C0E-163E-42CE-B82C-8CC9DBFBDDB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63FDC5CE-38FF-4DEC-AB4A-D7685338ED9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC4EF216-1B95-4E84-8E8B-07AD90C97AF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{906B4E5C-F3BB-4790-A4FF-8214091C1967}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7563EB23-B91F-46BE-8200-71DD58E57E5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{953EB642-7942-4F6A-9087-C88F33DD5A48}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9295979A-4915-4E38-9D39-C6B2DA7750E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B9E7FA6-5BBE-4AA3-8047-75C3F466DE6F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.30\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

07-03-2022 20:21:46 AdwCleaner_BeforeCleaning_07/03/2022_20:21:45
07-03-2022 21:24:15 AdwCleaner_BeforeCleaning_07/03/2022_21:24:15

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2022 09:24:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/07/2022 09:24:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/07/2022 09:24:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/07/2022 09:24:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (03/07/2022 08:21:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9f371355-f70f-4074-a37b-1fef6a6ce2e7}

Error: (03/05/2022 03:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.22000.527, time stamp: 0x27a6d211
Faulting module name: MusUpdateHandlers.dll, version: 10.0.22000.434, time stamp: 0x45053d4e
Exception code: 0xc0000005
Fault offset: 0x0000000000092185
Faulting process id: 0x37b8
Faulting application start time: 0x01d830a4ebf0c570
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\MusUpdateHandlers.dll
Report Id: 682abc42-3ca7-4b96-b4fe-1960f7108de2
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/04/2022 03:40:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]


System errors:
=============
Error: (03/07/2022 10:03:51 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{CDC1A4A0-5BAA-4861-B945-5A3AD4208631} because another computer on the network has the same name. The server could not start.

Error: (03/07/2022 09:57:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/07/2022 09:26:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Remediation service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 09:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Browser Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 09:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RAPSService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 09:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartByte Network Service x64 service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/07/2022 09:24:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Restart the service.

Error: (03/07/2022 09:24:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
================
Date: 2022-03-07 20:16:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-07 20:01:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: VirTool:Win32/DefenderTamperingRestore
Severity: Severe
Category: Tool
Path: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.359.1530.0, AS: 1.359.1530.0, NIS: 1.359.1530.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-03-02 15:13:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2022-03-02 15:02:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:HTML/CryptoStealBTC
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\7S4M5NYK.htm; file:_C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\7S4M5NYK.htm->(SCRIPT0004)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\zo8j2\Desktop\mbar\mbar.exe
Security intelligence Version: AV: 1.359.1225.0, AS: 1.359.1225.0, NIS: 1.359.1225.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3

Date: 2022-03-02 14:44:51
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/MuProcSchtaskfromOffice.A
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:12232:385598926489988; process:_pid:12232,ProcessStart:132907023402467799
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Security intelligence Version: AV: 1.359.1225.0, AS: 1.359.1225.0, NIS: 1.359.1225.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Event[0]

Date: 2022-02-05 14:53:08
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2022-03-07 21:54:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-07 21:54:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-07 21:34:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-07 21:33:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.18.0 10/06/2021
Motherboard: Dell Inc. 0FHJFF
Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz
Percentage of memory in use: 81%
Total physical RAM: 7959.47 MB
Available physical RAM: 1439.18 MB
Total Virtual: 12823.47 MB
Available Virtual: 4680.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:459.12 GB) (Free:322.25 GB) NTFS

\\?\Volume{cd7e2b49-5b7e-48bc-907e-3e1d0dac87df}\ () (Fixed) (Total:1.03 GB) (Free:0.1 GB) NTFS
\\?\Volume{0b7dd702-8532-4187-97db-104bf4ef2f81}\ (Image) (Fixed) (Total:14.7 GB) (Free:0.15 GB) NTFS
\\?\Volume{4740db9f-54ab-4616-9e84-57b3f50a6ae4}\ (DELLSUPPORT) (Fixed) (Total:1.71 GB) (Free:0.86 GB) NTFS
\\?\Volume{e1d8bec5-0aa6-4e97-86d7-b0f51eece990}\ (ESP) (Fixed) (Total:0.24 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0A3A0110)

Partition: GPT.

==================== End of Addition.txt =======================
 

ZoeJ2022

Posts: 25   +0
After looking up the issues Defender had detected, I have found other users with the same issue. Turns out it's an issue between Dell and Microsoft with Defender showing false positives for malware, I uninstalled some of the Dell bloatware and the threats seem to be gone. I'd say that was the issue, but if there's any abnormalities in my reports then I'd be happy to get some help fixing them! Either way I can't thank you enough for your support.
 

Broni

Posts: 55,925   +506
Good news, but let's finish our cleaning process.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.9 KB · Views: 36

ZoeJ2022

Posts: 25   +0
Thank you for the fixlist! Here's the log you asked for:



Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by zo8j2 (08-03-2022 09:06:41) Run:1
Running from C:\Users\zo8j2\Desktop
Loaded Profiles: zo8j2
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1EA48DD3-CEA2-479E-8423-77030E9995E1} - \Mozilla\Firefox Background Update 308046B0AF4A39CB -> No File <==== ATTENTION
Task: {7242ABA3-9AAC-4624-844E-500CFDEEB275} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {761B1F23-3CB3-4CBE-9C12-2991CE23B134} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [No File]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X]
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]
S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2021-01-13 01:03 - 2021-08-17 00:47 - 001094784 _____ () C:\Program Files\UnityCrashHandler64.exe
2021-01-13 01:03 - 2021-08-17 00:47 - 025951360 _____ () C:\Program Files\UnityPlayer.dll
2021-12-16 11:56 - 2021-12-16 11:57 - 000002546 _____ () C:\Users\zo8j2\AppData\Local\krita-sysinfo.log
2021-12-16 11:56 - 2021-12-16 12:04 - 000000591 _____ () C:\Users\zo8j2\AppData\Local\krita.log
2021-12-16 12:04 - 2021-12-16 12:04 - 000000039 _____ () C:\Users\zo8j2\AppData\Local\kritadisplayrc
2021-12-16 11:56 - 2021-12-16 12:04 - 000016435 _____ () C:\Users\zo8j2\AppData\Local\kritarc
2021-05-27 21:42 - 2021-05-27 21:42 - 000000794 _____ () C:\Users\zo8j2\AppData\Local\recently-used.xbel
2022-03-02 21:29 - 2022-03-02 21:29 - 000007603 _____ () C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\zo8j2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1-x32: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt32.dll -> No File
ContextMenuHandlers6-x32: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt32.dll -> No File
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> DefaultScope {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
SearchScopes: HKU\S-1-5-21-3304357071-3265175587-3679879120-1001 -> {E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} URL =
FirewallRules: [UDP Query User{921665B8-1ADD-4E43-B475-4912D354EDB8}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [TCP Query User{79A613CA-A775-4818-8353-F29CC8843568}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe] => (Allow) C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe => No File
FirewallRules: [{4971EC77-58CE-4CF9-BFE3-25BE64138FC7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{10FEAEBF-5A3F-479B-B594-F103DE35D68C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{33B7819E-08EA-4B1F-B6A6-9554B30F9188}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{4573E4BC-8781-4437-837B-E4874668AE76}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{96B5D9BA-DCD1-412D-B1A4-3A6EBD91D191}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.3.15f1\Editor\Unity.exe => No File
FirewallRules: [{3BD8EDD3-E79A-4D2F-BA75-BF0251A9872E}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2F10C9D6-28C9-439A-847D-96D77D0D5BCF}] => (Allow) C:\Users\zo8j2\AppData\Roaming\Zoom\bin\airhost.exe => No File

*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EA48DD3-CEA2-479E-8423-77030E9995E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA48DD3-CEA2-479E-8423-77030E9995E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7242ABA3-9AAC-4624-844E-500CFDEEB275}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7242ABA3-9AAC-4624-844E-500CFDEEB275}" => removed successfully
C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{761B1F23-3CB3-4CBE-9C12-2991CE23B134}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{761B1F23-3CB3-4CBE-9C12-2991CE23B134}" => removed successfully
C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@update.avastbrowser.com/Avast Browser;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\avast => removed successfully
avast => service removed successfully
HKLM\System\CurrentControlSet\Services\avastm => removed successfully
avastm => service removed successfully
HKLM\System\CurrentControlSet\Services\dcpm-notify => removed successfully
dcpm-notify => service removed successfully
Dell SupportAssist Remediation => service not found.
HKLM\System\CurrentControlSet\Services\RAPSService => removed successfully
RAPSService => service removed successfully
HKLM\System\CurrentControlSet\Services\RNDBWM => removed successfully
RNDBWM => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Analytics Service => removed successfully
SmartByte Analytics Service => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Network Service x64 => removed successfully
SmartByte Network Service x64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\DBUtilDrv2" => removed successfully
DBUtilDrv2 => service removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
C:\Program Files\UnityCrashHandler64.exe => moved successfully
C:\Program Files\UnityPlayer.dll => moved successfully
C:\Users\zo8j2\AppData\Local\krita-sysinfo.log => moved successfully
C:\Users\zo8j2\AppData\Local\krita.log => moved successfully
C:\Users\zo8j2\AppData\Local\kritadisplayrc => moved successfully
C:\Users\zo8j2\AppData\Local\kritarc => moved successfully
C:\Users\zo8j2\AppData\Local\recently-used.xbel => moved successfully
C:\Users\zo8j2\AppData\Local\Resmon.ResmonCfg => moved successfully
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\2.0 Zemana AntiMalware => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\2.0 Zemana AntiMalware => removed successfully
"HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3304357071-3265175587-3679879120-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E58EB0B7-56C8-4CFF-9C07-19836A54C2A8} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{921665B8-1ADD-4E43-B475-4912D354EDB8}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{79A613CA-A775-4818-8353-F29CC8843568}C:\users\zo8j2\appdata\local\citra\nightly-mingw\citra-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4971EC77-58CE-4CF9-BFE3-25BE64138FC7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10FEAEBF-5A3F-479B-B594-F103DE35D68C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33B7819E-08EA-4B1F-B6A6-9554B30F9188}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4573E4BC-8781-4437-837B-E4874668AE76}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96B5D9BA-DCD1-412D-B1A4-3A6EBD91D191}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BD8EDD3-E79A-4D2F-BA75-BF0251A9872E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F10C9D6-28C9-439A-847D-96D77D0D5BCF}" => removed successfully


The system needed a reboot.

==== End of Fixlog 09:06:42 ====
 

Broni

Posts: 55,925   +506
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

ZoeJ2022

Posts: 25   +0
Here you go!

CHECKUP
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
McAfee VirusScan
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (99.0.4844.51)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 

ZoeJ2022

Posts: 25   +0
FFS

Farbar Service Scanner Version: 03-11-2021
Ran by zo8j2 (administrator) on 08-03-2022 at 10:42:41
Running from "C:\Users\zo8j2\Downloads"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

ZoeJ2022

Posts: 25   +0
SOPHOS

Code:
Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : DESKTOP-VNCRUAG
   Windows . . . . . . . : 10.0.0.22000.X64/8
   User name . . . . . . : DESKTOP-VNCRUAG\zo8j2
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2022-03-08 10:51:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 4
   Traces  . . . . . . . : 56

   Objects scanned . . . : 4,201,839
   Files scanned . . . . : 369,179
   Remnants scanned  . . : 2,084,458 files / 1,748,202 keys

Malware _____________________________________________________________________

   C:\Users\zo8j2\Documents\Flashpoint 9.0 Infinity\FPSoftware\BrowserPlugins\Vitalize\Clickteam\Vitalize\v3\npmf32.exe
      Size . . . . . . . : 319,616 bytes
      Age  . . . . . . . : 432.4 days (2020-12-31 02:16:43)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D5DC787089BDD208034693B24C619B35F23FE217B3D89A7A2A43F8F397DFEEB4
      Publisher  . . . . : Clickteam
      Description  . . . : Vitalize!
      Version  . . . . . : 2.5.119.0
      Copyright  . . . . : Copyright © Clickteam 1996-2005
    > Sophos . . . . . . : ML/PE-A
      Fuzzy  . . . . . . : 100.0

   C:\Users\zo8j2\Documents\Flashpoint 9.0 Infinity\FPSoftware\Shockwave\PJ12\SPR.exe
      Size . . . . . . . : 381,858 bytes
      Age  . . . . . . . : 432.4 days (2020-12-31 02:16:44)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 617B6BD8D13D72DBB684AB1310EA004BE261B7EA425AA62B400737ACD403239C
      Product  . . . . . : Director 12.0
      Publisher  . . . . : Adobe Systems, Inc.
      Description  . . . : Adobe Projector
      Version  . . . . . : 12.0.1r122
      Copyright  . . . . : Copyright © 1985-2013 Adobe Systems, Inc.
      LanguageID . . . . : 1033
    > Sophos . . . . . . : ML/PE-A
      Fuzzy  . . . . . . : 100.0

   C:\Users\zo8j2\Documents\Flashpoint 9.0 Infinity\FPSoftware\Shockwave\PJ12\SPRD.exe
      Size . . . . . . . : 381,864 bytes
      Age  . . . . . . . : 432.4 days (2020-12-31 02:16:44)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 20E03D8A238F8667526C8BF38FD6767532B96E1692AEEE6E8D58993817A3B0C4
      Product  . . . . . : Director 12.0
      Publisher  . . . . : Adobe Systems, Inc.
      Description  . . . : Adobe Projector
      Version  . . . . . : 12.0.1r122
      Copyright  . . . . : Copyright © 1985-2013 Adobe Systems, Inc.
      LanguageID . . . . : 1033
    > Sophos . . . . . . : ML/PE-A
      Fuzzy  . . . . . . : 100.0

   C:\Users\zo8j2\Documents\Flashpoint 9.0 Infinity\FPSoftware\Shockwave\PJ12\SPRS.exe
      Size . . . . . . . : 381,868 bytes
      Age  . . . . . . . : 432.4 days (2020-12-31 02:16:44)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 70F4FF65CAFEA20617F58E0C3050E0A7418A9A677EFDFFEB5E7295EDCE41162A
      Product  . . . . . : Director 12.0
      Publisher  . . . . : Adobe Systems, Inc.
      Description  . . . : Adobe Projector
      Version  . . . . . : 12.0.1r122
      Copyright  . . . . : Copyright © 1985-2013 Adobe Systems, Inc.
      LanguageID . . . . : 1033
    > Sophos . . . . . . : ML/PE-A
      Fuzzy  . . . . . . : 100.0


Cookies _____________________________________________________________________

   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.samba.tv
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:rd.linksynergy.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\zo8j2\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\zo8j2\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:scorecardresearch.com
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\ads.pubmatic[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\cdn-gl.imrworldwide[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\cdn.adaptv.advertising[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\d5p.de17a[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\dsp.adfarm1.adition[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\secure-assets.rubiconproject[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AG6S2ORF\ssbsync.smartadserver[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\eu-u.openx[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\match.prod.bidr[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\mscom.demdex[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\ssum-sec.casalemedia[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\trc.taboola[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\AW0RC5P6\x.bidswitch[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\acdn.adnxs[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\ap.lijit[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\eus.rubiconproject[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\mcafeeinc.demdex[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\sync.mathtag[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1E1EWUI\widgets.outbrain[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\a17126690382.cdn.optimizely[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\am-match.taboola[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\googleads.g.doubleclick[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\ib.adnxs[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\pixel-sync.sitescout[1].xml
   C:\Users\zo8j2\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PTO4OTZV\us-u.openx[1].xml
 

Broni

Posts: 55,925   +506
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

ZoeJ2022

Posts: 25   +0
Edit: Unfortunately, after following your steps I have ran into a few problems. My wifi, whilst connected, is not loading any webpages using Firefox. And the desktop search function is not working - it loads but automatically closes itself. Any tips?

Edit 2: When I try to access my wifi settings, the settings tab automatically closes. I ran a troubleshooter and got "Windows cannot automatically detect this Network's proxy settings".
 
Last edited:

ZoeJ2022

Posts: 25   +0
Apps will not open either 😟 I would restart my PC but I'm worried incase something goes wrong and I am locked out