Solved Multiple malawarebytes has blocked SysWOW64\rundll32.exe

steve hallam

Posts: 16   +0
Hi all I am new to this and am getting numerous alerts from norton and saying crypton 2 ransomware blocked and I installed malawarebytes to try and find it now getting multiple variations of the same issue I have run full scans on malawarebytes and FSN I have adwcleaner installed I am struggling to fix this any help appricated
thanks steve
 

steve hallam

Posts: 16   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by steve (administrator) on LAPTOP-5AC7GKJL (HP HP Laptop 15s-fq0xxx) (11-03-2021 01:51:21)
Running from C:\Users\steve\Downloads
Loaded Profiles: steve
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Config.Msi\2c2744d5.rbf <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe <5>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\steve\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\steve\AppData\Roaming\uTorrent\updates\3.5.5_45852\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <7>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointGpuInfo.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ada2367baaae74c0\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ada2367baaae74c0\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_6ca78a08b838e305\RstMwService.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\steve\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.1.151\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.1.151\NortonSecurity.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Spotify AB -> Spotify Ltd) C:\Users\steve\AppData\Roaming\Spotify\Spotify.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\RtkAudUService64.exe [973304 2019-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97229056 2020-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [31480 2020-04-03] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
HKLM\...\RunOnceEx\kplln: [dxlu] => SHELL32.DLL|ShellExec_RunDLL|regsvr32 /u -S "C:\windows\Temp\pzqg.etl."
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-06] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [12822184 2020-03-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8162392 2020-07-01] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-08-27] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Print\Monitors\HP A511 Status Monitor: hpinkstsA511LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-11] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034EC3A7-1E3F-4B19-BF34-66A7CB1A1D24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F2DB148-8C1B-41EC-A9CD-403F08AFE7F9} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [303960 2020-11-23] (HP Inc. -> HP Inc.)
Task: {3AE62B51-EFA9-4A94-8B2E-B6BCBA7ADAD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {5061C3AB-76D0-481D-AB70-F872246D586B} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {54D3FFCB-DF68-4B1C-937D-9AA5B80755D3} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {5BDF824D-24CB-4260-AFF0-F2C77CFCB110} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {65A33B6F-48DE-4F99-937F-EA2E4C350EC3} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {6C4D8B27-2B28-4C2A-B619-D152B5164A79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18J321G6 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {792CDF6E-620D-4F98-AE89-12EF0D42D063} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {90A2EA4B-891E-4B21-B517-F5E772A2B577} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {9BA7A03A-720F-4489-B86F-B0382EF3A8AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {A277A0D6-7B0C-4A0F-9A96-24EAB8FAAAA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-03] (Google LLC -> Google LLC)
Task: {A369BE4F-F99C-4D1E-AB21-9AD023846DB4} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {A5D927E7-F54D-48AA-A0BF-952BD8064C5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {A61955C8-A3AE-4566-AD26-0A21DF35984B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-08-27] (Garmin International, Inc. -> )
Task: {A8F703A9-2439-4902-BD77-E744208B4350} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.1.151\WSCStub.exe [643544 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AC61D532-8A89-40A1-9C79-DD4279318941} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-03] (Google LLC -> Google LLC)
Task: {AD9958EE-F7E4-4183-8AC7-E7A946362EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH0BIDW328 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {B0A6951A-9F6C-4D88-9AC2-D11DE25EC27A} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {B1AD0E63-096D-4BCD-8808-B345F693958A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {B4E5A303-FC51-4E5A-8A90-2D421F92D396} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA06CB76-F065-4664-BC2E-DD8A99AD8532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-10-01] (HP Inc. -> HP Inc.)
Task: {C45AA4B7-E9B5-478D-AB2D-768433BFB9C1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA41593C-4360-4E3C-B87D-8E12A4561BDB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E98E0627-CFAA-4FD1-ACA1-A9D455B16289} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [300376 2021-02-22] (HP Inc. -> )
Task: {EFBC9427-200F-4315-90D5-87DD0A5AD5D6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2344568 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7e313563-8bed-4dde-9497-4254218cc084}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-11]
Edge Extension: (Norton Safe Web) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-01-11]

FireFox:
========
FF DefaultProfile: 6gqjgwme.default
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\6gqjgwme.default [2020-08-19]
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release [2021-03-11]
FF Homepage: Mozilla\Firefox\Profiles\cpa1t4gl.default-release -> hxxps://www.plymouth.ac.uk/
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2021-03-11]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-03]
CHR Extension: (Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-03]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2020-09-29]
CHR Extension: (Norton Safe Web) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-02-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-25]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2020-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR HKLM-x32\...\Chrome\Extension: [cmllgdnjnkbapbchnebiedipojhmnjej]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\AppHelperCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\NetworkCap.exe [692736 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-04] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\SysInfoCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [2607864 2020-04-03] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.1.151\NortonSecurity.exe [343296 2021-02-22] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.1.151\nsWscSvc.exe [1054496 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 ss_conn_launcher_service; C:\windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-12-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-07-01] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20210302.001\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1615010.097\ccSetx64.sys [192248 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-10] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20210309.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2021-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [198248 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [142416 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R1 SRTSP; C:\windows\System32\drivers\NGCx64\1615010.097\SRTSP64.SYS [889712 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1615010.097\SRTSPX64.SYS [51056 2021-02-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1615010.097\SYMEFASI64.SYS [2060656 2021-02-22] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\windows\System32\drivers\NGCx64\1615010.097\SymELAM.sys [25080 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712368 2020-01-06] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1615010.097\Ironx64.SYS [316488 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1615010.097\symnets.sys [575328 2021-02-22] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [45960 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [401120 2020-06-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-03] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
R1 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1615010.097\wpCtrlDrv.sys [1013792 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WinRing0_1_2_0; \??\C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 01:49 - 2021-03-11 01:51 - 000043628 _____ C:\Users\steve\Downloads\Addition.txt
2021-03-11 01:47 - 2021-03-11 01:52 - 000027172 _____ C:\Users\steve\Downloads\FRST.txt
2021-03-11 01:47 - 2021-03-11 01:51 - 000000000 ____D C:\FRST
2021-03-11 01:46 - 2021-03-11 01:46 - 002301440 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2021-03-11 01:46 - 2021-03-11 01:46 - 000000000 ____D C:\Users\steve\AppData\LocalLow\IGDump
2021-03-11 01:45 - 2021-03-11 01:46 - 002013696 _____ (Farbar) C:\Users\steve\Downloads\FRST.exe
2021-03-11 01:41 - 2021-03-11 01:41 - 000000000 ____D C:\windows\system32\Tasks\Remediation
2021-03-11 01:16 - 2021-03-11 01:16 - 006582736 _____ (EnigmaSoft Limited) C:\Users\steve\Downloads\SpyHunter-5.10-6-5285-Installer.exe
2021-03-11 01:16 - 2021-03-11 01:16 - 006582736 _____ (EnigmaSoft Limited) C:\Users\steve\Downloads\SpyHunter-5.10-6-5285-Installer(1).exe
2021-03-11 00:51 - 2021-03-11 00:51 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2021-03-11 00:51 - 2021-03-11 00:51 - 000220616 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2021-03-11 00:51 - 2021-03-11 00:51 - 000198248 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2021-03-11 00:51 - 2021-03-11 00:51 - 000142416 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2021-03-11 00:51 - 2021-03-11 00:51 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2021-03-11 00:51 - 2021-03-11 00:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-11 00:51 - 2021-03-11 00:51 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-03-11 00:51 - 2021-03-11 00:51 - 000000000 ____D C:\Users\steve\AppData\Local\mbam
2021-03-11 00:51 - 2021-03-11 00:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-11 00:51 - 2021-03-11 00:50 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2021-03-11 00:51 - 2021-03-11 00:50 - 000019912 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2021-03-11 00:50 - 2021-03-11 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-11 00:49 - 2021-03-11 00:49 - 001965536 _____ (Malwarebytes) C:\Users\steve\Downloads\MBSetup-80562.80562-consumer.exe
2021-03-11 00:30 - 2021-03-11 00:30 - 000000000 ____D C:\Users\steve\AppData\Roaming\WinRAR
2021-03-11 00:30 - 2021-03-11 00:30 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-11 00:30 - 2021-03-11 00:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-03-11 00:29 - 2021-03-11 00:30 - 000000000 ____D C:\Program Files\WinRAR
2021-03-11 00:29 - 2021-03-11 00:29 - 003324304 _____ (Alexander Roshal) C:\Users\steve\Downloads\winrar-x64-600.exe
2021-03-11 00:07 - 2021-03-11 00:07 - 000002544 _____ C:\Users\steve\Desktop\Grammarly.lnk
2021-03-11 00:07 - 2021-03-11 00:07 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2021-03-11 00:07 - 2021-03-11 00:07 - 000000000 ____D C:\Users\steve\AppData\Local\GrammarlyForWindows
2021-03-10 23:05 - 2021-03-10 23:05 - 000000000 ____D C:\Users\steve\AppData\Local\WordRake Holdings
2021-03-10 23:04 - 2021-03-10 23:04 - 000000000 ____D C:\Program Files (x86)\WordRake Holdings, LLC
2021-03-10 23:02 - 2021-03-10 23:02 - 011205392 _____ (WordRake Holdings, LLC) C:\Users\steve\Downloads\WordRakeInstall.exe
2021-03-10 23:02 - 2021-03-10 23:02 - 000000000 ____D C:\Users\steve\AppData\Local\Downloaded Installations
2021-03-10 22:21 - 2021-03-10 22:21 - 000000000 ____D C:\Users\steve\AppData\Roaming\Scribens
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-03-08 05:43 - 2021-03-08 05:43 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Norton
2021-03-04 14:55 - 2021-03-10 19:23 - 000000000 ____D C:\windows\system32\Tasks\Norton 360
2021-03-04 14:55 - 2021-03-04 14:55 - 000003378 _____ C:\windows\system32\Tasks\Norton WSC Integration
2021-03-04 14:55 - 2021-03-04 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-02-26 10:22 - 2021-02-26 10:22 - 000873444 _____ C:\Users\steve\Downloads\dh_133176.pdf
2021-02-26 10:07 - 2021-03-10 10:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-20 07:19 - 2021-02-20 07:20 - 000301239 _____ C:\Users\steve\Downloads\ndt-13-2231.pdf
2021-02-18 14:16 - 2021-02-18 14:16 - 014817704 _____ (Grammarly) C:\Users\steve\Downloads\GrammarlyAddInSetup.exe
2021-02-16 14:45 - 2021-02-16 14:45 - 005339127 _____ C:\Users\steve\Desktop\Unconcscious bias webinar_.pptx
2021-02-12 15:14 - 2021-02-12 15:14 - 002755584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2021-02-12 15:13 - 2021-02-12 15:13 - 002755584 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2021-02-12 15:13 - 2021-02-12 15:13 - 000232752 _____ C:\windows\system32\containerdevicemanagement.dll
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2021-02-12 09:48 - 2021-02-12 10:02 - 2473174192 _____ C:\Users\steve\Downloads\Rocketman.2019.1080p.BRRip.x264.6CH-MkvCage.com.mkv
2021-02-10 21:56 - 2021-02-10 21:56 - 010535260 _____ C:\Users\steve\Downloads\Antidepressants, Antipsychotics, Anxiolytics From Chemistry and Pharmacology to Clinical Application (z-lib.org).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 01:51 - 2020-06-26 10:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\uTorrent
2021-03-11 01:45 - 2020-06-03 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-11 01:45 - 2020-06-03 15:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-11 01:31 - 2020-08-19 18:33 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-11 01:30 - 2020-08-19 18:33 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Mozilla
2021-03-11 01:23 - 2020-06-04 08:30 - 000000000 ____D C:\Users\steve\AppData\Roaming\Spotify
2021-03-11 00:51 - 2019-03-19 04:52 - 000000000 ___HD C:\windows\ELAMBKUP
2021-03-11 00:45 - 2020-12-30 18:36 - 000000000 ____D C:\Users\steve\AppData\Local\NPE
2021-03-11 00:40 - 2020-06-26 10:16 - 000000000 ____D C:\Users\steve\AppData\Local\BitTorrentHelper
2021-03-11 00:15 - 2020-07-21 10:53 - 000000000 ____D C:\Users\steve\AppData\Roaming\Grammarly
2021-03-11 00:07 - 2020-06-03 20:42 - 000000000 ____D C:\Users\steve\AppData\Local\SquirrelTemp
2021-03-10 23:44 - 2020-09-08 19:35 - 000000000 ____D C:\Users\steve\AppData\LocalLow\uTorrent
2021-03-10 22:22 - 2020-06-08 20:04 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-10 22:21 - 2020-03-16 13:53 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2021-03-10 22:18 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-10 22:12 - 2020-06-03 15:37 - 000004168 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{004BC413-C5A1-4501-B766-B56D7562EC1A}
2021-03-10 22:09 - 2019-04-15 15:38 - 000000000 ____D C:\windows\system32\SleepStudy
2021-03-10 19:33 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-10 10:47 - 2020-08-19 18:33 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-10 10:47 - 2020-08-19 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-10 10:30 - 2020-06-03 20:52 - 000000000 ___RD C:\Users\steve\OneDrive - University of Plymouth
2021-03-09 15:28 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-09 15:28 - 2019-03-19 04:52 - 000000000 ____D C:\windows\AppReadiness
2021-03-09 11:50 - 2020-06-04 08:31 - 000000000 ____D C:\Users\steve\AppData\Local\Spotify
2021-03-06 15:10 - 2020-06-04 08:38 - 000000000 ____D C:\Program Files\Common Files\AV
2021-03-06 14:51 - 2020-06-03 15:23 - 000000000 ___RD C:\Users\steve\OneDrive
2021-03-06 14:50 - 2020-06-03 15:36 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-06 14:50 - 2020-06-03 15:36 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-05 12:45 - 2020-06-03 15:19 - 000000000 ____D C:\Users\steve\AppData\Local\PlaceholderTileLogoFolder
2021-03-04 14:55 - 2020-06-03 20:17 - 000002436 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-03-04 14:55 - 2020-06-03 20:16 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2021-03-04 14:55 - 2019-03-19 04:37 - 000032768 _____ C:\windows\system32\config\ELAM
2021-03-04 12:28 - 2020-06-15 14:55 - 000000000 ____D C:\Users\steve\Documents\My Kindle Content
2021-03-04 12:02 - 2020-06-03 15:33 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:02 - 2020-06-03 15:33 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 12:27 - 2020-08-19 18:01 - 000188554 _____ C:\Users\steve\Documents\My EndNote Library.enl
2021-02-25 09:42 - 2020-06-03 15:23 - 000003380 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2260596255-3006137883-4004939090-1001
2021-02-25 09:41 - 2020-03-16 13:47 - 000002374 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-25 02:36 - 2020-06-08 20:00 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2021-02-24 10:00 - 2020-09-29 18:17 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-23 12:14 - 2019-03-19 04:50 - 000000000 ____D C:\windows\INF
2021-02-22 14:00 - 2020-10-01 19:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-22 11:44 - 2019-11-29 04:46 - 001024702 _____ C:\windows\system32\PerfStringBackup.INI
2021-02-22 10:33 - 2020-06-04 23:31 - 000000000 ____D C:\Users\steve\AppData\Local\HP_Inc
2021-02-22 09:47 - 2020-06-04 08:36 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2021-02-20 11:53 - 2019-11-29 04:44 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-18 14:16 - 2020-06-03 20:55 - 000000000 ____D C:\Users\steve\AppData\Local\Package Cache
2021-02-18 14:07 - 2020-06-04 22:42 - 000000000 ____D C:\Users\steve\AppData\Local\HP
2021-02-16 14:18 - 2020-06-04 14:43 - 000000000 ____D C:\Users\steve\Documents\Zoom
2021-02-15 20:14 - 2020-03-16 13:53 - 000000000 __SHD C:\Users\steve\IntelGraphicsProfiles
2021-02-15 20:14 - 2020-03-16 13:53 - 000000000 ___RD C:\Users\steve\3D Objects
2021-02-15 20:14 - 2020-03-16 13:06 - 000000000 ____D C:\Intel
2021-02-15 20:14 - 2019-04-15 15:38 - 000543808 _____ C:\windows\system32\FNTCACHE.DAT
2021-02-15 20:14 - 2019-04-15 15:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-02-15 20:13 - 2019-11-29 12:25 - 000000000 ____D C:\windows\system32\Drivers\en-GB
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\SysWOW64\Dism
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\SystemResources
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\oobe
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\es-MX
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\Dism
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\ShellExperiences
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\PolicyDefinitions
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\bcastdvr
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-15 20:13 - 2019-03-19 04:37 - 000786432 _____ C:\windows\system32\config\BBI
2021-02-12 15:16 - 2019-03-19 04:37 - 000000000 ____D C:\windows\CbsTemp
2021-02-12 15:15 - 2019-03-19 06:20 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll
2021-02-12 15:15 - 2019-03-19 06:20 - 000019469 _____ C:\windows\system32\OEMDefaultAssociations.xml
2021-02-10 20:36 - 2020-06-04 23:00 - 000000000 ____D C:\windows\system32\MRT
2021-02-10 20:34 - 2020-06-04 23:00 - 130141752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2021-02-10 20:09 - 2020-09-29 18:17 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

steve hallam

Posts: 16   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by steve (11-03-2021 01:52:53)
Running from C:\Users\steve\Downloads
Windows 10 Home Version 1909 18363.1379 (X64) (2020-03-16 13:44:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2260596255-3006137883-4004939090-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2260596255-3006137883-4004939090-503 - Limited - Disabled)
Guest (S-1-5-21-2260596255-3006137883-4004939090-501 - Limited - Disabled)
steve (S-1-5-21-2260596255-3006137883-4004939090-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-2260596255-3006137883-4004939090-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{998DF7E5-262F-4391-A117-8D9E383B8C0A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
calibre (HKLM-x32\...\{0EC97EA4-BC70-4A1C-9FF0-2AC27AC0D3D0}) (Version: 5.8.1 - Kovid Goyal)
Elevated Installer (HKLM-x32\...\{5053832D-D695-4E6A-A777-8CC79DF61A85}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X9 (HKLM-x32\...\{86B3F2D6-AC2B-0019-8AE1-F2F77F781B0C}) (Version: 19.2.0.13018 - Clarivate Analytics)
Garmin Express (HKLM-x32\...\{040c11a0-b209-4b21-b861-163f52e01d88}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{F8609938-A6C9-4796-87BC-471F62EA4F0E}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Grammarly (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\GrammarlyForWindows) (Version: 1.5.72 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{D2F1E2C9-B416-40C6-BA64-67691276A56B}) (Version: 6.8.254 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\{2970deb0-0683-4d35-80ae-09b866d6bdd1}) (Version: 6.8.254 - Grammarly)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.1.3.442 - LeapFrog)
LeapFrogConnect2 (HKLM-x32\...\{B7B653AF-D5EB-4A42-BC10-693413138807}) (Version: 4.1.3.442 - LeapFrog) Hidden
LeapStart (HKLM-x32\...\{1A9F9917-B0AC-40E9-A707-3AF14E2F9C3E}) (Version: 4.1.3.442 - LeapFrog) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 86.0 (x64 en-GB)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.1.151 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20448 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
QT5.10.1 (HKLM-x32\...\{D648CC39-D39C-445B-AEB7-213632704032}) (Version: 1.0.0.0 - LeapFrog) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: 1.0.21.3540 - Clarivate Analytics)
Samsung DeX (HKLM-x32\...\{0924F03B-F48D-445B-9302-43E86707EC8B}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{e539e534-854a-46d2-b8f8-f6a3405f782a}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Spotify) (Version: 1.1.53.608.g7ed9c03a - Spotify AB)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version: - LeapFrog)
Use the entry named LeapFrogConnect2 to uninstall LeapStart (HKLM-x32\...\LeapStartPlugin) (Version: - LeapFrog)
Web Companion (HKLM-x32\...\{6f3dcc5c-6c99-4d28-a3f4-de4941722f68}) (Version: 6.0.2285.4135 - Lavasoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WordRake for Word (HKLM-x32\...\{AF060B53-1694-4439-823A-89567D490CE2}) (Version: 3.95.10218.01 - WordRake Holdings, LLC)
Zoom (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-06-04] (Amazon.com)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2021-02-09] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-07-02] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-03-16] (HP Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.55.1.0_x86__kgqvnymyfvs32 [2021-03-09] (king.com)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.7.197.0_x64__v10z8vjag6ke6 [2020-10-13] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2020-12-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2020-09-29] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-25] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.238.0_x64__v10z8vjag6ke6 [2021-02-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-06] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-05] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-03-16] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-26] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-02-25] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2020-12-21] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{04271989-C4D2-D75D-B5E0-68B3DDB1879C} -> [OneDrive - University of Plymouth] => C:\Users\steve\OneDrive - University of Plymouth [2020-06-03 20:52]
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{7602d92f-b925-58fa-c578-ae8cd30d51802}\InprocServer32 -> 0xC5EEC8D10116D7017FA8C9D10116D701010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{819bccaa-38ae-db48-6ec5-953c86fd99448}\InprocServer32 -> 0x3DB9BCD10116D701BF43BED10116D701010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001289216 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cairo.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000230529 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libpng14-14.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\zlib1.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000656896 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LogicNP.Crya4ccf6c6#\ce73cfe044124be80be9a74fbef8240f\LogicNP.CryptoLicensing.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000368128 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Coeaa20892#\971d4437a6fd2662f7c429420175ac17\WordRake.Core.Word.Windows.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 005232128 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Cofdffbf32#\dd3308d739692078271486fdcd7718d1\WordRake.Core.Windows.ni.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2020-08-27 13:51 - 2020-08-27 13:51 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 012968974 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avcodec-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002427918 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avfilter-7.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002538510 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avformat-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avutil-56.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000126478 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swresample-3.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swscale-5.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2020-06-21 19:00 - 2020-06-21 19:00 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2019-11-29 04:44 - 2019-11-29 04:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-11-29 04:44 - 2019-11-29 04:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\pthreadVC2.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001420800 _____ (Pizzolato Davide - www.xdp.it) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cximageu.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000217600 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000404480 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000504320 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
2020-09-11 16:30 - 2020-09-11 16:30 - 000218624 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 004451328 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\NativeSamsungDexFramework.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 002630144 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SCommon.dll
2020-03-04 15:34 - 2020-03-04 15:34 - 006057472 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SLocales.dll
2020-08-27 13:47 - 2020-08-27 13:47 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2018-09-14 10:29 - 2018-09-14 10:29 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icudt53.dll
2018-09-14 10:26 - 2018-09-14 10:26 - 001603584 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuin53.dll
2018-09-14 10:24 - 2018-09-14 10:24 - 001102848 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuuc53.dll
2018-09-24 18:44 - 2018-09-24 18:44 - 001160704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\platforms\qwindows.dll
2018-09-24 18:53 - 2018-09-24 18:53 - 000121344 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\styles\qwindowsvistastyle.dll
2018-11-19 16:47 - 2018-11-19 16:47 - 004381696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Core.dll
2018-09-24 18:03 - 2018-09-24 18:03 - 005141504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Gui.dll
2018-09-24 18:26 - 2018-09-24 18:26 - 004477952 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Widgets.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASS.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSCD.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSWMA.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 001620992 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Core.Word\76eabfc3cc26813ce305858257ea8b19\WordRake.Core.Word.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 002068480 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Core\f7c84f7c53f49d511c77d31293d35162\WordRake.Core.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 020550144 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Engine\97859ff5fbbe37279a60c29f8e7943d5\WordRake.Engine.ni.dll
2021-03-10 23:04 - 2021-03-10 23:04 - 000039424 _____ (WordRake Holdings LLC) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WordRake.Word\3a53d59cd2bc6166684de4915251735b\WordRake.Word.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
SearchScopes: HKLM -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.20.2.57&locale=GB_en&guid=31881C58-BFFC-49E9-808D-E8CE65C16C99&doi=2016-09-01&o=APN11913&cmpgn=may20&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-06-04] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-06-04] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\sharepoint.com -> hxxps://liveplymouthac-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 ____N C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2874397C-CC1B-4942-8651-0F8744F1A601}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8635664D-EA25-4AEB-92F1-A76E9A7AC12D}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F2C4B34F-394B-4327-A6E4-5CB65AC14AC6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06146399-5B8F-4A35-AB6B-38F992B2EBE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B8824FF-A366-4467-AF27-9B221858D191}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAA2CD41-B542-4E88-9CE9-3EC9ED35416F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1489D8A-3315-4B9B-8C88-E1FBDA460E35}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D22F1F73-F410-4522-9317-6D0FFE4089D4}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{ABD5A0D4-1779-460E-9FE6-825A7F2E9082}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{208175EA-2ABC-4DA8-9B9F-31E184D4C280}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E494FA6E-8B1A-4438-A0EB-F7740F24B6A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52927286-A7DF-4747-8AB8-D42C9BD72FFB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BDB82434-FBEC-42C2-A6A2-B1DC8D76E886}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D915C28-6903-4F64-8E94-4CFA359519C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E262CF9-E72A-4D99-B409-2EC99FB71E46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E7BBC67-CFB1-4869-8EDB-924837D2538C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30597C98-6FE7-44F5-A9DE-24EFAE473CAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D930333-B974-4BA5-9745-DEFE6933D7B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.48 GB) (Free:46.32 GB) (39%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/25/2021 02:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.21011.127.0, time stamp: 0x60148b42
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.18362.1350, time stamp: 0xe38b3b0e
Exception code: 0xc000027b
Fault offset: 0x000000000040dc80
Faulting process ID: 0x1430
Faulting application start time: 0x01d70b1ef17f5097
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: ff8d4037-e0fe-40d1-bda0-c78488f44923
Faulting package full name: Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (02/20/2021 07:19:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 16.0.13628.20380, time stamp: 0x601eeb3c
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1350, time stamp: 0x9ccf9e81
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0x46f4
Faulting application start time: 0x01d706306093244f
Faulting application path: C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report ID: ec8e0db8-3704-4e66-b4d3-e5ee3ced5385
Faulting package full name:
Faulting package-relative application ID:

Error: (02/10/2021 08:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: biwinrt.dll, version: 10.0.18362.1316, time stamp: 0xbe673169
Exception code: 0xc000027b
Fault offset: 0x0000000000013fc7
Faulting process ID: 0x35a8
Faulting application start time: 0x01d6ffebe377bd1c
Faulting application path: C:\windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report ID: 28fe7b7b-f944-43f4-885c-c79cd11697a8
Faulting package full name: AD2F1837.HPPrinterControl_122.2.830.0_x64__v10z8vjag6ke6
Faulting package-relative application ID: AD2F1837.HPPrinterControl

Error: (02/09/2021 08:06:09 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/09/2021 08:06:09 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/01/2021 09:28:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.13530.20440, time stamp: 0x60086a17
Faulting module name: OLEAUT32.dll, version: 10.0.18362.1110, time stamp: 0xd9673f48
Exception code: 0xc0000005
Fault offset: 0x000000000008cceb
Faulting process ID: 0x48e4
Faulting application start time: 0x01d6f87c324d74b3
Faulting application path: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\windows\System32\OLEAUT32.dll
Report ID: 7cd9ab3a-443c-40a7-89c4-c8e144fbd0f5
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2021 07:43:00 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (01/24/2021 07:43:00 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/10/2021 03:24:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/10/2021 09:39:59 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/09/2021 03:25:20 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/09/2021 02:11:42 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/09/2021 10:52:05 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/08/2021 03:25:43 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/07/2021 03:25:13 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/07/2021 03:25:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-03-11 00:52:17.907
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-11 00:51:46.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-11 00:51:46.103
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-11 00:51:44.093
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-11 00:34:48.318
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-11 00:34:48.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-11 00:32:59.519
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-10 09:40:19.747
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-10 09:40:19.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-03-10 09:40:19.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Event[10]:

Date: 2021-03-10 09:40:19.648
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.
Event[11]:

Date: 2021-03-10 09:40:19.517
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2020-06-03 20:27:39.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-03 16:20:54.833
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

==================== Memory info ===========================

BIOS: AMI F.09 12/20/2019
Motherboard: HP 864E
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 90%
Total physical RAM: 3986.09 MB
Available physical RAM: 385.87 MB
Total Virtual: 16272.78 MB
Available Virtual: 1633.17 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.48 GB) (Free:46.41 GB) NTFS

\\?\Volume{5861e75a-b3b6-443b-bf7b-8eb381773eb0}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{aed7e95b-57c5-4889-9e62-5bf60d27040d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FDD2E99E)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

steve hallam

Posts: 16   +0
Rogue killer report
RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : steve [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210308_132502, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/03/11 12:31:46 (Duration : 00:12:35)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

steve hallam

Posts: 16   +0
Malware report
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/03/2021
Scan Time: 12:58
Log File: 85ac0978-8269-11eb-a5eb-d8126509fa42.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37999
Licence: Trial

-System Information-
OS: Windows 10 (Build 18363.1379)
CPU: x64
File System: NTFS
User: LAPTOP-5AC7GKJL\steve

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 289910
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 2 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.MailRu, C:\USERS\STEVE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 259, 454830, 1.0.37999, , ame, , 2960184F64C7ADDCE41D03CC9FCA9152, 6A04101D6EA1607675044DA443AF793890DF405D50C44FF0FB84FFF308B46EBA

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

steve hallam

Posts: 16   +0
Adwcleaner report
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-11-2021
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 32
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\steve\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\steve\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\steve\AppData\Roaming\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6f3dcc5c-6c99-4d28-a3f4-de4941722f68}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6f3dcc5c-6c99-4d28-a3f4-de4941722f68}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6f3dcc5c-6c99-4d28-a3f4-de4941722f68}|UninstallString
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\steve\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4946 octets] - [11/03/2021 03:32:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,721   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

steve hallam

Posts: 16   +0
FRST report
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by steve (administrator) on LAPTOP-5AC7GKJL (HP HP Laptop 15s-fq0xxx) (11-03-2021 16:23:29)
Running from C:\Users\steve\Downloads
Loaded Profiles: steve
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointGpuInfo.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ada2367baaae74c0\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ada2367baaae74c0\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_6ca78a08b838e305\RstMwService.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe
(LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\steve\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1430_none_16f0726f2a33ac55\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.1.151\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.1.151\NortonSecurity.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\RtkAudUService64.exe [973304 2019-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97229056 2020-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LeapFrog Connect 2 Launcher] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFLauncher.exe [31480 2020-04-03] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [12822184 2020-03-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-08-27] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Run: [GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Print\Monitors\HP A511 Status Monitor: hpinkstsA511LM.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.82\Installer\chrmstp.exe [2021-03-11] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {236019BD-DEC7-4C39-8970-6E8802123015} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {27A18688-61FF-456E-8D9C-1F8ED5DFA727} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F2DB148-8C1B-41EC-A9CD-403F08AFE7F9} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [303960 2020-11-23] (HP Inc. -> HP Inc.)
Task: {3BF6D926-03E0-4E8D-8D16-E5D4193E609D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2344568 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3CB1FC71-785C-4EAD-8703-809D4F393043} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {501D9C9E-9405-4EA3-8EEA-CF838FC50124} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {5061C3AB-76D0-481D-AB70-F872246D586B} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {54D3FFCB-DF68-4B1C-937D-9AA5B80755D3} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {58033D35-BF3D-4859-BDF6-9A9854400812} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {65A33B6F-48DE-4F99-937F-EA2E4C350EC3} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {6C4D8B27-2B28-4C2A-B619-D152B5164A79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN18J321G6 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {744EFBC5-A14F-4273-9D8F-7BA1ABD128E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5260176 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {792CDF6E-620D-4F98-AE89-12EF0D42D063} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {90A2EA4B-891E-4B21-B517-F5E772A2B577} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {9BA7A03A-720F-4489-B86F-B0382EF3A8AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {A277A0D6-7B0C-4A0F-9A96-24EAB8FAAAA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-03] (Google LLC -> Google LLC)
Task: {A61955C8-A3AE-4566-AD26-0A21DF35984B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-08-27] (Garmin International, Inc. -> )
Task: {A8F703A9-2439-4902-BD77-E744208B4350} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.1.151\WSCStub.exe [643544 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AC61D532-8A89-40A1-9C79-DD4279318941} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-03] (Google LLC -> Google LLC)
Task: {AD9958EE-F7E4-4183-8AC7-E7A946362EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH0BIDW328 => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {B0A6951A-9F6C-4D88-9AC2-D11DE25EC27A} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.1.151\SymErr.exe [115608 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {B1AD0E63-096D-4BCD-8808-B345F693958A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-22] (HP Inc. -> HP Inc.)
Task: {BA06CB76-F065-4664-BC2E-DD8A99AD8532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-10-01] (HP Inc. -> HP Inc.)
Task: {C647AE5D-6674-468A-BF6F-3AF018AD5568} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E79DD61E-F12E-4BE3-9426-8F8C312A0C60} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7e313563-8bed-4dde-9497-4254218cc084}: [DhcpNameServer] 192.168.1.254

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-11]
Edge Extension: (Norton Safe Web) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-01-11]

FireFox:
========
FF DefaultProfile: 6gqjgwme.default
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\6gqjgwme.default [2020-08-19]
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release [2021-03-11]
FF Homepage: Mozilla\Firefox\Profiles\cpa1t4gl.default-release -> hxxps://www.plymouth.ac.uk/
FF HomepageOverride: Mozilla\Firefox\Profiles\cpa1t4gl.default-release -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\cpa1t4gl.default-release -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\cpa1t4gl.default-release -> Enabled: nortonsafesearch_ul_2@symantec.com
FF Extension: (Norton Password Manager) - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release\Extensions\idsafe@norton.com.xpi [2021-03-11]
FF Extension: (Norton Home Page) - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release\Extensions\nortonhomepage@symantec.com.xpi [2021-03-11] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/hp/updates.json]
FF Extension: (Norton Safe Search) - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2021-03-11] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\cpa1t4gl.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2021-03-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2021-03-11]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-03]
CHR Extension: (Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-03]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2020-09-29]
CHR Extension: (Norton Safe Web) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-02-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-25]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2020-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-11]
CHR HKLM-x32\...\Chrome\Extension: [cmllgdnjnkbapbchnebiedipojhmnjej]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\AppHelperCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\NetworkCap.exe [692736 2021-01-06] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-04] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5544a2e7dfd0f875\x64\SysInfoCap.exe [693760 2021-01-06] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
R2 LFHelper; C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\LFHelper.exe [2607864 2020-04-03] (LeapFrog Enterprises, Inc. -> LeapFrog Enterprises, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.1.151\NortonSecurity.exe [343296 2021-02-22] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.1.151\nsWscSvc.exe [1054496 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686592 2021-02-12] (Adlice -> )
S3 ss_conn_launcher_service; C:\windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-12-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20210310.002\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1615010.097\ccSetx64.sys [192248 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-10] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20210310.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2021-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [198248 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [142416 2021-03-11] (Malwarebytes Inc -> Malwarebytes)
R1 SRTSP; C:\windows\System32\drivers\NGCx64\1615010.097\SRTSP64.SYS [889712 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\windows\System32\drivers\NGCx64\1615010.097\SRTSPX64.SYS [51056 2021-02-22] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1615010.097\SYMEFASI64.SYS [2060656 2021-02-22] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\windows\System32\drivers\NGCx64\1615010.097\SymELAM.sys [25080 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2020-06-03] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712368 2020-01-06] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\windows\System32\drivers\NGCx64\1615010.097\Ironx64.SYS [316488 2021-02-22] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\windows\System32\drivers\NGCx64\1615010.097\symnets.sys [575328 2021-02-22] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [45960 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [401120 2020-06-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-03] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
R1 wpCtrlDrv_NGC; C:\windows\System32\drivers\NGCx64\1615010.097\wpCtrlDrv.sys [1013792 2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WinRing0_1_2_0; \??\C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 15:10 - 2021-03-11 15:10 - 000000000 ____D C:\windows\system32\Tasks\Remediation
2021-03-11 12:57 - 2021-03-11 12:57 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000220616 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000198248 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000142416 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000019912 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2021-03-11 12:57 - 2021-03-11 12:57 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-11 12:57 - 2021-03-11 12:57 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-03-11 12:55 - 2021-03-11 12:55 - 002084016 _____ (Malwarebytes) C:\Users\steve\Downloads\MBSetup.exe
2021-03-11 12:30 - 2021-03-11 12:51 - 000000000 ____D C:\Program Files\RogueKiller
2021-03-11 12:30 - 2021-03-11 12:30 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-03-11 12:30 - 2021-03-11 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-03-11 12:29 - 2021-03-11 12:35 - 000000000 ____D C:\ProgramData\RogueKiller
2021-03-11 12:28 - 2021-03-11 12:28 - 040494928 _____ (Adlice Software ) C:\Users\steve\Downloads\RogueKiller_setup.exe
2021-03-11 03:38 - 2021-03-11 03:38 - 000310232 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klupd_9c765df8a_klark.sys
2021-03-11 03:38 - 2021-03-11 03:38 - 000207352 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klupd_9c765df8a_mark.sys
2021-03-11 03:37 - 2021-03-11 03:37 - 000127792 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\9c765df8.sys
2021-03-11 02:40 - 2021-03-11 03:33 - 000000000 ____D C:\AdwCleaner
2021-03-11 02:38 - 2021-03-11 02:39 - 008463216 _____ (Malwarebytes) C:\Users\steve\Downloads\adwcleaner_8.1.exe
2021-03-11 02:08 - 2021-03-11 03:37 - 000000000 ____D C:\KVRT2020_Data
2021-03-11 02:03 - 2021-03-11 02:04 - 101236144 _____ (AO Kaspersky Lab) C:\Users\steve\Downloads\KVRT.exe
2021-03-11 01:49 - 2021-03-11 01:54 - 000047339 _____ C:\Users\steve\Downloads\Addition.txt
2021-03-11 01:47 - 2021-03-11 16:24 - 000026788 _____ C:\Users\steve\Downloads\FRST.txt
2021-03-11 01:47 - 2021-03-11 16:23 - 000000000 ____D C:\FRST
2021-03-11 01:46 - 2021-03-11 01:46 - 002301440 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2021-03-11 01:45 - 2021-03-11 01:46 - 002013696 _____ (Farbar) C:\Users\steve\Downloads\FRST.exe
2021-03-11 01:16 - 2021-03-11 01:16 - 006582736 _____ (EnigmaSoft Limited) C:\Users\steve\Downloads\SpyHunter-5.10-6-5285-Installer.exe
2021-03-11 01:16 - 2021-03-11 01:16 - 006582736 _____ (EnigmaSoft Limited) C:\Users\steve\Downloads\SpyHunter-5.10-6-5285-Installer(1).exe
2021-03-11 00:51 - 2021-03-11 00:51 - 000000000 ____D C:\Users\steve\AppData\Local\mbam
2021-03-11 00:51 - 2021-03-11 00:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-11 00:50 - 2021-03-11 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-11 00:49 - 2021-03-11 00:49 - 001965536 _____ (Malwarebytes) C:\Users\steve\Downloads\MBSetup-80562.80562-consumer.exe
2021-03-11 00:30 - 2021-03-11 00:30 - 000000000 ____D C:\Users\steve\AppData\Roaming\WinRAR
2021-03-11 00:29 - 2021-03-11 00:29 - 003324304 _____ (Alexander Roshal) C:\Users\steve\Downloads\winrar-x64-600.exe
2021-03-11 00:07 - 2021-03-11 00:07 - 000002544 _____ C:\Users\steve\Desktop\Grammarly.lnk
2021-03-11 00:07 - 2021-03-11 00:07 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2021-03-11 00:07 - 2021-03-11 00:07 - 000000000 ____D C:\Users\steve\AppData\Local\GrammarlyForWindows
2021-03-10 23:05 - 2021-03-10 23:05 - 000000000 ____D C:\Users\steve\AppData\Local\WordRake Holdings
2021-03-10 23:04 - 2021-03-10 23:04 - 000000000 ____D C:\Program Files (x86)\WordRake Holdings, LLC
2021-03-10 23:02 - 2021-03-10 23:02 - 011205392 _____ (WordRake Holdings, LLC) C:\Users\steve\Downloads\WordRakeInstall.exe
2021-03-10 23:02 - 2021-03-10 23:02 - 000000000 ____D C:\Users\steve\AppData\Local\Downloaded Installations
2021-03-10 22:21 - 2021-03-10 22:21 - 000000000 ____D C:\Users\steve\AppData\Roaming\Scribens
2021-03-10 10:47 - 2021-03-10 10:47 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2021-03-08 05:43 - 2021-03-08 05:43 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Norton
2021-03-04 14:55 - 2021-03-11 12:49 - 000000000 ____D C:\windows\system32\Tasks\Norton 360
2021-03-04 14:55 - 2021-03-04 14:55 - 000003378 _____ C:\windows\system32\Tasks\Norton WSC Integration
2021-03-04 14:55 - 2021-03-04 14:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-02-26 10:22 - 2021-02-26 10:22 - 000873444 _____ C:\Users\steve\Downloads\dh_133176.pdf
2021-02-26 10:07 - 2021-03-11 03:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-20 07:19 - 2021-02-20 07:20 - 000301239 _____ C:\Users\steve\Downloads\ndt-13-2231.pdf
2021-02-18 14:16 - 2021-02-18 14:16 - 014817704 _____ (Grammarly) C:\Users\steve\Downloads\GrammarlyAddInSetup.exe
2021-02-16 14:45 - 2021-02-16 14:45 - 005339127 _____ C:\Users\steve\Desktop\Unconcscious bias webinar_.pptx
2021-02-12 15:14 - 2021-02-12 15:14 - 002755584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2021-02-12 15:13 - 2021-02-12 15:13 - 002755584 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2021-02-12 15:13 - 2021-02-12 15:13 - 000232752 _____ C:\windows\system32\containerdevicemanagement.dll
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
2021-02-12 15:13 - 2021-02-12 15:13 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2021-02-12 09:48 - 2021-02-12 10:02 - 2473174192 _____ C:\Users\steve\Downloads\Rocketman.2019.1080p.BRRip.x264.6CH-MkvCage.com.mkv
2021-02-10 21:56 - 2021-02-10 21:56 - 010535260 _____ C:\Users\steve\Downloads\Antidepressants, Antipsychotics, Anxiolytics From Chemistry and Pharmacology to Clinical Application (z-lib.org).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 16:23 - 2020-09-29 18:17 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2021-03-11 16:22 - 2020-09-29 18:17 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-11 16:22 - 2019-04-15 15:38 - 000000000 ____D C:\windows\system32\SleepStudy
2021-03-11 16:22 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-11 16:17 - 2019-03-19 04:37 - 000000000 ____D C:\windows\CbsTemp
2021-03-11 15:05 - 2020-08-19 18:33 - 000000000 ____D C:\Users\steve\AppData\LocalLow\Mozilla
2021-03-11 15:05 - 2020-08-19 18:33 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-11 14:59 - 2019-11-29 04:46 - 001028602 _____ C:\windows\system32\PerfStringBackup.INI
2021-03-11 12:57 - 2019-03-19 04:52 - 000000000 ___HD C:\windows\ELAMBKUP
2021-03-11 12:30 - 2020-06-03 15:37 - 000004168 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{004BC413-C5A1-4501-B766-B56D7562EC1A}
2021-03-11 03:41 - 2019-03-19 04:50 - 000000000 ____D C:\windows\INF
2021-03-11 03:40 - 2020-03-16 13:09 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-03-11 03:35 - 2020-06-04 08:36 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2021-03-11 03:35 - 2020-06-03 20:52 - 000000000 ___RD C:\Users\steve\OneDrive - University of Plymouth
2021-03-11 03:35 - 2020-06-03 15:23 - 000000000 ___RD C:\Users\steve\OneDrive
2021-03-11 03:34 - 2020-08-19 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-11 03:34 - 2020-03-16 13:53 - 000000000 __SHD C:\Users\steve\IntelGraphicsProfiles
2021-03-11 03:34 - 2020-03-16 13:06 - 000000000 ____D C:\Intel
2021-03-11 03:34 - 2019-11-29 04:43 - 000000000 ____D C:\ProgramData\HP
2021-03-11 03:34 - 2019-04-15 15:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-03-11 03:34 - 2019-03-19 04:37 - 000786432 _____ C:\windows\system32\config\BBI
2021-03-11 03:33 - 2020-06-26 10:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Lavasoft
2021-03-11 03:33 - 2020-06-26 10:15 - 000000000 ____D C:\Users\steve\AppData\Local\Lavasoft
2021-03-11 03:33 - 2020-06-26 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-03-11 03:33 - 2020-06-26 10:15 - 000000000 ____D C:\ProgramData\Lavasoft
2021-03-11 03:33 - 2020-06-26 10:15 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-03-11 03:33 - 2020-06-04 22:42 - 000000000 ____D C:\Users\steve\AppData\Roaming\Hewlett-Packard
2021-03-11 03:33 - 2019-10-29 18:52 - 000000000 ___HD C:\hp
2021-03-11 03:23 - 2020-06-04 23:00 - 000000000 ____D C:\windows\system32\MRT
2021-03-11 03:23 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-11 03:23 - 2019-03-19 04:52 - 000000000 ____D C:\windows\AppReadiness
2021-03-11 03:14 - 2020-06-04 23:00 - 131005360 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2021-03-11 02:59 - 2020-06-26 10:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\uTorrent
2021-03-11 02:58 - 2020-09-08 19:35 - 000000000 ____D C:\Users\steve\AppData\LocalLow\uTorrent
2021-03-11 02:57 - 2020-06-04 08:31 - 000000000 ____D C:\Users\steve\AppData\Local\Spotify
2021-03-11 02:56 - 2019-11-29 04:44 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-11 02:56 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-11 01:59 - 2020-06-04 08:30 - 000000000 ____D C:\Users\steve\AppData\Roaming\Spotify
2021-03-11 01:45 - 2020-06-03 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-11 01:45 - 2020-06-03 15:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-11 00:45 - 2020-12-30 18:36 - 000000000 ____D C:\Users\steve\AppData\Local\NPE
2021-03-11 00:40 - 2020-06-26 10:16 - 000000000 ____D C:\Users\steve\AppData\Local\BitTorrentHelper
2021-03-11 00:15 - 2020-07-21 10:53 - 000000000 ____D C:\Users\steve\AppData\Roaming\Grammarly
2021-03-11 00:07 - 2020-06-03 20:42 - 000000000 ____D C:\Users\steve\AppData\Local\SquirrelTemp
2021-03-10 22:22 - 2020-06-08 20:04 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-10 22:21 - 2020-03-16 13:53 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2021-03-10 10:47 - 2020-08-19 18:33 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-06 15:10 - 2020-06-04 08:38 - 000000000 ____D C:\Program Files\Common Files\AV
2021-03-06 14:50 - 2020-06-03 15:36 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-06 14:50 - 2020-06-03 15:36 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-05 12:45 - 2020-06-03 15:19 - 000000000 ____D C:\Users\steve\AppData\Local\PlaceholderTileLogoFolder
2021-03-04 14:55 - 2020-06-03 20:17 - 000002436 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-03-04 14:55 - 2020-06-03 20:16 - 000000000 ____D C:\windows\system32\Drivers\NGCx64
2021-03-04 14:55 - 2019-03-19 04:37 - 000032768 _____ C:\windows\system32\config\ELAM
2021-03-04 12:28 - 2020-06-15 14:55 - 000000000 ____D C:\Users\steve\Documents\My Kindle Content
2021-03-04 12:02 - 2020-06-03 15:33 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:02 - 2020-06-03 15:33 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 12:27 - 2020-08-19 18:01 - 000188554 _____ C:\Users\steve\Documents\My EndNote Library.enl
2021-02-25 09:42 - 2020-06-03 15:23 - 000003380 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2260596255-3006137883-4004939090-1001
2021-02-25 09:41 - 2020-03-16 13:47 - 000002374 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-25 02:36 - 2020-06-08 20:00 - 000000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2021-02-22 14:00 - 2020-10-01 19:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-22 10:33 - 2020-06-04 23:31 - 000000000 ____D C:\Users\steve\AppData\Local\HP_Inc
2021-02-18 14:16 - 2020-06-03 20:55 - 000000000 ____D C:\Users\steve\AppData\Local\Package Cache
2021-02-18 14:07 - 2020-06-04 22:42 - 000000000 ____D C:\Users\steve\AppData\Local\HP
2021-02-16 14:18 - 2020-06-04 14:43 - 000000000 ____D C:\Users\steve\Documents\Zoom
2021-02-15 20:14 - 2020-03-16 13:53 - 000000000 ___RD C:\Users\steve\3D Objects
2021-02-15 20:14 - 2019-04-15 15:38 - 000543808 _____ C:\windows\system32\FNTCACHE.DAT
2021-02-15 20:13 - 2019-11-29 12:25 - 000000000 ____D C:\windows\system32\Drivers\en-GB
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\SysWOW64\Dism
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\SystemResources
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\oobe
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\es-MX
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\system32\Dism
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\ShellExperiences
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\PolicyDefinitions
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\windows\bcastdvr
2021-02-15 20:13 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 15:15 - 2019-03-19 06:20 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\OEMDefaultAssociations.dll
2021-02-12 15:15 - 2019-03-19 06:20 - 000019469 _____ C:\windows\system32\OEMDefaultAssociations.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

steve hallam

Posts: 16   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by steve (11-03-2021 16:24:43)
Running from C:\Users\steve\Downloads
Windows 10 Home Version 1909 18363.1379 (X64) (2020-03-16 13:44:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2260596255-3006137883-4004939090-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2260596255-3006137883-4004939090-503 - Limited - Disabled)
Guest (S-1-5-21-2260596255-3006137883-4004939090-501 - Limited - Disabled)
steve (S-1-5-21-2260596255-3006137883-4004939090-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-2260596255-3006137883-4004939090-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{998DF7E5-262F-4391-A117-8D9E383B8C0A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
calibre (HKLM-x32\...\{0EC97EA4-BC70-4A1C-9FF0-2AC27AC0D3D0}) (Version: 5.8.1 - Kovid Goyal)
Elevated Installer (HKLM-x32\...\{5053832D-D695-4E6A-A777-8CC79DF61A85}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
EndNote X9 (HKLM-x32\...\{86B3F2D6-AC2B-0019-8AE1-F2F77F781B0C}) (Version: 19.2.0.13018 - Clarivate Analytics)
Garmin Express (HKLM-x32\...\{040c11a0-b209-4b21-b861-163f52e01d88}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{F8609938-A6C9-4796-87BC-471F62EA4F0E}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.82 - Google LLC)
Grammarly (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\GrammarlyForWindows) (Version: 1.5.72 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{D2F1E2C9-B416-40C6-BA64-67691276A56B}) (Version: 6.8.254 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\{2970deb0-0683-4d35-80ae-09b866d6bdd1}) (Version: 6.8.254 - Grammarly)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
LeapFrog Connect 2 (HKLM-x32\...\LeapFrogConnect2) (Version: 4.1.3.442 - LeapFrog)
LeapFrogConnect2 (HKLM-x32\...\{B7B653AF-D5EB-4A42-BC10-693413138807}) (Version: 4.1.3.442 - LeapFrog) Hidden
LeapStart (HKLM-x32\...\{1A9F9917-B0AC-40E9-A707-3AF14E2F9C3E}) (Version: 4.1.3.442 - LeapFrog) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Teams) (Version: 1.3.00.9267 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 86.0 (x64 en-GB)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.1.151 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
QT5.10.1 (HKLM-x32\...\{D648CC39-D39C-445B-AEB7-213632704032}) (Version: 1.0.0.0 - LeapFrog) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: 1.0.21.3540 - Clarivate Analytics)
RogueKiller version 14.8.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.5.0 - Adlice Software)
Samsung DeX (HKLM-x32\...\{0924F03B-F48D-445B-9302-43E86707EC8B}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{e539e534-854a-46d2-b8f8-f6a3405f782a}) (Version: 1.0.1.40 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\Spotify) (Version: 1.1.53.608.g7ed9c03a - Spotify AB)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.9267 - Microsoft Corporation)
Use the entry named LeapFrog Connect2 to uninstall QT5.10.1 (HKLM-x32\...\QT5.10.1) (Version: - LeapFrog)
Use the entry named LeapFrogConnect2 to uninstall LeapStart (HKLM-x32\...\LeapStartPlugin) (Version: - LeapFrog)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordRake for Word (HKLM-x32\...\{AF060B53-1694-4439-823A-89567D490CE2}) (Version: 3.95.10218.01 - WordRake Holdings, LLC)
Zoom (HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-06-04] (Amazon.com)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2021-02-09] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-03-01] (king.com)
Dropbox for S mode -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2020-07-02] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-03-16] (HP Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.55.1.0_x86__kgqvnymyfvs32 [2021-03-09] (king.com)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.7.197.0_x64__v10z8vjag6ke6 [2020-10-13] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2020-12-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2020-09-29] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-25] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.238.0_x64__v10z8vjag6ke6 [2021-02-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-06] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-05] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-03-16] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-26] (INTEL CORP)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy [2021-02-25] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2020-12-21] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{04271989-C4D2-D75D-B5E0-68B3DDB1879C} -> [OneDrive - University of Plymouth] => C:\Users\steve\OneDrive - University of Plymouth [2020-06-03 20:52]
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\steve\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.8.254\CC1402A1D8\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{7602d92f-b925-58fa-c578-ae8cd30d51802}\InprocServer32 -> 0xC5EEC8D10116D701380FA85B2116D701020000000200000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{819bccaa-38ae-db48-6ec5-953c86fd99448}\InprocServer32 -> 0x3DB9BCD10116D701BF43BED10116D701010000000100000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\steve\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20077.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.1.151\buShell.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.1.151\NavShExt.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001289216 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cairo.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000230529 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libpng14-14.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\zlib1.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2020-08-27 13:51 - 2020-08-27 13:51 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 012968974 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avcodec-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002427918 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avfilter-7.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 002538510 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avformat-58.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avutil-56.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000126478 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swresample-3.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000557582 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swscale-5.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-08-27 13:45 - 2020-08-27 13:45 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2020-06-21 19:00 - 2020-06-21 19:00 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2019-12-26 07:39 - 2019-12-26 07:39 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\pthreadVC2.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 001420800 _____ (Pizzolato Davide - www.xdp.it) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cximageu.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 004451328 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\NativeSamsungDexFramework.dll
2020-03-04 15:35 - 2020-03-04 15:35 - 002630144 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SCommon.dll
2020-03-04 15:34 - 2020-03-04 15:34 - 006057472 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SLocales.dll
2020-08-27 13:47 - 2020-08-27 13:47 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2018-09-14 10:29 - 2018-09-14 10:29 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icudt53.dll
2018-09-14 10:26 - 2018-09-14 10:26 - 001603584 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuin53.dll
2018-09-14 10:24 - 2018-09-14 10:24 - 001102848 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\icuuc53.dll
2018-09-24 18:44 - 2018-09-24 18:44 - 001160704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\platforms\qwindows.dll
2018-09-24 18:53 - 2018-09-24 18:53 - 000121344 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\plugins\styles\qwindowsvistastyle.dll
2018-11-19 16:47 - 2018-11-19 16:47 - 004381696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Core.dll
2018-09-24 18:03 - 2018-09-24 18:03 - 005141504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Gui.dll
2018-09-24 18:26 - 2018-09-24 18:26 - 004477952 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect2\Qt5.10.1\Qt5Widgets.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASS.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSCD.dll
2019-12-26 07:39 - 2019-12-26 07:39 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSWMA.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=HCTE
SearchScopes: HKLM -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EDAF8742-BB95-4DAD-9999-071C7AA6559A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.20.2.57&locale=GB_en&guid=31881C58-BFFC-49E9-808D-E8CE65C16C99&doi=2016-09-01&o=APN11913&cmpgn=may20&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.1.151\coIEPlg.dll [2021-02-22] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\...\sharepoint.com -> hxxps://liveplymouthac-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 04:49 - 2019-03-19 04:49 - 000000824 ____N C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2260596255-3006137883-4004939090-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2874397C-CC1B-4942-8651-0F8744F1A601}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8635664D-EA25-4AEB-92F1-A76E9A7AC12D}] => (Allow) C:\Users\steve\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F2C4B34F-394B-4327-A6E4-5CB65AC14AC6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06146399-5B8F-4A35-AB6B-38F992B2EBE7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B8824FF-A366-4467-AF27-9B221858D191}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAA2CD41-B542-4E88-9CE9-3EC9ED35416F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1489D8A-3315-4B9B-8C88-E1FBDA460E35}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{D22F1F73-F410-4522-9317-6D0FFE4089D4}] => (Allow) C:\Users\steve\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{ABD5A0D4-1779-460E-9FE6-825A7F2E9082}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{208175EA-2ABC-4DA8-9B9F-31E184D4C280}C:\users\steve\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E494FA6E-8B1A-4438-A0EB-F7740F24B6A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52927286-A7DF-4747-8AB8-D42C9BD72FFB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BDB82434-FBEC-42C2-A6A2-B1DC8D76E886}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D915C28-6903-4F64-8E94-4CFA359519C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E262CF9-E72A-4D99-B409-2EC99FB71E46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E7BBC67-CFB1-4869-8EDB-924837D2538C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30597C98-6FE7-44F5-A9DE-24EFAE473CAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D930333-B974-4BA5-9745-DEFE6933D7B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.48 GB) (Free:47.68 GB) (40%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/11/2021 03:39:20 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (03/11/2021 03:23:20 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 2616 and the required size was 37640.

Error: (03/11/2021 02:45:48 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-5AC7GKJL)
Description: Application or service 'Microsoft Word' could not be shut down.

Error: (03/11/2021 02:31:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.1350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5e2c

Start Time: 01d7161d2d269c2a

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: b0afc642-2203-4322-b1e2-2aa0b6a38603

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Navigation

Error: (02/25/2021 02:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.21011.127.0, time stamp: 0x60148b42
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.18362.1350, time stamp: 0xe38b3b0e
Exception code: 0xc000027b
Fault offset: 0x000000000040dc80
Faulting process ID: 0x1430
Faulting application start time: 0x01d70b1ef17f5097
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: ff8d4037-e0fe-40d1-bda0-c78488f44923
Faulting package full name: Microsoft.YourPhone_1.21011.127.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (02/20/2021 07:19:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 16.0.13628.20380, time stamp: 0x601eeb3c
Faulting module name: KERNELBASE.dll, version: 10.0.18362.1350, time stamp: 0x9ccf9e81
Exception code: 0xe0434352
Fault offset: 0x0000000000043b29
Faulting process ID: 0x46f4
Faulting application start time: 0x01d706306093244f
Faulting application path: C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report ID: ec8e0db8-3704-4e66-b4d3-e5ee3ced5385
Faulting package full name:
Faulting package-relative application ID:

Error: (02/10/2021 08:32:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: biwinrt.dll, version: 10.0.18362.1316, time stamp: 0xbe673169
Exception code: 0xc000027b
Fault offset: 0x0000000000013fc7
Faulting process ID: 0x35a8
Faulting application start time: 0x01d6ffebe377bd1c
Faulting application path: C:\windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report ID: 28fe7b7b-f944-43f4-885c-c79cd11697a8
Faulting package full name: AD2F1837.HPPrinterControl_122.2.830.0_x64__v10z8vjag6ke6
Faulting package-relative application ID: AD2F1837.HPPrinterControl

Error: (02/09/2021 08:06:09 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (03/11/2021 03:26:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/11/2021 03:07:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/11/2021 03:39:37 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/11/2021 03:34:59 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5AC7GKJL)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (03/11/2021 03:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/11/2021 03:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/11/2021 03:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/11/2021 03:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Windows Defender:
================
Date: 2020-06-03 20:27:39.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-03 16:20:54.833
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

==================== Memory info ===========================

BIOS: AMI F.09 12/20/2019
Motherboard: HP 864E
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 3986.09 MB
Available physical RAM: 525.34 MB
Total Virtual: 16274.09 MB
Available Virtual: 10696.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.48 GB) (Free:47.68 GB) NTFS

\\?\Volume{5861e75a-b3b6-443b-bf7b-8eb381773eb0}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{aed7e95b-57c5-4889-9e62-5bf60d27040d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FDD2E99E)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,721   +501
Those look clean.

Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

steve hallam

Posts: 16   +0
Results from secruity checker
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
Windows Defender
Malwarebytes
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (89.0.4389.82)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 

steve hallam

Posts: 16   +0
Farbar Service Scanner Version: 23-12-2020
Ran by steve (administrator) on 11-03-2021 at 19:43:30
Running from "C:\Users\steve\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Broni

Posts: 55,721   +501
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.