Solved Must have picked up something... some COVID computer variant???

Nicki

Posts: 210   +0
Windows 10 Laptop crashed; super slow to start up...just not right.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (05-08-2022 14:02:32)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\BridgeCommunication.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <5>
(explorer.exe ->) (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(services.exe ->) (Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1e59f5ec7049260a\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.6.10\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.6.10\nsWscSvc.exe
(services.exe ->) (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.49.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Utilities\x64\LBGovernor.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-08-02] (HP Inc.) [File not signed]
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-10-16] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [362056 2022-05-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-08-02] (HP Inc.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [com.messenger] => "C:\Users\Nicki\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "D:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-21] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D6DCFC-885C-418E-8BF5-58509EDDED49} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {05DB6866-A281-4450-BFA7-916DB93AABA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {16DE9745-F036-4049-B941-202E7C97830A} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.6.10\SymErr.exe [110776 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {21754E3E-72EE-434B-819B-94F1CF1E510A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {2732B9EE-8CE6-4C72-85F8-D811DFAE0E07} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.6.10\SymErr.exe [110776 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135544 2019-05-03] (HP Inc. -> HP Inc.)
Task: {3595DE5C-8D04-462A-884E-3B12877EAA5F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {3966B5A3-A269-469D-9E97-EB0C4D4681B6} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -appexecutable nup.exe -tuds (No File)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {4BFE9661-6CE0-4A15-B333-88E95A9DBFE5} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {5AA6A808-1C3F-46FB-A12F-715EEBCBDFB1} - System32\Tasks\Norton Utility\Live Boost Process Governor => C:\Program Files\Norton Utilities\x64\LBGovernor.exe [1055168 2022-07-16] (NortonLifeLock Inc. -> Symantec Corporation)
Task: {685970D6-85AD-489E-9FD8-D96F9F06905A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {79D9CAA2-50D6-42FA-A401-943136B9620E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {879D9501-7905-40C4-93AB-EB4CCB608859} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.6.10\WSCStub.exe [646520 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {8F91DCF1-46D7-4690-BA80-D2AD305D906C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {8FA00804-511F-4C3D-AC00-2E6B791CF38D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {93E4726A-3CFE-46EA-973D-F66AD847857F} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.6.10\SymErr.exe [110776 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {9B286FDB-05EF-46F5-9E9F-E1339BDCE6E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {9D29A82E-0D6A-481D-A6C3-4EABBE341A28} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {A14AF125-CB9E-4848-8694-833943FD2BA5} - System32\Tasks\Norton Utility\AutomaticCare => C:\Program Files\Norton Utilities\NUP.exe [3636680 2022-07-16] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {A311611E-16E2-4518-AF9D-1F998F2AE0F0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {A4C64AC3-EDE1-4F88-BBBE-8A4A6D399D18} - System32\Tasks\CCleanerSkipUAC - Nicki => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BCF39695-4843-4A45-96D8-33B1E2BE3FA8} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
Task: {D578710E-B80F-4D9E-A612-B689A41A88AF} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {DFA6382A-D495-4B39-B351-20339E1F5049} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {F80FFA22-42A6-44A5-BBA4-5BFDA1D5C1E6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {FD159F65-6122-417D-8321-BBD76239B483} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-05]

FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-07-12]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708 [2022-08-05]
FF Homepage: Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708 -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708 -> hxxps://calendar.google.com
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708\Extensions\@contain-facebook.xpi [2022-05-28]
FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708\Extensions\retailmenot-genie@rmn.com.xpi [2022-08-02]
FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\7wui9s4x.default-release-1653790338708\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2022-08-02]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2022-08-05]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-25]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2022-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-08-05]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2022-08-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [100424 2022-05-02] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\AppHelperCap.exe [770544 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\DiagsCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\NetworkCap.exe [762376 2022-06-21] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_620459b7cf27a23d\x64\SysInfoCap.exe [769040 2022-06-21] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8929608 2021-10-16] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.6.10\NortonSecurity.exe [344888 2022-06-27] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.6.10\nsWscSvc.exe [1059176 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Nicki\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.2.10\Definitions\BASHDefs\20220804.011\BHDrvx64.sys [1672672 2022-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\ccSetx64.sys [196872 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.2.10\Definitions\IPSDefs\20220804.063\IDSvia64.sys [1515496 2022-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\nsvst.sys [57104 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\SRTSP64.SYS [954648 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\SRTSPX64.SYS [51456 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\SYMEFASI64.SYS [2091272 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\SymELAM.sys [34624 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.2.10\SymPlatform\SymEvnt.sys [722400 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\Ironx64.SYS [305416 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\symnets.sys [481272 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [443664 2022-04-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616060.00A\wpCtrlDrv.sys [1016792 2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-05 14:02 - 2022-08-05 14:03 - 000027023 _____ C:\Users\Nicki\Desktop\FRST.txt
2022-08-05 14:01 - 2022-08-05 14:03 - 000000000 ____D C:\FRST
2022-08-05 14:00 - 2022-08-05 14:00 - 002370048 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2022-08-05 12:44 - 2022-08-05 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-08-05 10:22 - 2022-08-05 10:22 - 000259806 _____ C:\Users\Nicki\Downloads\Statement Dated 07_29_2022-2.pdf
2022-08-05 10:20 - 2022-08-05 10:20 - 000156154 _____ C:\Users\Nicki\Downloads\Statement Dated 07_29_2022-1.pdf
2022-08-05 10:19 - 2022-08-05 10:19 - 000138702 _____ C:\Users\Nicki\Downloads\Statement Dated 07_29_2022.pdf
2022-08-02 16:32 - 2022-08-02 16:32 - 010822667 _____ C:\Users\Nicki\Downloads\Employee Benefit Booklet 2022 - stores.pdf
2022-08-02 16:31 - 2022-08-02 16:31 - 000263185 _____ C:\Users\Nicki\Downloads\AGSVT form 2022.pdf
2022-08-02 15:06 - 2022-08-02 15:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-02 14:39 - 2022-08-05 12:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-29 16:57 - 2022-07-29 16:57 - 000553332 _____ C:\Users\Nicki\Desktop\Supplementary Heating Questionnaire4.pdf
2022-07-29 09:21 - 2022-08-05 12:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-07-23 10:29 - 2022-07-23 10:29 - 000417022 _____ C:\Users\Nicki\Desktop\Alabama Hat.pdf
2022-07-18 17:01 - 2022-07-18 17:01 - 000000000 _____ C:\Users\Nicki\Downloads\wt5g9aqN.htm.part
2022-07-16 09:26 - 2022-07-16 09:26 - 000001928 _____ C:\Users\Nicki\Desktop\Norton Utilities.lnk
2022-07-16 09:26 - 2022-07-16 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton
2022-07-13 16:33 - 2022-07-13 16:33 - 000230787 _____ C:\Users\Nicki\Downloads\June302022statement.pdf
2022-07-12 19:53 - 2022-07-12 19:53 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 19:53 - 2022-07-12 19:53 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 19:53 - 2022-07-12 19:53 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-12 19:53 - 2022-07-12 19:53 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-12 19:53 - 2022-07-12 19:53 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-12 19:52 - 2022-07-12 19:52 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-12 19:52 - 2022-07-12 19:52 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-12 19:52 - 2022-07-12 19:52 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-12 19:52 - 2022-07-12 19:52 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-12 19:41 - 2022-07-12 19:41 - 000000000 ___HD C:\$WinREAgent
2022-07-12 16:50 - 2022-08-05 13:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2022-07-12 16:50 - 2022-07-12 20:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-07-12 16:50 - 2022-07-12 16:50 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-07-07 17:13 - 2022-07-07 17:13 - 000151439 _____ C:\Users\Nicki\Desktop\Academy Families Travel Network Live Link .xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-05 14:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-05 13:57 - 2022-02-10 21:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-08-05 13:55 - 2020-08-08 11:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-05 13:34 - 2019-08-09 07:32 - 000000000 ____D C:\Program Files\CCleaner
2022-08-05 13:33 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2022-08-05 13:28 - 2020-08-08 11:57 - 000847728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-05 13:28 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-05 13:24 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2022-08-05 13:22 - 2020-08-08 11:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-05 13:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-05 13:20 - 2020-08-08 11:43 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-05 13:19 - 2019-03-18 23:32 - 000000014 _____ C:\WINDOWS\system32\Drivers\RtkR0Log.dat
2022-08-05 13:12 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-05 13:11 - 2020-08-08 11:48 - 000000000 ____D C:\Users\Nicki
2022-08-05 12:50 - 2021-04-13 06:34 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Norton
2022-08-05 12:45 - 2020-07-12 04:34 - 000000000 ____D C:\Users\Nicki\AppData\Local\CrashDumps
2022-08-05 12:35 - 2020-08-08 11:53 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-05 12:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-05 12:34 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-05 12:20 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-05 12:19 - 2019-08-09 07:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-05 12:13 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-05 10:09 - 2020-07-25 07:20 - 000000000 ____D C:\Users\Nicki\Desktop\Desktop Tidy
2022-08-05 10:07 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2022-08-05 10:05 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2022-08-02 15:06 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-29 18:34 - 2020-06-20 20:05 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-27 06:54 - 2020-08-08 11:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-27 06:54 - 2020-08-08 11:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-22 13:00 - 2019-10-13 16:44 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-07-22 12:59 - 2022-04-06 14:36 - 000001966 _____ C:\Users\Public\Desktop\Zoom.lnk
2022-07-22 12:59 - 2022-04-06 14:36 - 000000000 ____D C:\Program Files (x86)\Zoom
2022-07-21 20:36 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 18:32 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2022-07-16 09:26 - 2021-12-14 17:10 - 000000000 ____D C:\Program Files\Norton Utilities
2022-07-14 21:22 - 2021-11-06 22:03 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-07-14 21:22 - 2021-11-06 22:03 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-07-14 21:22 - 2020-08-08 11:53 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-07-12 20:16 - 2020-08-08 11:44 - 000445016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-12 20:15 - 2022-04-06 15:27 - 000002427 _____ C:\Users\Public\Desktop\Norton Security.lnk
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-12 20:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-12 19:59 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-12 19:52 - 2020-08-08 11:47 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-12 19:40 - 2019-08-09 06:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-12 19:37 - 2019-08-09 06:24 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-12 17:16 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2022-07-12 16:50 - 2022-04-06 15:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-07-06 18:55 - 2020-03-13 07:05 - 000005868 _____ C:\WINDOWS\system32\.crusader
2022-07-06 18:55 - 2019-05-03 12:29 - 000000000 ____D C:\ProgramData\HP

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Nicki

Posts: 210   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by Nicki (05-08-2022 14:04:46)
Running from C:\Users\Nicki\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2020-08-08 16:02:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-282240636-1967671034-2412643917-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-282240636-1967671034-2412643917-503 - Limited - Disabled)
Guest (S-1-5-21-282240636-1967671034-2412643917-501 - Limited - Disabled)
Nicki (S-1-5-21-282240636-1967671034-2412643917-1001 - Administrator - Enabled) => C:\Users\Nicki
WDAGUtilityAccount (S-1-5-21-282240636-1967671034-2412643917-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20169 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B3CA448-5266-480F-85FA-2FCCB3C8712C}) (Version: 15.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM\...\{C0A46265-716E-345D-BB59-72B42D15135B}) (Version: 103.0.5060.134 - Google LLC)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
Intel(R) Chipset Device Software (HKLM\...\{D4DC16D3-5547-4A3B-A9EB-FF9B4C2EA4A1}) (Version: 10.1.17969.8134 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{3d2240de-3c21-4e14-84b3-1c6cd02bfab4}) (Version: 10.1.17969.8134 - Intel(R) Corporation)
Intel(R) Icls (HKLM\...\{4625C928-49BB-44DC-92E3-B9EC0972C72D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{7715518B-08D0-4754-BB81-FE4FC61DFDF7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{4C230277-5515-4B51-B9E6-97880684B10C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) OEM Extension (HKLM\...\{FEB772C1-919E-4145-9691-AFFAC915496F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{8B93CAC3-6008-4C17-9FB0-B4F6F90FF316}) (Version: 17.2.0.1009 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{94979CD2-0904-47DE-A4AC-04F1C4524650}) (Version: 17.2.8.1029 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F57599A5-43B1-46E4-A7E2-3F4B1D640E95}) (Version: 20.30.1.1323 - Intel Corporation) Hidden
iTunes (HKLM\...\{DCBA66F6-FF88-47BF-BC2C-8A8D187911C1}) (Version: 12.12.4.1 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{6A30F121-0E07-4F49-B9F2-CDAFA63C8BD6}) (Version: 7.3.5289 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.)
Messenger (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 142.0.353127249 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher 2007 (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Moneydance 2022.4 (HKLM\...\5244-9769-3058-9401) (Version: 2022.4 - The Infinite Kind)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 103.0.1 (x64 en-US)) (Version: 103.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 102.1.0 (x86 en-US)) (Version: 102.1.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.6.10 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.7.637 - NortonLifeLock Inc)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
RootsMagic 7.7.0.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.7.0.0 - RootsMagic, Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Spotify (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Spotify) (Version: 1.1.43.700.g20acee0f - Spotify AB)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: 5.1.25 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom(32bit) (HKLM-x32\...\{62E7603E-F67F-4078-A503-7156D096EE0B}) (Version: 5.11.7123 - Zoom)

Packages:
=========
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-08-11] (HP Inc.)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.7.194.0_x64__dt26b99r8h8gj [2020-08-11] (Realtek Semiconductor Corp)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.49.0_x64__v10z8vjag6ke6 [2022-07-27] (HP Inc.)
HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2020-08-11] (ELAN MICROELECTRONICS CORP.) [Startup Task]
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2021-05-23] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.1.0_x64__v10z8vjag6ke6 [2022-03-09] (HP Inc.)
HP Pen Control -> C:\Program Files\WindowsApps\AD2F1837.HPPenControl_3.0.51.0_x64__v10z8vjag6ke6 [2022-06-28] (HP Inc.) [Startup Task]
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-04-18] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.19.52.0_x64__v10z8vjag6ke6 [2022-08-02] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-01-20] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-21] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-08-11] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1026.0_x64__8j3eq9eme6ctt [2022-04-18] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10620.425.0_x64__8wekyb3d8bbwe [2022-06-30] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-08-11] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-08-11] (Synaptics Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.6.10\NavShExt.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.6.10\NavShExt.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.6.10\buShell.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.6.10\NavShExt.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-06-15 15:26 - 2022-06-15 15:26 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\47b435b56ddce8189f498cba55522baf\Interop.IWshRuntimeLibrary.ni.dll
2021-06-20 11:38 - 2010-03-15 19:04 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-08-10 12:11 - 2012-07-05 07:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2022-06-15 14:58 - 2022-06-15 14:58 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\f3a00aaf2fddeb153654500a3eb2695f\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-06-15 15:26 - 2022-06-15 15:26 - 001591808 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\1cc96f6b2ee285d220a7dbf5d33d4dd4\NAudio.ni.dll
2022-06-15 15:26 - 2022-06-15 15:26 - 003127808 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\285d147f10948698056abdb6ab4d8afd\Newtonsoft.Json.ni.dll
2022-06-15 14:58 - 2022-06-15 14:58 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\5ce59cbc54a4f8e4c7cca616c9ee2d63\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.6.10\coIEPlg.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.6.10\coIEPlg.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.6.10\coIEPlg.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.6.10\coIEPlg.dll [2022-06-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-11-16 08:13 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-04-19 20:58 - 2020-04-19 20:58 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ZoomCptService => 2
HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Quicken Startup.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "EzTiltPenSrvc"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "HPSEU_Host_Launcher"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "EzTiltPenSrvc"
HKLM\...\StartupApproved\Run32: => "HPSEU_Host_Launcher"
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\StartupApproved\Run: => "HPSEU_Host_Launcher"
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\StartupApproved\Run: => "com.messenger"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4DAC619A-150F-4B5D-9453-14FDCA0D4C55}] => (Allow) LPort=54925
FirewallRules: [{7FC277EC-5C78-4006-9FBE-B7CFB0B3F4D4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{80E3512A-0341-4522-BFFA-C43A376B97F6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{DE6EBEB0-BDB9-44CD-8FDC-55A9248CBC7B}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{CBDA1D72-C17C-40AC-8A2B-22B848875F01}] => (Allow) LPort=54925
FirewallRules: [{93951AD3-20F2-488B-BF97-360CE5ED0E36}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{4F27A9AC-2764-499E-A41B-B60075B80F64}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{9B3D13B0-803E-441B-874A-5D2FF738A1C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2088A705-1768-4313-8E53-248857705F56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BAEF3B6-5695-4CC7-876B-E973F769ADC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E4598-77EE-4308-ADE5-DFAA1E505844}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{875D6C6F-E41E-46B6-A227-6DF97F3F9257}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2026F4A9-622B-47BA-8C5B-C173995E66EE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{EAF4762A-FE55-4C58-9C82-A36CD8020CC7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{33F2DEB0-8A16-44F9-B118-ACFB58893F45}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7B505800-E917-4363-BA9C-084DAA8DC9B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32F2A922-7239-418F-BB52-6632F0914D30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{521D86EF-7827-4021-83D4-446FA4FDEA56}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{85C1DC87-6466-489B-A0DF-624CF4D6A289}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D8B60715-7A9C-47CD-A870-A3F3D0AAFB3D}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A38D830C-BD0C-4E4D-8206-65629A40831C}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6C4E757D-BABF-47A0-AE96-1CD6F9E899FE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6DC2167B-B7A5-47CE-A80A-5614521163CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E8B80E72-840A-42E6-A05A-DAB3326FAC2F}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3180715F-F8E0-4A48-AA8C-7EB64925851A}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8853F7D0-CB92-4CE9-ADB7-054BF032C993}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

==================== Restore Points =========================

20-07-2022 07:06:15 Scheduled Checkpoint
29-07-2022 09:27:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/05/2022 01:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xc0000409
Fault offset: 0x000000000010fb62
Faulting process id: 0x568
Faulting application start time: 0x01d8a8efd40f6b8d
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 82c41cc4-8336-4625-8e4f-50c0b91a17c6
Faulting package full name:
Faulting package-relative application ID:

Error: (08/05/2022 12:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (08/05/2022 12:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226

Error: (08/05/2022 12:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.226:5353 16 Henry.local. AAAA 2601:019B:C701:5CB0:0000:0000:0000:1925

Error: (08/04/2022 06:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ToolKit.exe, version: 21.4.6.2, time stamp: 0x62b9ce7b
Faulting module name: ToolKit.exe, version: 21.4.6.2, time stamp: 0x62b9ce7b
Exception code: 0xc0000005
Fault offset: 0x0000dd6e
Faulting process id: 0x2500
Faulting application start time: 0x01d8a853d14df198
Faulting application path: C:\PROGRA~1\NORTON~2\ToolKit.exe
Faulting module path: C:\PROGRA~1\NORTON~2\ToolKit.exe
Report Id: a015e22a-4f60-4061-a03c-a929d9d165f6
Faulting package full name:
Faulting package-relative application ID:

Error: (08/03/2022 07:03:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHeciSvc.exe, version: 9.1.15.419, time stamp: 0x5db544c4
Faulting module name: IntelCpHeciSvc.exe, version: 9.1.15.419, time stamp: 0x5db544c4
Exception code: 0xc0000005
Fault offset: 0x000000000001e44f
Faulting process id: 0x14ec
Faulting application start time: 0x01d89dfee39239e6
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
Report Id: 68d7fb62-5b22-4933-9777-4d9d07936a8d
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2022 06:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ToolKit.exe, version: 21.4.6.2, time stamp: 0x62b9ce7b
Faulting module name: ToolKit.exe, version: 21.4.6.2, time stamp: 0x62b9ce7b
Exception code: 0xc0000005
Fault offset: 0x0000dd6e
Faulting process id: 0x3864
Faulting application start time: 0x01d8a5f78dae83fe
Faulting application path: C:\PROGRA~1\NORTON~2\ToolKit.exe
Faulting module path: C:\PROGRA~1\NORTON~2\ToolKit.exe
Report Id: 08042381-ab9f-485a-820c-c6e4e98d2613
Faulting package full name:
Faulting package-relative application ID:

Error: (07/31/2022 12:40:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2022/07/31 12:40:19.683]: [00001752]: Initialize TwdsMain Class failed!


System errors:
=============
Error: (08/05/2022 01:32:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (08/05/2022 01:29:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/05/2022 01:29:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (08/05/2022 01:29:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® SGX AESM service hung on starting.

Error: (08/05/2022 01:24:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/05/2022 01:24:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.

Error: (08/05/2022 01:24:32 PM) (Source: DCOM) (EventID: 10005) (User: HENRY)
Description: DCOM got error "1068" attempting to start the service cdpsvc with arguments "Unavailable" in order to run the server:
{284CACFE-B6F2-461A-90C3-A7ACC8353816}

Error: (08/05/2022 01:24:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CDPSvc service depends on the NcbService service which failed to start because of the following error:
A device attached to the system is not functioning.


CodeIntegrity:
===============
Date: 2022-08-05 13:35:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.6.10\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.22 11/26/2019
Motherboard: HP 850C
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 12077.74 MB
Available physical RAM: 7019.04 MB
Total Virtual: 30509.74 MB
Available Virtual: 25263.11 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:731.2 GB) (Model: Intel Optane+932GBHDD) NTFS
Drive d: (Henry) (Fixed) (Total:931.48 GB) (Free:653.43 GB) (Model: WD My Passport 25E1 USB Device) NTFS
Drive e: (SANDISK 32) (Removable) (Total:29.71 GB) (Free:29.64 GB) FAT32

\\?\Volume{337db906-d729-4b83-80fb-728166689139}\ () (Fixed) (Total:0.94 GB) (Free:0.08 GB) NTFS
\\?\Volume{c306a302-556e-4247-b7e7-ffc97f7d7d5e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 433580D9)
Partition 1: (Not Active) - (Size=29.7 GB) - (Type=0C)

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,962   +507
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Nicki

Posts: 210   +0
Program : RogueKiller Anti-Malware
Version : 15.5.3.0
x64 : Yes
Program Date : Jun 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Nicki
User is Admin : Yes
Date : 2022/08/05 21:53:43
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 833
Found items : 0
Total scanned : 80543
Signatures Version : 20220801_083458
Truesight Driver : Yes
Updates Count : 1
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
Google Chrome (64-bit), version 103.0.5060.134
[+] Available Version : 104.0.5112.8
[+] Size : 81.9 MB
[+] Wow6432 : No
[+] Portable : No


************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts


************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************
 

Nicki

Posts: 210   +0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/5/22
Scan Time: 6:07 PM
Log File: f25dac04-150a-11ed-ab22-5c879cbafe1d.json

-Software Information-
Version: 4.5.12.204
Components Version: 1.0.1725
Update Package Version: 1.0.58227
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1826)
CPU: x64
File System: NTFS
User: Henry\Nicki

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315691
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 32 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Nicki

Posts: 210   +0
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-05-2022
# Duration: 00:00:05
# OS: Windows 10 Home
# Scanned: 32053
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A9B32E-2282-453D-8D72-8F07398537E0}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Nicki\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK


AdwCleaner[S00].txt - [2668 octets] - [11/05/2021 22:03:01]
AdwCleaner[S01].txt - [2984 octets] - [03/06/2021 07:55:12]
AdwCleaner[S02].txt - [3045 octets] - [07/06/2021 07:32:15]
AdwCleaner[S03].txt - [3106 octets] - [14/06/2021 15:47:23]
AdwCleaner[S04].txt - [3167 octets] - [14/06/2021 15:48:47]
AdwCleaner[S05].txt - [3260 octets] - [13/07/2021 08:27:35]
AdwCleaner[C05].txt - [1913 octets] - [13/07/2021 08:28:13]
AdwCleaner[S06].txt - [3350 octets] - [13/07/2021 08:28:26]
AdwCleaner[S07].txt - [3156 octets] - [13/07/2021 08:41:01]
AdwCleaner[S08].txt - [3217 octets] - [18/07/2021 20:18:25]
AdwCleaner[S09].txt - [3533 octets] - [25/07/2021 20:08:23]
AdwCleaner[S10].txt - [3594 octets] - [25/07/2021 20:17:19]
AdwCleaner[S11].txt - [3400 octets] - [27/07/2021 16:49:07]
AdwCleaner[S12].txt - [3461 octets] - [16/08/2021 15:25:19]
AdwCleaner[S13].txt - [3522 octets] - [30/08/2021 07:26:35]
AdwCleaner[S14].txt - [3583 octets] - [14/09/2021 17:01:54]
AdwCleaner[S15].txt - [3644 octets] - [15/09/2021 16:53:22]
AdwCleaner[S16].txt - [3705 octets] - [08/10/2021 07:20:44]
AdwCleaner[S17].txt - [3766 octets] - [10/10/2021 21:37:38]
AdwCleaner[S18].txt - [3827 octets] - [18/10/2021 06:48:03]
AdwCleaner[S19].txt - [4280 octets] - [31/10/2021 13:31:30]
AdwCleaner[S20].txt - [4086 octets] - [16/12/2021 19:35:10]
AdwCleaner[S21].txt - [4147 octets] - [28/12/2021 21:07:15]
AdwCleaner[S22].txt - [4208 octets] - [08/01/2022 14:14:15]
AdwCleaner[S23].txt - [4524 octets] - [06/02/2022 19:42:05]
AdwCleaner[S24].txt - [4330 octets] - [17/02/2022 17:11:32]
AdwCleaner[S25].txt - [4423 octets] - [17/03/2022 06:42:01]
AdwCleaner[C25].txt - [3194 octets] - [17/03/2022 06:50:07]
AdwCleaner[S26].txt - [4513 octets] - [07/04/2022 20:29:52]
AdwCleaner[S27].txt - [4606 octets] - [13/04/2022 07:41:40]
AdwCleaner[C27].txt - [3377 octets] - [13/04/2022 07:42:10]
AdwCleaner[S28].txt - [4951 octets] - [30/04/2022 21:32:15]
AdwCleaner[S29].txt - [5012 octets] - [28/05/2022 14:45:55]
AdwCleaner[S30].txt - [4818 octets] - [28/05/2022 17:35:32]
AdwCleaner[S31].txt - [4911 octets] - [11/06/2022 16:34:32]
AdwCleaner[C31].txt - [3682 octets] - [11/06/2022 16:34:42]
AdwCleaner[S32].txt - [5001 octets] - [11/06/2022 16:35:47]
AdwCleaner[S33].txt - [5094 octets] - [25/06/2022 10:12:20]
AdwCleaner[C33].txt - [3865 octets] - [25/06/2022 10:17:07]
AdwCleaner[S34].txt - [5439 octets] - [06/07/2022 18:05:55]
AdwCleaner[S35].txt - [5245 octets] - [12/07/2022 20:36:44]
AdwCleaner[S36].txt - [5306 octets] - [22/07/2022 13:03:01]
AdwCleaner[S37].txt - [5367 octets] - [05/08/2022 12:21:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S38].txt ##########
 

Nicki

Posts: 210   +0
Computer is responding somewhat better but still sluggish. Fan seems to kick into high gear frequently and stay on for longer periods but it eventually throttles down.
 

Broni

Posts: 55,962   +507
I don't see anything malicious there.
I suggest new topic in Windows forum.
Good luck :)