Solved PUP found and removed but computer sluggish and fan running constantly

Nicki

Posts: 210   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (04-05-2021 20:10:04)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN Microelectronics Corporation -> ELAN) [File not signed] C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_29a6dc809538b640\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe <2>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7581512 2021-03-22] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [Amazon Photos] => "C:\Users\Nicki\AppData\Local\Amazon Drive\AmazonPhotos.exe" --source-autostart
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "D:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * bootdeletebootdelete

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B50A5A6-B9DE-4FB4-B060-2D592FAC0A74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {0F8F0B9D-9594-4794-B41E-B559FD0278F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {1A64F3C0-E210-41E4-959F-348616ED24DD} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135544 2019-05-03] (HP Inc. -> HP Inc.)
Task: {4726F9E8-C72C-460B-A2B6-A6BCF8F4FEFC} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {A0DF624F-0FF9-41FA-8932-A01872A7E618} - System32\Tasks\AutomaticCare => C:\Program Files\Norton Utilities Premium\nup.exe [630856 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {C0DF7766-49FB-4AE8-BBFC-A6D322DC9ACF} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2344608 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {C6AE59A8-F5C1-4FE1-B549-5DC4D6602394} - System32\Tasks\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\activesync.exe [244808 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {D287EC3B-8AF0-4F25-8762-1A0E7E5AB1C2} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D4FBB0C9-84F0-4F52-A1C7-827FB41EA31F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DAF90A2D-D5D8-4F11-BD95-16A4BAC844CC} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.2.50\WSCStub.exe [643584 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {DE273F3C-BE12-4FA9-AD5C-28B45865DC48} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {DE75303E-11C4-411F-9BED-328E540A181A} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe [244808 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {DFA6382A-D495-4B39-B351-20339E1F5049} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {EC5D688B-90D9-4488-9A60-E3DE6D0ADE8E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {F9029F9A-13F1-4F5C-9F89-36E9D83DB33B} - System32\Tasks\Live Boost Process Governor => C:\Program Files\Norton Utilities Premium\x64\LBgovernor.exe [1061960 2021-03-07] (Symantec Corporation -> Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-04]

FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-07-12]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 [2021-05-04]
FF Homepage: Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 -> hxxps://www.instagram.com; hxxps://calendar.google.com; hxxps://mewe.com
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428\Extensions\@contain-facebook.xpi [2020-09-29]
FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428\Extensions\retailmenot-genie@rmn.com.xpi [2021-04-29]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2021-05-04]
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-09]
CHR Extension: (Docs) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-09]
CHR Extension: (Google Drive) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-09]
CHR Extension: (Sheets) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Extension: (Gmail) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-04]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe [731152 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe [729608 2021-03-24] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8923424 2021-03-22] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-19] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe [343336 2021-03-26] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe [1054536 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20210427.011\BHDrvx64.sys [1995864 2021-03-16] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\ccSetx64.sys [192248 2021-03-26] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-02] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-06] (Symantec Corporation -> Broadcom)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-05-04] (SurfRight B.V. -> )
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20210504.061\IDSvia64.sys [1488976 2021-04-05] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-27] (Malwarebytes Inc -> Malwarebytes)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\nsvst.sys [56912 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSP64.SYS [890464 2021-03-26] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSPX64.SYS [50272 2021-03-26] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SYMEFASI64.SYS [2060656 2021-03-26] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SymELAM.sys [25080 2021-03-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99912 2020-11-27] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712424 2020-07-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\Ironx64.SYS [316488 2021-03-26] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\symnets.sys [575328 2021-03-26] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\wpCtrlDrv.sys [1013792 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 20:10 - 2021-05-04 20:10 - 000027207 _____ C:\Users\Nicki\Desktop\FRST.txt
2021-05-04 20:08 - 2021-05-04 20:08 - 002298368 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2021-05-04 19:57 - 2021-05-04 19:57 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-04 19:51 - 2021-05-04 19:57 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-05-04 19:40 - 2021-05-04 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVO Software Library
2021-05-04 19:36 - 2021-05-04 19:37 - 429104024 _____ C:\Users\Nicki\Downloads\cookn.exe
2021-05-04 19:20 - 2021-05-04 19:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-05-04 18:27 - 2021-05-04 18:27 - 000000000 ____D C:\Users\Nicki\.swt
2021-05-04 18:24 - 2021-05-04 18:24 - 000000000 ____D C:\Users\Nicki\AppData\Local\eclipse
2021-05-04 18:22 - 2021-05-04 18:22 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n12
2021-05-04 18:22 - 2021-05-04 18:22 - 000000000 ____D C:\ProgramData\Oracle
2021-05-04 18:20 - 2021-05-04 18:21 - 302684456 _____ C:\Users\Nicki\Downloads\cooknv12installer.exe
2021-05-04 17:06 - 2021-05-04 18:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-04-25 14:48 - 2021-04-25 14:48 - 000000000 ____D C:\Users\Nicki\AppData\Local\Apple Inc
2021-04-25 14:29 - 2021-04-25 14:29 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-04-25 14:29 - 2021-04-25 14:29 - 000001823 _____ C:\ProgramData\Desktop\iTunes.lnk
2021-04-25 14:29 - 2021-04-25 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-04-25 14:28 - 2021-04-25 14:29 - 000000000 ____D C:\Program Files\iTunes
2021-04-21 19:06 - 2021-04-22 06:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-21 19:06 - 2021-04-21 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-14 17:04 - 2021-04-14 17:04 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 17:04 - 2021-04-14 17:04 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-14 17:04 - 2021-04-14 17:04 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 06:34 - 2021-04-16 06:34 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Norton
2021-04-08 15:56 - 2021-05-04 20:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-04-08 15:50 - 2021-04-08 16:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-04-08 15:50 - 2021-04-08 15:50 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 20:10 - 2020-07-11 22:12 - 000000000 ____D C:\FRST
2021-05-04 20:07 - 2019-08-09 07:31 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-04 20:06 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2021-05-04 20:03 - 2020-08-08 11:57 - 000847728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-04 20:03 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 19:59 - 2019-08-09 07:32 - 000000000 ____D C:\Program Files\CCleaner
2021-05-04 19:57 - 2020-08-08 11:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-04 19:57 - 2020-08-08 11:43 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-04 19:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-04 19:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 19:57 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2021-05-04 19:56 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-04 19:55 - 2020-03-13 07:05 - 000008574 _____ C:\WINDOWS\system32\.crusader
2021-05-04 19:55 - 2019-05-03 12:29 - 000000000 ____D C:\ProgramData\HP
2021-05-04 19:50 - 2020-03-13 07:00 - 011291072 _____ (SurfRight B.V.) C:\Users\Nicki\Downloads\HitmanPro_x64.exe
2021-05-04 19:36 - 2019-08-09 14:24 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n Backups
2021-05-04 19:17 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2021-05-04 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-04 18:51 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-04 18:27 - 2020-08-08 11:48 - 000000000 ____D C:\Users\Nicki
2021-05-04 18:22 - 2019-08-09 14:22 - 000000000 ____D C:\Users\Nicki\AppData\Local\DVO
2021-05-04 18:15 - 2019-08-09 07:38 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-05-04 16:44 - 2020-08-08 11:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-04 06:33 - 2020-07-25 07:20 - 000000000 ____D C:\Users\Nicki\Desktop\Desktop Tidy
2021-05-03 14:54 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2021-05-03 14:25 - 2019-10-24 06:56 - 000000000 ____D C:\Users\Nicki\00Photos
2021-05-03 13:41 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-03 06:37 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-30 16:44 - 2020-06-20 20:05 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 15:28 - 2021-01-22 09:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-29 16:15 - 2020-08-08 11:53 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-27 07:53 - 2021-02-13 22:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-26 18:29 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2021-04-26 18:28 - 2019-10-13 16:44 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-26 18:28 - 2019-10-13 16:44 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-04-26 15:48 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 06:38 - 2020-08-08 11:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 06:38 - 2020-08-08 11:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-25 12:02 - 2019-08-09 08:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 19:06 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-20 18:41 - 2020-08-08 11:53 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 18:41 - 2020-08-08 11:53 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-14 22:00 - 2020-08-08 11:44 - 000445016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 21:59 - 2020-08-08 15:30 - 000000000 ____D C:\WINDOWS\HoloShell
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 17:06 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 17:03 - 2020-08-08 11:47 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 16:57 - 2019-08-09 06:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 16:55 - 2019-08-09 06:24 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-08 16:55 - 2020-11-27 13:02 - 000002427 _____ C:\Users\Public\Desktop\Norton Security.lnk
2021-04-08 16:55 - 2020-11-27 13:02 - 000002427 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-04-08 16:19 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2021-04-08 15:51 - 2020-11-27 13:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-04-06 18:25 - 2020-12-19 21:40 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Nicki (04-05-2021 20:11:33)
Running from C:\Users\Nicki\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2020-08-08 16:02:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-282240636-1967671034-2412643917-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-282240636-1967671034-2412643917-503 - Limited - Disabled)
Guest (S-1-5-21-282240636-1967671034-2412643917-501 - Limited - Disabled)
Nicki (S-1-5-21-282240636-1967671034-2412643917-1001 - Administrator - Enabled) => C:\Users\Nicki
WDAGUtilityAccount (S-1-5-21-282240636-1967671034-2412643917-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{3d2240de-3c21-4e14-84b3-1c6cd02bfab4}) (Version: 10.1.17969.8134 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{94979CD2-0904-47DE-A4AC-04F1C4524650}) (Version: 17.2.8.1029 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{6A30F121-0E07-4F49-B9F2-CDAFA63C8BD6}) (Version: 7.3.5289 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Moneyspire 2021 version 21.0.2 (HKLM-x32\...\Moneyspire 2021_is1) (Version: 21.0.2 - Moneyspire Inc.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
Mozilla Thunderbird 78.10.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.10.1 (x86 en-US)) (Version: 78.10.1 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.2.50 - NortonLifeLock Inc)
Norton Utilities Premium (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 17.0.7.7 - NortonLifeLock)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
RootsMagic 7.6.3.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.6.3.0 - RootsMagic, Inc.)
Spotify (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Spotify) (Version: 1.1.43.700.g20acee0f - Spotify AB)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: 5.1.25 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Zoom (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-08-11] (HP Inc.)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.7.194.0_x64__dt26b99r8h8gj [2020-08-11] (Realtek Semiconductor Corp)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6 [2021-02-07] (HP Inc.)
HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2020-08-11] (ELAN MICROELECTRONICS CORP.) [Startup Task]
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-01-27] (HP Inc.)
HP Pen Control -> C:\Program Files\WindowsApps\AD2F1837.HPPenControl_3.0.38.0_x64__v10z8vjag6ke6 [2021-04-18] (HP Inc.) [Startup Task]
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-04-18] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.290.0_x64__v10z8vjag6ke6 [2021-04-16] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-05] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-04-18] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-08-11] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10308.5635.0_x64__8wekyb3d8bbwe [2021-04-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-08-11] (Synaptics Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-10 11:41 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\951888f8ec328648f94e872e4166a50b\Interop.IWshRuntimeLibrary.ni.dll
2020-04-27 14:07 - 2010-03-15 19:04 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-08-10 11:41 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-08-10 11:41 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2019-08-10 11:41 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2019-08-10 11:41 - 2013-10-10 21:55 - 002040320 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2019-08-10 12:11 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2019-08-10 12:11 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-10 12:11 - 2012-07-05 07:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-03-29 13:41 - 2021-03-29 13:41 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\0f1eaacb1233127eedde1676050c2306\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-20 21:38 - 2020-06-20 21:38 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-02-06 09:39 - 2021-02-06 09:39 - 023903744 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\HpSystemManagement.dll
2021-02-06 09:39 - 2021-02-06 09:39 - 000013312 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2021-02-06 09:39 - 2021-02-06 09:39 - 000014848 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\Win32Process\NativeRpcClient.DLL
2019-03-27 18:29 - 2019-03-27 18:29 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 001591808 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9f1fb811cecca00c1c0093fcdbfb55df\NAudio.ni.dll
2020-08-08 11:49 - 2020-08-08 11:49 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 003127808 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\af5a3640200201f73429f4848045535d\Newtonsoft.Json.ni.dll
2021-03-29 13:41 - 2021-03-29 13:41 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\99ce6136aae3bc57a1c49add2632a650\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-11-16 08:13 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-04-19 20:58 - 2020-04-19 20:58 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A4A9A9C5-75E1-4CCA-9A2F-91EDABD10290}] => (Allow) C:\Users\Nicki\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4DAC619A-150F-4B5D-9453-14FDCA0D4C55}] => (Allow) LPort=54925
FirewallRules: [{7FC277EC-5C78-4006-9FBE-B7CFB0B3F4D4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{80E3512A-0341-4522-BFFA-C43A376B97F6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{DE6EBEB0-BDB9-44CD-8FDC-55A9248CBC7B}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{CBDA1D72-C17C-40AC-8A2B-22B848875F01}] => (Allow) LPort=54925
FirewallRules: [{93951AD3-20F2-488B-BF97-360CE5ED0E36}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{4F27A9AC-2764-499E-A41B-B60075B80F64}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{9B3D13B0-803E-441B-874A-5D2FF738A1C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2088A705-1768-4313-8E53-248857705F56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BAEF3B6-5695-4CC7-876B-E973F769ADC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E4598-77EE-4308-ADE5-DFAA1E505844}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{875D6C6F-E41E-46B6-A227-6DF97F3F9257}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2026F4A9-622B-47BA-8C5B-C173995E66EE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{EAF4762A-FE55-4C58-9C82-A36CD8020CC7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{33F2DEB0-8A16-44F9-B118-ACFB58893F45}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7B505800-E917-4363-BA9C-084DAA8DC9B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32F2A922-7239-418F-BB52-6632F0914D30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{521D86EF-7827-4021-83D4-446FA4FDEA56}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{85C1DC87-6466-489B-A0DF-624CF4D6A289}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D8B60715-7A9C-47CD-A870-A3F3D0AAFB3D}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A38D830C-BD0C-4E4D-8206-65629A40831C}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52AB126D-D1E5-4A8C-BB2A-91438E6755A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2A38D97-C22D-44F1-978F-E13DA80D8C17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-04-2021 16:19:21 Scheduled Checkpoint
01-05-2021 11:58:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226

Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.226:5353 16 Henry.local. AAAA 2601:019B:C701:5CB0:0000:0000:0000:BB0A

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000388,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000002E36FEE80.72). hr = 0x80070005, Access is denied.
.

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e0,(null),0,REG_BINARY,0000002C9F6FD980.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5af862e4-ed58-42da-8bae-739ff3cd1a8b}

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000284,(null),0,REG_BINARY,0000001018E7D8B0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {cf27a3b5-0248-4040-91d1-ed84a6548251}

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000950,(null),0,REG_BINARY,000000E37837D5B0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {23300c1b-e1af-4ac7-8ab0-7b6fd9beed2c}

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,(null),0,REG_BINARY,00000002E377F200.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {c45f75fa-1c56-4fef-a34a-cfb959c54d75}


System errors:
=============
Error: (05/04/2021 07:57:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error:
The operation completed successfully.

Error: (05/04/2021 07:56:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:56:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:56:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.

Error: (05/04/2021 07:56:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:55:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.

Error: (05/04/2021 07:50:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Macrium Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/04/2021 07:50:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===============
Date: 2021-05-04 19:58:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.2.50\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.22 11/26/2019
Motherboard: HP 850C
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 12077.74 MB
Available physical RAM: 7164.05 MB
Total Virtual: 30509.74 MB
Available Virtual: 25564.01 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:778.67 GB) NTFS
Drive e: (HP CARD #1) (Removable) (Total:29.71 GB) (Free:29.66 GB) FAT32

\\?\Volume{337db906-d729-4b83-80fb-728166689139}\ () (Fixed) (Total:0.94 GB) (Free:0.08 GB) NTFS
\\?\Volume{c306a302-556e-4247-b7e7-ffc97f7d7d5e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Scans run prior to contacting TechSpot include , ADWcleaner, HitManPro, Malwarebytes and CCleaner. PUP.Optimal.Legacy quaratined/removed through ADWCleaner I believe
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Nicki [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210505_100855, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/05/05 06:54:18 (Duration : 00:10:36)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Windows\CurrentVersion\Run|Amazon Photos -- [%localappdata%\Amazon Drive\AmazonPhotos.exe] -> Deleted
[PUP.Gen2 (Potentially Malicious)] Honey -- jid1-93CWPmRbVPjRQA@jetpack -> Deleted
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/5/21
Scan Time: 6:58 AM
Log File: d4e77c96-ad90-11eb-8267-5c879cbafe1d.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1273
Update Package Version: 1.0.40137
License: Free

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: Henry\Nicki

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298344
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-05-2021
# Duration: 00:00:04
# OS: Windows 10 Home
# Scanned: 31983
# Detected: 12


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A9B32E-2282-453D-8D72-8F07398537E0}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Nicki\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK


AdwCleaner[S00].txt - [3044 octets] - [13/03/2020 06:40:02]
AdwCleaner[C00].txt - [1677 octets] - [13/03/2020 06:40:45]
AdwCleaner[S01].txt - [3077 octets] - [13/03/2020 06:41:54]
AdwCleaner[C01].txt - [1730 octets] - [13/03/2020 06:42:04]
AdwCleaner[S02].txt - [2912 octets] - [30/03/2020 23:35:10]
AdwCleaner[S03].txt - [2973 octets] - [07/04/2020 21:50:52]
AdwCleaner[S04].txt - [3066 octets] - [23/04/2020 18:48:03]
AdwCleaner[C04].txt - [1974 octets] - [23/04/2020 18:48:16]
AdwCleaner[S05].txt - [3156 octets] - [25/04/2020 07:33:48]
AdwCleaner[S06].txt - [3249 octets] - [08/06/2020 12:56:14]
AdwCleaner[C06].txt - [2157 octets] - [08/06/2020 13:14:43]
AdwCleaner[S07].txt - [3339 octets] - [08/06/2020 13:16:03]
AdwCleaner[S08].txt - [3400 octets] - [10/06/2020 07:21:37]
AdwCleaner[S09].txt - [3461 octets] - [13/06/2020 12:14:40]
AdwCleaner[S10].txt - [3554 octets] - [28/06/2020 23:54:50]
AdwCleaner[C10].txt - [2462 octets] - [28/06/2020 23:55:04]
AdwCleaner[S11].txt - [3644 octets] - [11/07/2020 21:27:18]
AdwCleaner[S12].txt - [3705 octets] - [12/07/2020 04:42:54]
AdwCleaner[S13].txt - [3766 octets] - [25/07/2020 14:35:03]
AdwCleaner[S14].txt - [4082 octets] - [06/08/2020 19:47:38]
AdwCleaner[S15].txt - [3888 octets] - [07/08/2020 15:43:19]
AdwCleaner[S16].txt - [4204 octets] - [09/08/2020 10:29:23]
AdwCleaner[S17].txt - [4297 octets] - [11/11/2020 06:25:07]
AdwCleaner[C17].txt - [2950 octets] - [11/11/2020 06:25:27]
AdwCleaner[S18].txt - [4132 octets] - [07/12/2020 22:45:37]
AdwCleaner[S19].txt - [4480 octets] - [19/12/2020 20:25:13]
AdwCleaner[C19].txt - [3133 octets] - [19/12/2020 20:25:24]
AdwCleaner[S20].txt - [4570 octets] - [19/12/2020 20:27:53]
AdwCleaner[S21].txt - [4408 octets] - [15/01/2021 14:05:23]
AdwCleaner[C21].txt - [3316 octets] - [15/01/2021 14:05:35]
AdwCleaner[S22].txt - [4785 octets] - [11/03/2021 20:16:08]
AdwCleaner[C22].txt - [3438 octets] - [11/03/2021 20:16:20]
AdwCleaner[S23].txt - [4651 octets] - [28/03/2021 11:05:44]
AdwCleaner[C23].txt - [3560 octets] - [28/03/2021 11:06:00]
AdwCleaner[S24].txt - [5029 octets] - [04/05/2021 19:50:21]
AdwCleaner[C24].txt - [3682 octets] - [04/05/2021 19:50:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S25].txt ##########
 
Fan is not running as frequently and does not sound like it is going to take off like an airplane Computer seems to be a bit more responsive - not as much lag time when opening firefox, etc
 
Good :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Nicki (administrator) on HENRY (HP HP ENVY x360 Convertible 15-cn1xxx) (05-05-2021 08:15:02)
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(ELAN Microelectronics Corporation -> ELAN) [File not signed] C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_87a05f372b04db63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_0c50c5dc47ed0efe\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_29a6dc809538b640\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe <2>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [970528 2019-09-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-02-26] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7581512 2021-03-22] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\MountPoints2: {8ae3d9fd-bbb7-11e9-818f-5c879cbafe1d} - "D:\LaunchU3.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2019-08-10]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (Intuit) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2019-08-10]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files (x86)\Quicken\bagent.exe (Intuit Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2019-08-10]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\Quicken\QWDLLS.EXE (Intuit) [File not signed]
Startup: C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-08-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * bootdeletebootdelete

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B50A5A6-B9DE-4FB4-B060-2D592FAC0A74} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {0F8F0B9D-9594-4794-B41E-B559FD0278F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {292C83A7-82CC-4D4F-B85A-FD2B1DCE0608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {3242FFB1-E6AA-4BD9-978F-12D4C7232176} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135544 2019-05-03] (HP Inc. -> HP Inc.)
Task: {389C3840-029B-4F98-88D7-562808611E5A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2344608 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4726F9E8-C72C-460B-A2B6-A6BCF8F4FEFC} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {4B4632BD-0115-4B1F-98BB-5A35CD1F6608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282240636-1967671034-2412643917-500 => C:\Users\Nicki\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {78EB442A-649E-47F4-94A4-37AAD86A42A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-09] (Google Inc -> Google LLC)
Task: {A0DF624F-0FF9-41FA-8932-A01872A7E618} - System32\Tasks\AutomaticCare => C:\Program Files\Norton Utilities Premium\nup.exe [630856 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {C6AE59A8-F5C1-4FE1-B549-5DC4D6602394} - System32\Tasks\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\activesync.exe [244808 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {D0C8953B-93CA-43D9-9F8D-2FDDE9E1E5CF} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D287EC3B-8AF0-4F25-8762-1A0E7E5AB1C2} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D4FBB0C9-84F0-4F52-A1C7-827FB41EA31F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DE273F3C-BE12-4FA9-AD5C-28B45865DC48} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {DE75303E-11C4-411F-9BED-328E540A181A} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe [244808 2021-03-07] (Symantec Corporation -> Symantec Corporation)
Task: {DFA6382A-D495-4B39-B351-20339E1F5049} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-08-09] (HP Inc. -> HP Inc.)
Task: {E327E790-D5A3-4D64-B31B-994858062118} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {E8A9B32E-2282-453D-8D72-8F07398537E0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {EC5D688B-90D9-4488-9A60-E3DE6D0ADE8E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {F5F89E2C-F198-474E-B231-2BF70D73AEFC} - System32\Tasks\Live Boost Process Governor => C:\Program Files\Norton Utilities Premium\x64\LBgovernor.exe [1061960 2021-03-07] (Symantec Corporation -> Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{63df01f0-50fb-4a1d-903f-3c62c404e66e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b332947e-406c-4b78-8c25-71ce0868b9c0}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Nicki\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-05]

FireFox:
========
FF DefaultProfile: 4xxavejw.default
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\4xxavejw.default [2020-07-12]
FF ProfilePath: C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 [2021-05-05]
FF Homepage: Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428 -> hxxps://www.instagram.com; hxxps://calendar.google.com; hxxps://mewe.com
FF Extension: (Facebook Container) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428\Extensions\@contain-facebook.xpi [2020-09-29]
FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\r96ez6m4.default-release-1594585081428\Extensions\retailmenot-genie@rmn.com.xpi [2021-04-29]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default [2021-05-05]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-09]
CHR Extension: (Docs) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-09]
CHR Extension: (Google Drive) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-09]
CHR Extension: (Sheets) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-09]
CHR Extension: (Google Docs Offline) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-18]
CHR Extension: (Gmail) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-04]
CHR Profile: C:\Users\Nicki\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe [731152 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe [729608 2021-03-24] (HP Inc. -> HP Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8923424 2021-03-22] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-19] (Malwarebytes Inc -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.3.48\NortonSecurity.exe [343336 2021-04-30] (NortonLifeLock Inc. -> Broadcom)
R3 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe [1054536 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20210427.011\BHDrvx64.sys [1995864 2021-03-16] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\ccSetx64.sys [192248 2021-04-30] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-02] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-06] (Symantec Corporation -> Broadcom)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [57728 2021-05-04] (SurfRight B.V. -> )
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20210504.061\IDSvia64.sys [1488976 2021-04-05] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-05] (Malwarebytes Inc -> Malwarebytes)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\nsvst.sys [56912 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSP64.SYS [890464 2021-03-26] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SRTSPX64.SYS [50272 2021-04-30] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SYMEFASI64.SYS [2062424 2021-04-30] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\SymELAM.sys [25080 2021-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99912 2020-11-27] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712424 2020-07-20] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615030.030\Ironx64.SYS [316488 2021-04-30] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\symnets.sys [575328 2021-03-26] (Symantec Corporation -> Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-05-05] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
R3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\wpCtrlDrv.sys [1013792 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 07:16 - 2021-05-05 07:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-05-05 07:12 - 2021-05-05 07:12 - 000004864 _____ C:\Users\Nicki\Desktop\AdwCleaner[S25].txt
2021-05-05 07:10 - 2021-05-05 07:10 - 008534696 _____ (Malwarebytes) C:\Users\Nicki\Desktop\AdwCleaner.exe
2021-05-05 07:09 - 2021-05-05 07:09 - 000001219 _____ C:\Users\Nicki\Desktop\MB.txt
2021-05-05 06:57 - 2021-05-05 06:57 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-05 06:57 - 2021-05-05 06:57 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-05 06:57 - 2020-12-19 21:40 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-05 06:56 - 2021-05-05 06:56 - 002078632 _____ (Malwarebytes) C:\Users\Nicki\Desktop\MBSetup.exe
2021-05-05 06:55 - 2021-05-05 06:55 - 000001672 _____ C:\Users\Nicki\Desktop\as_5369.tmp.txt
2021-05-05 06:35 - 2021-05-05 06:35 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-05-05 06:35 - 2021-05-05 06:35 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-05-05 06:35 - 2021-05-05 06:35 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-05-05 06:35 - 2021-05-05 06:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-05-05 06:35 - 2021-05-05 06:35 - 000000000 ____D C:\Program Files\RogueKiller
2021-05-05 06:34 - 2021-05-05 06:40 - 000000000 ____D C:\ProgramData\RogueKiller
2021-05-05 06:33 - 2021-05-05 06:33 - 040488656 _____ (Adlice Software ) C:\Users\Nicki\Desktop\RogueKiller_setup.exe
2021-05-04 20:11 - 2021-05-04 20:14 - 000033633 _____ C:\Users\Nicki\Desktop\Addition.txt
2021-05-04 20:10 - 2021-05-05 08:16 - 000026978 _____ C:\Users\Nicki\Desktop\FRST.txt
2021-05-04 20:08 - 2021-05-04 20:08 - 002298368 _____ (Farbar) C:\Users\Nicki\Desktop\FRST64.exe
2021-05-04 19:51 - 2021-05-04 19:57 - 000057728 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2021-05-04 19:40 - 2021-05-04 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVO Software Library
2021-05-04 19:36 - 2021-05-04 19:37 - 429104024 _____ C:\Users\Nicki\Downloads\cookn.exe
2021-05-04 18:27 - 2021-05-04 18:27 - 000000000 ____D C:\Users\Nicki\.swt
2021-05-04 18:24 - 2021-05-04 18:24 - 000000000 ____D C:\Users\Nicki\AppData\Local\eclipse
2021-05-04 18:22 - 2021-05-04 18:22 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n12
2021-05-04 18:22 - 2021-05-04 18:22 - 000000000 ____D C:\ProgramData\Oracle
2021-05-04 18:20 - 2021-05-04 18:21 - 302684456 _____ C:\Users\Nicki\Downloads\cooknv12installer.exe
2021-05-04 17:06 - 2021-05-04 18:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-04-25 14:48 - 2021-04-25 14:48 - 000000000 ____D C:\Users\Nicki\AppData\Local\Apple Inc
2021-04-25 14:29 - 2021-04-25 14:29 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-04-25 14:29 - 2021-04-25 14:29 - 000001823 _____ C:\ProgramData\Desktop\iTunes.lnk
2021-04-25 14:29 - 2021-04-25 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-04-25 14:28 - 2021-04-25 14:29 - 000000000 ____D C:\Program Files\iTunes
2021-04-21 19:06 - 2021-04-22 06:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-21 19:06 - 2021-04-21 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-14 17:04 - 2021-04-14 17:04 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 17:04 - 2021-04-14 17:04 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-14 17:04 - 2021-04-14 17:04 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 06:34 - 2021-04-16 06:34 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Norton
2021-04-08 15:56 - 2021-05-05 07:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-04-08 15:50 - 2021-04-08 16:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 08:15 - 2020-07-11 22:12 - 000000000 ____D C:\FRST
2021-05-05 08:14 - 2020-08-08 11:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-05 07:21 - 2019-08-09 07:31 - 000000000 ____D C:\Users\Nicki\AppData\LocalLow\Mozilla
2021-05-05 07:20 - 2019-08-09 07:31 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-05 07:19 - 2020-11-27 12:40 - 000003232 _____ C:\WINDOWS\system32\Tasks\Live Boost Process Governor
2021-05-05 06:57 - 2020-12-19 21:40 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-05 06:57 - 2020-12-19 21:40 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-05 06:57 - 2020-12-19 21:40 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-05 06:57 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-05 06:56 - 2020-11-27 13:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-05-05 06:41 - 2019-08-09 07:32 - 000000000 ____D C:\Program Files\CCleaner
2021-05-05 06:39 - 2020-08-08 11:57 - 000847728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-05 06:39 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-05 06:32 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-05 06:31 - 2020-08-08 11:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-05 06:31 - 2020-08-08 11:43 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-05 06:31 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-05 06:31 - 2019-08-09 00:46 - 000000000 __SHD C:\Users\Nicki\IntelGraphicsProfiles
2021-05-04 21:52 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-04 20:23 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-04 20:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-04 19:55 - 2020-03-13 07:05 - 000008574 _____ C:\WINDOWS\system32\.crusader
2021-05-04 19:55 - 2019-05-03 12:29 - 000000000 ____D C:\ProgramData\HP
2021-05-04 19:50 - 2020-03-13 07:00 - 011291072 _____ (SurfRight B.V.) C:\Users\Nicki\Downloads\HitmanPro_x64.exe
2021-05-04 19:36 - 2019-08-09 14:24 - 000000000 ____D C:\Users\Nicki\Documents\Cook'n Backups
2021-05-04 19:17 - 2019-08-09 06:54 - 000000000 ____D C:\Users\Nicki\00Documents
2021-05-04 18:51 - 2019-08-09 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-04 18:27 - 2020-08-08 11:48 - 000000000 ____D C:\Users\Nicki
2021-05-04 18:22 - 2019-08-09 14:22 - 000000000 ____D C:\Users\Nicki\AppData\Local\DVO
2021-05-04 18:15 - 2019-08-09 07:38 - 000001285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-05-04 06:33 - 2020-07-25 07:20 - 000000000 ____D C:\Users\Nicki\Desktop\Desktop Tidy
2021-05-03 14:54 - 2019-08-09 00:46 - 000000000 ____D C:\Users\Nicki\AppData\Local\VirtualStore
2021-05-03 14:25 - 2019-10-24 06:56 - 000000000 ____D C:\Users\Nicki\00Photos
2021-05-03 13:41 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-30 16:44 - 2020-06-20 20:05 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 15:28 - 2021-01-22 09:04 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-29 16:15 - 2020-08-08 11:53 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-26 18:29 - 2019-08-09 14:09 - 000000000 ____D C:\Users\Nicki\AppData\Roaming\vlc
2021-04-26 18:28 - 2019-10-13 16:44 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-26 18:28 - 2019-10-13 16:44 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-04-26 15:48 - 2019-08-09 07:29 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 06:38 - 2020-08-08 11:53 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 06:38 - 2020-08-08 11:53 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-25 12:02 - 2019-08-09 08:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 19:06 - 2019-08-09 07:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-20 18:41 - 2020-08-08 11:53 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 18:41 - 2020-08-08 11:53 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-14 22:00 - 2020-08-08 11:44 - 000445016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-14 21:59 - 2020-08-08 15:30 - 000000000 ____D C:\WINDOWS\HoloShell
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-14 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 17:06 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 17:03 - 2020-08-08 11:47 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 16:57 - 2019-08-09 06:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 16:55 - 2019-08-09 06:24 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-08 16:55 - 2020-11-27 13:02 - 000002427 _____ C:\Users\Public\Desktop\Norton Security.lnk
2021-04-08 16:55 - 2020-11-27 13:02 - 000002427 _____ C:\ProgramData\Desktop\Norton Security.lnk
2021-04-08 16:19 - 2019-08-10 11:20 - 000000000 ____D C:\Program Files\Common Files\AV
2021-04-06 18:25 - 2020-12-19 21:40 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Nicki (05-05-2021 08:17:23)
Running from C:\Users\Nicki\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2020-08-08 16:02:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-282240636-1967671034-2412643917-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-282240636-1967671034-2412643917-503 - Limited - Disabled)
Guest (S-1-5-21-282240636-1967671034-2412643917-501 - Limited - Disabled)
Nicki (S-1-5-21-282240636-1967671034-2412643917-1001 - Administrator - Enabled) => C:\Users\Nicki
WDAGUtilityAccount (S-1-5-21-282240636-1967671034-2412643917-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Online (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Online (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Online (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security Online (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
FW: Norton Security Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
Cook'n (HKLM-x32\...\Cook'n) (Version: - )
Dynamic Application Loader Host Interface Service (HKLM\...\{3252E69D-9075-40FD-A9EF-F6D96091B5BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{3d2240de-3c21-4e14-84b3-1c6cd02bfab4}) (Version: 10.1.17969.8134 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{94979CD2-0904-47DE-A4AC-04F1C4524650}) (Version: 17.2.8.1029 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{6A30F121-0E07-4F49-B9F2-CDAFA63C8BD6}) (Version: 7.3.5289 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Moneyspire 2021 version 21.0.2 (HKLM-x32\...\Moneyspire 2021_is1) (Version: 21.0.2 - Moneyspire Inc.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
Mozilla Thunderbird 78.10.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.10.1 (x86 en-US)) (Version: 78.10.1 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.2.50 - NortonLifeLock Inc)
Norton Utilities Premium (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 17.0.7.7 - NortonLifeLock)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
Quicken 2003 Basic (HKLM-x32\...\InstallShield_{88D0E768-CD6A-42A9-97F9-2B12CF740019}) (Version: 12.00.0000 - Intuit)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
RootsMagic 7.6.3.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.6.3.0 - RootsMagic, Inc.)
Spotify (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\Spotify) (Version: 1.1.43.700.g20acee0f - Spotify AB)
StatTrak Address Manager (HKLM-x32\...\StatTrak Address Manager) (Version: 5.1.25 - All-Pro Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Zoom (HKU\S-1-5-21-282240636-1967671034-2412643917-1001\...\ZoomUMX) (Version: 5.2.0 (42619.0804) - Zoom Video Communications, Inc.)

Packages:
=========
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2020-08-11] (HP Inc.)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.7.194.0_x64__dt26b99r8h8gj [2020-08-11] (Realtek Semiconductor Corp)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6 [2021-02-07] (HP Inc.)
HP Impreza Pen -> C:\Program Files\WindowsApps\9FDF1AF1.HPImprezaPen_1.1.12.0_x64__g70az3e2cx9m2 [2020-08-11] (ELAN MICROELECTRONICS CORP.) [Startup Task]
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-01-27] (HP Inc.)
HP Pen Control -> C:\Program Files\WindowsApps\AD2F1837.HPPenControl_3.0.38.0_x64__v10z8vjag6ke6 [2021-04-18] (HP Inc.) [Startup Task]
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-04-18] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.290.0_x64__v10z8vjag6ke6 [2021-04-16] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-05] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-04-18] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-08-11] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10405.5646.0_x64__8wekyb3d8bbwe [2021-05-04] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-08-11] (Synaptics Incorporated)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-12-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-03-27] () [File not signed] [File is in use]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-10 11:41 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\951888f8ec328648f94e872e4166a50b\Interop.IWshRuntimeLibrary.ni.dll
2020-04-27 14:07 - 2010-03-15 19:04 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-08-10 11:41 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-08-10 11:41 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2019-08-10 11:41 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2019-08-10 11:41 - 2013-10-10 21:55 - 002040320 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2019-08-10 12:11 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2019-08-10 12:11 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2019-08-10 12:11 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-10 12:11 - 2012-07-05 07:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-03-29 13:41 - 2021-03-29 13:41 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\0f1eaacb1233127eedde1676050c2306\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-20 21:38 - 2020-06-20 21:38 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-02-06 09:39 - 2021-02-06 09:39 - 023903744 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\HpSystemManagement.dll
2021-02-06 09:39 - 2021-02-06 09:39 - 000013312 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2021-02-06 09:39 - 2021-02-06 09:39 - 000014848 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6\Win32Process\NativeRpcClient.DLL
2019-03-27 18:29 - 2019-03-27 18:29 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 001591808 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9f1fb811cecca00c1c0093fcdbfb55df\NAudio.ni.dll
2020-08-08 11:49 - 2020-08-08 11:49 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2021-03-29 13:42 - 2021-03-29 13:42 - 003127808 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\af5a3640200201f73429f4848045535d\Newtonsoft.Json.ni.dll
2021-03-29 13:41 - 2021-03-29 13:41 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\99ce6136aae3bc57a1c49add2632a650\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BFF249C9-3DBF-45D9-9369-5799E10BD69C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-282240636-1967671034-2412643917-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-11-16 08:13 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-04-19 20:58 - 2020-04-19 20:58 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-282240636-1967671034-2412643917-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Quicken Scheduled Updates.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Billminder.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A4A9A9C5-75E1-4CCA-9A2F-91EDABD10290}] => (Allow) C:\Users\Nicki\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4DAC619A-150F-4B5D-9453-14FDCA0D4C55}] => (Allow) LPort=54925
FirewallRules: [{7FC277EC-5C78-4006-9FBE-B7CFB0B3F4D4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{80E3512A-0341-4522-BFFA-C43A376B97F6}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{DE6EBEB0-BDB9-44CD-8FDC-55A9248CBC7B}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{CBDA1D72-C17C-40AC-8A2B-22B848875F01}] => (Allow) LPort=54925
FirewallRules: [{93951AD3-20F2-488B-BF97-360CE5ED0E36}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{4F27A9AC-2764-499E-A41B-B60075B80F64}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10g\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{9B3D13B0-803E-441B-874A-5D2FF738A1C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2088A705-1768-4313-8E53-248857705F56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BAEF3B6-5695-4CC7-876B-E973F769ADC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0F2E4598-77EE-4308-ADE5-DFAA1E505844}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{875D6C6F-E41E-46B6-A227-6DF97F3F9257}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2026F4A9-622B-47BA-8C5B-C173995E66EE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{EAF4762A-FE55-4C58-9C82-A36CD8020CC7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{33F2DEB0-8A16-44F9-B118-ACFB58893F45}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{7B505800-E917-4363-BA9C-084DAA8DC9B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32F2A922-7239-418F-BB52-6632F0914D30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{521D86EF-7827-4021-83D4-446FA4FDEA56}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{85C1DC87-6466-489B-A0DF-624CF4D6A289}C:\users\nicki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D8B60715-7A9C-47CD-A870-A3F3D0AAFB3D}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A38D830C-BD0C-4E4D-8206-65629A40831C}] => (Block) C:\users\nicki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52AB126D-D1E5-4A8C-BB2A-91438E6755A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2A38D97-C22D-44F1-978F-E13DA80D8C17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-05-2021 11:58:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2021 06:32:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (05/05/2021 06:32:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226

Error: (05/05/2021 06:32:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.226:5353 16 Henry.local. AAAA 2601:019B:C701:5CB0:0000:0000:0000:BB0A

Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Henry.local already in use; will try Henry-2.local instead

Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Henry.local. Addr 192.168.0.226

Error: (05/04/2021 07:58:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.226:5353 16 Henry.local. AAAA 2601:019B:C701:5CB0:0000:0000:0000:BB0A

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000388,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000002E36FEE80.72). hr = 0x80070005, Access is denied.
.

Error: (05/04/2021 07:55:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e0,(null),0,REG_BINARY,0000002C9F6FD980.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5af862e4-ed58-42da-8bae-739ff3cd1a8b}


System errors:
=============
Error: (05/04/2021 07:57:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro38CrusaderBoot service terminated with the following service-specific error:
The operation completed successfully.

Error: (05/04/2021 07:56:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:56:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:56:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.

Error: (05/04/2021 07:56:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (05/04/2021 07:55:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
Access is denied.

Error: (05/04/2021 07:50:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Macrium Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/04/2021 07:50:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===============
Date: 2021-05-05 06:33:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.2.50\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.22 11/26/2019
Motherboard: HP 850C
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 12077.74 MB
Available physical RAM: 7007.96 MB
Total Virtual: 30509.74 MB
Available Virtual: 25410.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:777.11 GB) NTFS
Drive e: (HP CARD #1) (Removable) (Total:29.71 GB) (Free:29.66 GB) FAT32

\\?\Volume{337db906-d729-4b83-80fb-728166689139}\ () (Fixed) (Total:0.94 GB) (Free:0.08 GB) NTFS
\\?\Volume{c306a302-556e-4247-b7e7-ffc97f7d7d5e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 30
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Nicki (05-05-2021 13:28:51) Run:3
Running from C:\Users\Nicki\Desktop
Loaded Profiles: Nicki
Boot Mode: Normal
==============================================

fixlist content:
*****************
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

*****************

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully

==== End of Fixlog 13:28:51 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Online
Windows Defender
Norton Security Online
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Thunderbird (78.10.1)
Google Chrome (90.0.4430.93)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
WindowsApps AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6 Win32Process HPCC.Bg.BackgroundApp.exe
WindowsApps AD2F1837.HPThermalControl_1.8.14.0_x64__v10z8vjag6ke6 HpSystemManagement.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 23-12-2020
Ran by Nicki (administrator) on 05-05-2021 at 16:14:47
Running from "C:\Users\Nicki\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
Ran into some difficulties with DelFIx and Norton. Disabled Norton and re-ran. I believe it did it "thing" but the desktop icons from all the tools used to clean the computer were still present. I manually deleted them.
 
I failed to comvey how the computer is running... MUCH better!! Quiet fan and much more responsive
 
Back