Solved Ransom ware?

[theRadiantChild]

Parents called and said they think they have ransomware. They called the number and the attacker remoted in. Of course I face palmed when they told me this. They were saying it was locked and to call Microsoft. Any suggestions?

 

[Broni]

I need much more details.
Is the computer really locked?
Any change after restart?
What is the exact message? Anything about encrypted files? Anything about ransom?
Some screenshot would help.

 

[theRadiantChild]

I need much more details.
Is the computer really locked?
Any change after restart?
What is the exact message? Anything about encrypted files? Anything about ransom?
Some screenshot would help.

They are bringing the laptop over to me now and I will update

 

[Broni]

OK

 

[theRadiantChild]

OK

I've got it. It booted into windows, but it froze after a few minutes.

 

[theRadiantChild]

I just pulled the wifi card. System is running very slow.

 

[theRadiantChild]

OK

Seems to be running ok without internet connection

 

[theRadiantChild]

OK

Running farbar

 

[theRadiantChild]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by ann (administrator) on HOEHNPC (ASUSTeK COMPUTER INC. X75A) (13-06-2021 18:56:39)
Running from F:\
Loaded Profiles: ann
Platform: Windows 10 Home Version 2004 19041.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK) [File not signed] C:\Windows\SysWOW64\ACEngSvr.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ann\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-09-11] () [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-16] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {1AE7F80C-B17E-4962-BF96-066F53164038} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [12288 2015-02-12] () [File not signed]
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {2A0CBF1A-6EDE-46C3-A570-C86857677454} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {2AA6D078-6EFA-48D0-A4AB-E1D80A2B1AAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2C124022-D981-47E0-90AD-3372185D7127} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [549032 2020-06-25] (Bitdefender SRL -> Bitdefender)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39A66C74-4246-431D-B99F-5571A5F854F4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3AFE8A0D-5BF7-45BA-A60B-DB123105BB36} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3EA57F7A-8F24-44C3-A8E8-2E6878F133FB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {446AD16C-A64E-4975-ACB6-578F35CC093B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {48598F9B-A7FE-44F0-BB1A-36F53E7CDA2E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [1018240 2012-08-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {5A431DF8-0F54-475A-9166-FB2BBCBF8F26} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {606BABB8-7D10-45DF-90B4-C26B72E890F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8976AFB3-6C89-4C49-B6E0-B5274EE897E9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B3017C3F-EE43-4A38-A400-B849296EE19E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032 2012-09-18] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {B5988110-2F64-4DB2-844D-D76F5C33A7EB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-16] (Garmin International, Inc. -> )
Task: {C16DC51C-8DA0-4D65-9085-1B87EB448DBE} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [160448 2012-11-07] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CC08F0F9-09F2-4FEA-8BBC-25099B863574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {FCDC5BFE-64F5-47C8-9FA8-1DE42F129D1A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FE0A182D-7CCD-4DBF-898E-0B9EAF47483D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {FEC87A42-553B-49A5-8840-CCD4BFFEC627} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-03-09] (ASUSTeK Computer Inc. -> AsusTek)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{861516bf-ecc7-473a-8e27-c4701662b9be}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ann\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-13]

FireFox:
========
FF DefaultProfile: eya7rmab.default
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\s0gpcoti.default-release [2019-09-20]
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default [2019-08-30]
FF Homepage: Mozilla\Firefox\Profiles\eya7rmab.default -> moz-extension://f53d27fb-43c8-4ce3-bad0-2ba0f8c1f23a/newtab/newtab.html
FF Notifications: Mozilla\Firefox\Profiles\eya7rmab.default -> hxxps://search.hfastpackagetracker.co; hxxps://www.weatherforecasttracker1.com
FF HomepageOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: @searchencrypt
FF Extension: (Web of Trust) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-06-04]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-04-30] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-06-25] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-05-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-09-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-09-20] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://piratesvoyage.com; hxxps://www.accuweather.com; hxxps://www.facebook.com; hxxps://www.indystar.com; hxxps://www.newsbreak.com; hxxps://www.pinterest.com
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-us/news/us"
CHR Extension: (Slides) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2020-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-18]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2020-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-27]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

 

[theRadiantChild]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by ann (13-06-2021 18:49:45)
Running from F:\
Windows 10 Home Version 2004 19041.1052 (X64) (2020-11-18 19:22:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3275924145-2641615387-672222228-500 - Administrator - Disabled)
ann (S-1-5-21-3275924145-2641615387-672222228-1001 - Administrator - Enabled) => C:\Users\ann
DefaultAccount (S-1-5-21-3275924145-2641615387-672222228-503 - Limited - Disabled)
Guest (S-1-5-21-3275924145-2641615387-672222228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3275924145-2641615387-672222228-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3275924145-2641615387-672222228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 24.0.6.31 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{1DEEE496-814A-4747-AF7F-493821C79297}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{2E960C0A-DC54-48F0-A2A8-15CFBE15D980}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{4e81ac57-fa02-490f-aa91-18b44ebae651}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.101 - Google LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{00ECC1A0-72EC-4E21-A03E-A9242A92CE1F}) (Version: 12.9.6.3 - Apple Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
RogueKiller version 13.0.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.16.0 - Adlice Software)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
UltraViewer version 6.3.12 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.3.12 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (HKLM-x32\...\{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (HKLM-x32\...\{017E337D-D709-437C-83DB-71F82AA78BF6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-01-13] (Microsoft Studios)
ASUS Tutor -> C:\Program Files\WindowsApps\B9ECED6F.ASUSTutor_1.0.0.2_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-09-25] (ASUSTeK COMPUTER INC.)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-07] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-26] (Microsoft Studios) [MS Ad]
The World Clock -> C:\Program Files\WindowsApps\B9ECED6F.TheWorldClock_1.0.0.6_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3275924145-2641615387-672222228-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ann\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000009216 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-05-01 18:48 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-05-01 18:48 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2015-05-01 18:48 - 2017-11-07 19:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-05-01 18:48 - 2017-11-07 20:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-30 18:31 - 2017-11-07 19:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2015-05-01 18:48 - 2005-04-22 00:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000055296 _____ (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000032768 _____ (ASUSTek) [File not signed] C:\Program Files (x86)\ASUS\Splendid\OVS.dll
2015-05-01 18:48 - 2013-03-08 02:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-03-16 16:56 - 2021-03-16 16:56 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2013-03-06 10:34 - 2013-03-06 10:34 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD10\MSVCR71.dll
2021-03-16 16:54 - 2021-03-16 16:54 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 001595392 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Alb_ASUSLib.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-3275924145-2641615387-672222228-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-08-14] (Skype Technologies SA -> Skype Technologies)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2021-06-13 18:21 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{315FFBE2-E43B-49F6-AAE7-A54CB13F0909}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [TCP Query User{A51C391A-3805-4B4C-8D7D-77E0553E94F1}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{520F1C86-7FDD-4E74-BA4F-08660BCE6C80}] => (Allow) LPort=54925
FirewallRules: [{482D649C-5E20-4079-8A63-5DC3047F0DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1F2C1C28-978F-423A-A74D-1026BABEB33D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{7300FDB2-10F1-40E2-B74A-CB55278F114F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{E3DF01D3-1AF7-42DF-A2A4-E808673B6600}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8740C6E0-7D15-4843-96D8-C09265E08285}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8B5880C-4490-4D5E-9A77-75696C4877C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{051DD04A-6FB5-45F7-ACAB-19901CFE66DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{431B35E4-BA44-488F-911C-249FE529B614}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D49398D6-CAD6-4E20-B141-505999B36F4B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{1166DFB0-AB58-4FA1-BC71-FBCAAC767C15}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9C3EA2C3-CED5-4A17-AF58-07E8E27AC495}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{04D285CF-2E20-419A-B0E5-F6F2C5AC7B5A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7F3EE4D0-C8C2-46F5-993D-D585EBB7F7F3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{D4723671-300E-4877-839A-C2487C0345BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{41C7794B-A5D0-43A7-A10F-51E4B069E8D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0DA6071-907D-4E45-AB37-4D4CFD41B4D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6C18B51-14A6-4D72-AC2A-5D52CC0C1CDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{786D88A2-FD58-461C-85CC-70C9CBB013BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82E1AD2D-C9B6-4B6F-85A4-255F44593F76}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DFBAADE7-10AF-4B34-AFC9-DDC9E5F5C770}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3AB122F-0376-45C5-96C8-F9DB09C0AC51}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D40F400B-F6EB-4F48-B475-171E101E13A9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{FA86187E-8A10-41B8-B4FD-044FF2EA277F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{342F3AD3-AE4F-4FBB-A75A-9B58B760F1CE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{519DD238-1520-4373-B2B6-65AB4B839EC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC5D23E1-B1DE-40DA-81BA-E14B6A02C66B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A490513-88E4-4228-B359-AC2AA9801C54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-05-2021 19:12:58 Windows Modules Installer
28-05-2021 11:46:25 Scheduled Checkpoint
09-06-2021 20:49:24 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HoehnPC.local already in use; will try HoehnPC-2.local instead

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 HoehnPC.local. Addr 192.168.1.65

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 16 HoehnPC.local. AAAA 2600:1702:3A90:3440:29C9:F710:F356:5085

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 HoehnPC.local. AAAA FE80:0000:0000:0000:29C9:F710:F356:5085

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 16 HoehnPC.local. AAAA 2600:1702:3A90:3440:29C9:F710:F356:5085


System errors:
=============
Error: (06/13/2021 06:25:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/13/2021 06:20:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:14:50 PM on ‎6/‎13/‎2021 was unexpected.

Error: (06/13/2021 06:08:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/13/2021 06:04:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.

Error: (06/13/2021 06:04:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:10:11 PM on ‎6/‎13/‎2021 was unexpected.

Error: (06/13/2021 03:43:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The UltraViewer Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/13/2021 03:29:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/12/2021 10:38:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


==================== Memory info ===========================

BIOS: American Megatrends Inc. X75A.415 05/22/2013
Motherboard: ASUSTeK COMPUTER INC. X75A
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 8077.67 MB
Available physical RAM: 4822.86 MB
Total Virtual: 9357.67 MB
Available Virtual: 6212.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:216.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:397.61 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
Drive f: () (Removable) (Total:30.23 GB) (Free:30.2 GB) FAT32

\\?\Volume{5975917d-3891-4e85-83f2-fc6400bc7ed7}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.44 GB) NTFS
\\?\Volume{70669f11-e8b3-45d8-b0eb-b3aca4e710da}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{3e8fc2a2-1158-442d-bc49-1ef339f1f09c}\ (Restore) (Fixed) (Total:20.01 GB) (Free:8.42 GB) NTFS
\\?\Volume{2825be3c-a830-413a-b913-334f17389c83}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04A53D1B)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 30.3 GB) (Disk ID: 4073625C)
Partition 1: (Not Active) - (Size=30.2 GB) - (Type=0C)

==================== End of Addition.txt =======================

 

[Broni]

It doesn't look like any ransomware. It looks like it was simple scareware popup (to call Microsoft). Those should be just ignored.

In any case, the first log is incomplete. Please redo.

 

[theRadiantChild]

Rescanning because it did not complete a full log

 

[theRadiantChild]

FYI My step dad said they did remote into his system

 

[theRadiantChild]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2021
Ran by ann (administrator) on HOEHNPC (ASUSTeK COMPUTER INC. X75A) (14-06-2021 06:17:34)
Running from C:\Users\ann\Desktop
Loaded Profiles: ann
Platform: Windows 10 Home Version 2004 19041.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK) [File not signed] C:\Windows\SysWOW64\ACEngSvr.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
(Garmin International, Inc. -> ) C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ann\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ann\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-09-11] () [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-16] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {1AE7F80C-B17E-4962-BF96-066F53164038} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [12288 2015-02-12] () [File not signed]
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {2A0CBF1A-6EDE-46C3-A570-C86857677454} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {2AA6D078-6EFA-48D0-A4AB-E1D80A2B1AAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2C124022-D981-47E0-90AD-3372185D7127} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [549032 2020-06-25] (Bitdefender SRL -> Bitdefender)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39A66C74-4246-431D-B99F-5571A5F854F4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3AFE8A0D-5BF7-45BA-A60B-DB123105BB36} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3EA57F7A-8F24-44C3-A8E8-2E6878F133FB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2998552 2015-03-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {446AD16C-A64E-4975-ACB6-578F35CC093B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {48598F9B-A7FE-44F0-BB1A-36F53E7CDA2E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [1018240 2012-08-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {5A431DF8-0F54-475A-9166-FB2BBCBF8F26} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {606BABB8-7D10-45DF-90B4-C26B72E890F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8976AFB3-6C89-4C49-B6E0-B5274EE897E9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B3017C3F-EE43-4A38-A400-B849296EE19E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032 2012-09-18] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {B5988110-2F64-4DB2-844D-D76F5C33A7EB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-16] (Garmin International, Inc. -> )
Task: {C16DC51C-8DA0-4D65-9085-1B87EB448DBE} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [160448 2012-11-07] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CC08F0F9-09F2-4FEA-8BBC-25099B863574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {FCDC5BFE-64F5-47C8-9FA8-1DE42F129D1A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FE0A182D-7CCD-4DBF-898E-0B9EAF47483D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {FEC87A42-553B-49A5-8840-CCD4BFFEC627} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-03-09] (ASUSTeK Computer Inc. -> AsusTek)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{861516bf-ecc7-473a-8e27-c4701662b9be}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ann\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-13]

FireFox:
========
FF DefaultProfile: eya7rmab.default
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\s0gpcoti.default-release [2019-09-20]
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default [2019-08-30]
FF Homepage: Mozilla\Firefox\Profiles\eya7rmab.default -> moz-extension://f53d27fb-43c8-4ce3-bad0-2ba0f8c1f23a/newtab/newtab.html
FF Notifications: Mozilla\Firefox\Profiles\eya7rmab.default -> hxxps://search.hfastpackagetracker.co; hxxps://www.weatherforecasttracker1.com
FF HomepageOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: @searchencrypt
FF Extension: (Web of Trust) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-06-04]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-04-30] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-06-25] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-05-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-09-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-09-20] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://piratesvoyage.com; hxxps://www.accuweather.com; hxxps://www.facebook.com; hxxps://www.indystar.com; hxxps://www.newsbreak.com; hxxps://www.pinterest.com
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-us/news/us"
CHR Extension: (Slides) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2020-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-18]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2020-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-27]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUSTeK Computer Inc. -> ASUS)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
R2 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [220000 2021-03-20] (DUC FABULOUS CO.,LTD -> )
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170328 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] (ASUSTeK Computer Inc. -> )
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2106424 2020-06-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [757240 2020-06-25] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-02-20] (Bitdefender SRL -> © Bitdefender SRL)
S3 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [453344 2020-06-25] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [196392 2019-07-04] (Bitdefender SRL -> Bitdefender)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] (ASUSTeK Computer Inc. -> )
S3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [18944 2011-04-09] (Hardware Group Test Cert -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [638368 2020-04-30] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-14 06:17 - 2021-06-14 06:23 - 000025371 _____ C:\Users\ann\Desktop\FRST.txt
2021-06-14 06:17 - 2021-06-14 06:17 - 000000000 ____D C:\Users\ann\Desktop\FRST-OlderVersion
2021-06-14 06:16 - 2021-06-14 06:17 - 002300416 _____ (Farbar) C:\Users\ann\Desktop\FRST64.exe
2021-06-13 18:41 - 2021-06-14 06:21 - 000000000 ____D C:\FRST
2021-06-13 16:17 - 2021-06-14 06:12 - 000000000 _____ C:\WINDOWS\UV_LastPW.ini
2021-06-13 15:56 - 2021-06-13 19:08 - 000000000 ____D C:\Users\ann\AppData\Local\D3DSCache
2021-06-13 15:43 - 2021-06-13 15:53 - 000000000 ____D C:\Users\ann\AppData\Roaming\UltraViewer
2021-06-13 15:43 - 2021-06-13 15:43 - 000001154 _____ C:\Users\Public\Desktop\UltraViewer.lnk
2021-06-13 15:43 - 2021-06-13 15:43 - 000001154 _____ C:\ProgramData\Desktop\UltraViewer.lnk
2021-06-13 15:43 - 2021-06-13 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraViewer
2021-06-13 15:41 - 2021-06-13 15:43 - 000000000 ____D C:\Program Files (x86)\UltraViewer
2021-06-09 21:47 - 2021-06-09 21:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 21:47 - 2021-06-09 21:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 21:47 - 2021-06-09 21:47 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 21:47 - 2021-06-09 21:47 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 21:47 - 2021-06-09 21:47 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 21:47 - 2021-06-09 21:47 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 21:46 - 2021-06-09 21:46 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 21:46 - 2021-06-09 21:46 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 21:46 - 2021-06-09 21:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 21:46 - 2021-06-09 21:46 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 21:45 - 2021-06-09 21:45 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 21:45 - 2021-06-09 21:45 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 21:44 - 2021-06-09 21:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 21:44 - 2021-06-09 21:44 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 21:44 - 2021-06-09 21:44 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 21:44 - 2021-06-09 21:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-09 21:44 - 2021-06-09 21:44 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 21:43 - 2021-06-09 21:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-07 13:11 - 2021-06-13 18:11 - 000003544 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update1
2021-06-06 11:56 - 2021-06-06 11:56 - 000002681 _____ C:\Users\ann\Desktop\YouTube.lnk
2021-06-06 11:56 - 2021-06-06 11:56 - 000000000 ____D C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-14 06:20 - 2020-11-18 15:20 - 000004146 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C81A4A75-43AF-428B-906C-CF04CE0E9C79}
2021-06-14 06:19 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-14 06:16 - 2017-04-14 21:32 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2021-06-14 06:15 - 2018-12-19 22:19 - 000000500 _____ C:\Users\ann\AppData\Roaming\sp_data.sys
2021-06-14 06:15 - 2015-09-25 23:33 - 000000000 __SHD C:\Users\ann\IntelGraphicsProfiles
2021-06-14 06:11 - 2020-11-18 15:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-14 06:11 - 2020-11-18 14:38 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-14 06:11 - 2020-11-18 14:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-13 18:12 - 2020-11-18 15:02 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-13 18:12 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-13 18:11 - 2020-11-18 15:20 - 000003534 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update2
2021-06-13 18:05 - 2020-11-17 22:02 - 000000000 ____D C:\Users\ann
2021-06-13 15:41 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-13 15:41 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-13 15:40 - 2020-06-15 11:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-13 15:40 - 2020-06-15 11:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-13 15:40 - 2020-06-15 11:59 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-10 18:36 - 2019-08-30 17:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-10 18:36 - 2019-08-30 17:10 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-10 18:36 - 2019-08-30 17:10 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-09 22:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-09 22:38 - 2019-12-07 05:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-06-09 22:37 - 2020-11-18 14:38 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 22:35 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 22:00 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 21:37 - 2020-11-18 15:20 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3275924145-2641615387-672222228-1001
2021-06-09 21:37 - 2020-11-17 22:02 - 000002414 _____ C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-09 21:37 - 2015-09-25 23:37 - 000000000 ___RD C:\Users\ann\OneDrive
2021-06-09 21:01 - 2020-11-15 15:57 - 000000000 ___HD C:\$WinREAgent
2021-06-09 20:49 - 2013-10-17 17:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 20:43 - 2013-10-17 17:11 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-03 21:31 - 2020-10-01 14:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-25 07:48 - 2020-10-01 14:20 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2020-10-01 14:20 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-16 12:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-16 12:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-16 12:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-16 12:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-16 12:29 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-16 12:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack

==================== Files in the root of some directories ========

2018-12-19 22:19 - 2021-06-14 06:15 - 000000500 _____ () C:\Users\ann\AppData\Roaming\sp_data.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[theRadiantChild]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2021
Ran by ann (14-06-2021 06:29:36)
Running from C:\Users\ann\Desktop
Windows 10 Home Version 2004 19041.1052 (X64) (2020-11-18 19:22:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3275924145-2641615387-672222228-500 - Administrator - Disabled)
ann (S-1-5-21-3275924145-2641615387-672222228-1001 - Administrator - Enabled) => C:\Users\ann
DefaultAccount (S-1-5-21-3275924145-2641615387-672222228-503 - Limited - Disabled)
Guest (S-1-5-21-3275924145-2641615387-672222228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3275924145-2641615387-672222228-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3275924145-2641615387-672222228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 24.0.6.31 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{1DEEE496-814A-4747-AF7F-493821C79297}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{2E960C0A-DC54-48F0-A2A8-15CFBE15D980}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{4e81ac57-fa02-490f-aa91-18b44ebae651}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.101 - Google LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{00ECC1A0-72EC-4E21-A03E-A9242A92CE1F}) (Version: 12.9.6.3 - Apple Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
RogueKiller version 13.0.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.16.0 - Adlice Software)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
UltraViewer version 6.3.12 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.3.12 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (HKLM-x32\...\{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (HKLM-x32\...\{017E337D-D709-437C-83DB-71F82AA78BF6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-01-13] (Microsoft Studios)
ASUS Tutor -> C:\Program Files\WindowsApps\B9ECED6F.ASUSTutor_1.0.0.2_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-09-25] (ASUSTeK COMPUTER INC.)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-07] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-26] (Microsoft Studios) [MS Ad]
The World Clock -> C:\Program Files\WindowsApps\B9ECED6F.TheWorldClock_1.0.0.6_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3275924145-2641615387-672222228-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ann\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000009216 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-05-01 18:48 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-05-01 18:48 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2015-05-01 18:48 - 2017-11-07 19:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-05-01 18:48 - 2017-11-07 20:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-30 18:31 - 2017-11-07 19:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2015-05-01 18:48 - 2005-04-22 00:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000055296 _____ (ASUSTeK) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Chameleon.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 000032768 _____ (ASUSTek) [File not signed] C:\Program Files (x86)\ASUS\Splendid\OVS.dll
2015-05-01 18:48 - 2013-03-08 02:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-03-16 16:56 - 2021-03-16 16:56 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2013-03-06 10:34 - 2013-03-06 10:34 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD10\MSVCR71.dll
2021-03-16 16:54 - 2021-03-16 16:54 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2012-09-11 18:01 - 2012-09-11 18:01 - 001595392 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\Splendid\Alb_ASUSLib.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-3275924145-2641615387-672222228-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-08-14] (Skype Technologies SA -> Skype Technologies)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2021-06-14 06:12 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{315FFBE2-E43B-49F6-AAE7-A54CB13F0909}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [TCP Query User{A51C391A-3805-4B4C-8D7D-77E0553E94F1}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{520F1C86-7FDD-4E74-BA4F-08660BCE6C80}] => (Allow) LPort=54925
FirewallRules: [{482D649C-5E20-4079-8A63-5DC3047F0DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1F2C1C28-978F-423A-A74D-1026BABEB33D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{7300FDB2-10F1-40E2-B74A-CB55278F114F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{E3DF01D3-1AF7-42DF-A2A4-E808673B6600}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8740C6E0-7D15-4843-96D8-C09265E08285}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8B5880C-4490-4D5E-9A77-75696C4877C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{051DD04A-6FB5-45F7-ACAB-19901CFE66DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{431B35E4-BA44-488F-911C-249FE529B614}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D49398D6-CAD6-4E20-B141-505999B36F4B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{1166DFB0-AB58-4FA1-BC71-FBCAAC767C15}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9C3EA2C3-CED5-4A17-AF58-07E8E27AC495}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{04D285CF-2E20-419A-B0E5-F6F2C5AC7B5A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7F3EE4D0-C8C2-46F5-993D-D585EBB7F7F3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{D4723671-300E-4877-839A-C2487C0345BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{41C7794B-A5D0-43A7-A10F-51E4B069E8D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0DA6071-907D-4E45-AB37-4D4CFD41B4D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6C18B51-14A6-4D72-AC2A-5D52CC0C1CDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{786D88A2-FD58-461C-85CC-70C9CBB013BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82E1AD2D-C9B6-4B6F-85A4-255F44593F76}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DFBAADE7-10AF-4B34-AFC9-DDC9E5F5C770}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3AB122F-0376-45C5-96C8-F9DB09C0AC51}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D40F400B-F6EB-4F48-B475-171E101E13A9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{FA86187E-8A10-41B8-B4FD-044FF2EA277F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{342F3AD3-AE4F-4FBB-A75A-9B58B760F1CE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{519DD238-1520-4373-B2B6-65AB4B839EC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC5D23E1-B1DE-40DA-81BA-E14B6A02C66B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A490513-88E4-4228-B359-AC2AA9801C54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-05-2021 19:12:58 Windows Modules Installer
28-05-2021 11:46:25 Scheduled Checkpoint
09-06-2021 20:49:24 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HoehnPC.local already in use; will try HoehnPC-2.local instead

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 HoehnPC.local. Addr 192.168.1.65

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 16 HoehnPC.local. AAAA 2600:1702:3A90:3440:29C9:F710:F356:5085

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 HoehnPC.local. AAAA FE80:0000:0000:0000:29C9:F710:F356:5085

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 16 HoehnPC.local. AAAA 2600:1702:3A90:3440:29C9:F710:F356:5085


System errors:
=============
Error: (06/14/2021 06:16:29 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/14/2021 06:12:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.

Error: (06/14/2021 06:11:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:00:52 PM on ‎6/‎13/‎2021 was unexpected.

Error: (06/13/2021 06:25:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/13/2021 06:20:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:14:50 PM on ‎6/‎13/‎2021 was unexpected.

Error: (06/13/2021 06:08:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/13/2021 06:04:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.

Error: (06/13/2021 06:04:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:10:11 PM on ‎6/‎13/‎2021 was unexpected.


==================== Memory info ===========================

BIOS: American Megatrends Inc. X75A.415 05/22/2013
Motherboard: ASUSTeK COMPUTER INC. X75A
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 8077.67 MB
Available physical RAM: 4806.7 MB
Total Virtual: 9357.67 MB
Available Virtual: 6136.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:216.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:397.61 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
Drive f: () (Removable) (Total:30.23 GB) (Free:30.2 GB) FAT32

\\?\Volume{5975917d-3891-4e85-83f2-fc6400bc7ed7}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.44 GB) NTFS
\\?\Volume{70669f11-e8b3-45d8-b0eb-b3aca4e710da}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{3e8fc2a2-1158-442d-bc49-1ef339f1f09c}\ (Restore) (Fixed) (Total:20.01 GB) (Free:8.42 GB) NTFS
\\?\Volume{2825be3c-a830-413a-b913-334f17389c83}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04A53D1B)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 30.3 GB) (Disk ID: 4073625C)
Partition 1: (Not Active) - (Size=30.2 GB) - (Type=0C)

==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[theRadiantChild]

RogueKiller Anti-Malware V15.0.2.0 (x64) [Jun 14 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64 bits
Started in : Normal mode
User : ann [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210611_060824, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/06/14 20:38:37 (Duration : 00:44:44)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

[theRadiantChild]

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-15-2021
# Duration: 00:00:19
# OS: Windows 10 Home
# Cleaned: 42
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted Search
Deleted Search

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.ASUSInstantOn Folder C:\Program Files (x86)\ASUS\ASUS INSTANTON
Deleted Preinstalled.ASUSInstantOn Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{749F674B-2674-47E8-879C-5626A06B2A91}
Deleted Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C13C3F89-2B7A-46A6-942A-2B064BEFD579}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE7F80C-B17E-4962-BF96-066F53164038}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13C3F89-2B7A-46A6-942A-2B064BEFD579}
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Deleted Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\ASUS LIVE UPDATE1
Deleted Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
Deleted Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Deleted Preinstalled.ASUSProductRegistration Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ASUSPRP
Deleted Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ASUSPRP
Deleted Preinstalled.ASUSSmartGesture Folder C:\Program Files (x86)\ASUS\ASUS SMART GESTURE
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEC87A42-553B-49A5-8840-CCD4BFFEC627}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Smart Gesture Launcher
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Classes\CLSID\{F31B5912-07D6-4895-B4BA-5486CF3B18B1}
Deleted Preinstalled.ASUSSmartGesture Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
Deleted Preinstalled.ASUSSmartGesture Task C:\Windows\System32\Tasks\ASUS SMART GESTURE LAUNCHER
Deleted Preinstalled.ASUSSplendid Folder C:\Program Files (x86)\ASUS\SPLENDID
Deleted Preinstalled.ASUSSplendid Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}
Deleted Preinstalled.ASUSVirtualCamera Folder C:\Program Files (x86)\ASUS\VIRTUALCAMERA
Deleted Preinstalled.ASUSVirtualCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Deleted Preinstalled.ASUSWebStorage Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ASUSWebStorage
Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|RemoteControl10
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7468 octets] - [15/06/2021 04:45:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[theRadiantChild]

No log for Mbytes because it did not find anything after the scan. The computer is running very slow, but it's also a pretty old machine.

 

[Broni]

So far, I didn't see much...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

 

[theRadiantChild]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-06-2021
Ran by ann (administrator) on HOEHNPC (ASUSTeK COMPUTER INC. X75A) (18-06-2021 17:29:31)
Running from C:\Users\ann\Desktop
Loaded Profiles: ann
Platform: Windows 10 Home Version 2004 19041.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(DUC FABULOUS CO.,LTD -> ) C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
(Garmin International, Inc. -> ) C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{F1096AA2-5CA5-4D96-BB37-CFE877693A27}\91.0.4472.106_91.0.4472.101_chrome_updater.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{F1096AA2-5CA5-4D96-BB37-CFE877693A27}\CR_5DA06.tmp\setup.exe <2>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ann\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe*********************************************
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-16] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {2AA6D078-6EFA-48D0-A4AB-E1D80A2B1AAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2C124022-D981-47E0-90AD-3372185D7127} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [549032 2020-06-25] (Bitdefender SRL -> Bitdefender)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39A66C74-4246-431D-B99F-5571A5F854F4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {3AFE8A0D-5BF7-45BA-A60B-DB123105BB36} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {446AD16C-A64E-4975-ACB6-578F35CC093B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {48598F9B-A7FE-44F0-BB1A-36F53E7CDA2E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [1018240 2012-08-24] (ASUSTeK Computer Inc. -> ASUS)
Task: {5A431DF8-0F54-475A-9166-FB2BBCBF8F26} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {606BABB8-7D10-45DF-90B4-C26B72E890F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8976AFB3-6C89-4C49-B6E0-B5274EE897E9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A840C618-AD99-444F-AA72-078599E369CD} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
Task: {B3017C3F-EE43-4A38-A400-B849296EE19E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032 2012-09-18] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {B5988110-2F64-4DB2-844D-D76F5C33A7EB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-16] (Garmin International, Inc. -> )
Task: {C16DC51C-8DA0-4D65-9085-1B87EB448DBE} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [160448 2012-11-07] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CC08F0F9-09F2-4FEA-8BBC-25099B863574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {FCDC5BFE-64F5-47C8-9FA8-1DE42F129D1A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FE0A182D-7CCD-4DBF-898E-0B9EAF47483D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{861516bf-ecc7-473a-8e27-c4701662b9be}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ann\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: eya7rmab.default
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\s0gpcoti.default-release [2019-09-20]
FF ProfilePath: C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default [2019-08-30]
FF Homepage: Mozilla\Firefox\Profiles\eya7rmab.default -> moz-extension://f53d27fb-43c8-4ce3-bad0-2ba0f8c1f23a/newtab/newtab.html
FF Notifications: Mozilla\Firefox\Profiles\eya7rmab.default -> hxxps://search.hfastpackagetracker.co; hxxps://www.weatherforecasttracker1.com
FF HomepageOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\eya7rmab.default -> Enabled: @searchencrypt
FF Extension: (Web of Trust) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-06-04]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\eya7rmab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-23]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2020-04-30] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-06-25] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2020-05-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [bdtbe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-09-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-09-20] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default [2021-06-15]
CHR Notifications: Default -> hxxps://piratesvoyage.com; hxxps://www.accuweather.com; hxxps://www.facebook.com; hxxps://www.indystar.com; hxxps://www.newsbreak.com; hxxps://www.pinterest.com
CHR StartupUrls: Default -> "hxxps://www.msn.com/en-us/news/us"
CHR Extension: (Slides) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2020-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-15]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2020-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-27]
CHR Profile: C:\Users\ann\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-06-14] (Adlice -> )
R2 UltraViewService; C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe [220000 2021-03-20] (DUC FABULOUS CO.,LTD -> )
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [170328 2020-06-25] (Bitdefender SRL -> Bitdefender)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2020-06-25] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] (ASUSTeK Computer Inc. -> )
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2106424 2020-06-25] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [757240 2020-06-25] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-02-20] (Bitdefender SRL -> © Bitdefender SRL)
S3 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [453344 2020-06-25] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [196392 2019-07-04] (Bitdefender SRL -> Bitdefender)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] (ASUSTeK Computer Inc. -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-15] (Malwarebytes Inc -> Malwarebytes)
S3 NuidFltr; C:\WINDOWS\System32\drivers\NuidFltr.sys [18944 2011-04-09] (Hardware Group Test Cert -> Microsoft Corporation)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (MEDIATEK INC. -> Ralink Technology, Corp.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [638368 2020-04-30] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-15 05:17 - 2021-06-15 05:17 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-06-15 05:17 - 2021-06-15 05:17 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-06-15 05:17 - 2021-06-15 05:17 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-06-15 05:17 - 2021-06-15 05:17 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-06-15 05:12 - 2021-06-15 05:12 - 008534696 _____ (Malwarebytes) C:\Users\ann\Downloads\AdwCleaner.exe
2021-06-15 05:12 - 2021-06-15 05:12 - 002080712 _____ (Malwarebytes) C:\Users\ann\Downloads\MBSetup.exe
2021-06-15 05:10 - 2021-06-15 05:10 - 000007826 _____ C:\Users\ann\Desktop\AdwCleaner[C00].txt
2021-06-15 04:42 - 2021-06-15 05:10 - 000000000 ____D C:\AdwCleaner
2021-06-15 04:30 - 2021-06-15 04:30 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-15 04:30 - 2021-06-15 04:30 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-15 04:30 - 2021-06-15 04:30 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-15 04:29 - 2021-06-15 04:29 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-15 04:29 - 2021-06-15 04:29 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-15 04:29 - 2021-06-15 04:29 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-15 04:27 - 2021-06-15 04:27 - 000002270 _____ C:\Users\ann\Desktop\rkreport.txt
2021-06-14 20:35 - 2021-06-14 20:35 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-06-14 20:35 - 2021-06-14 20:35 - 000000901 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-06-14 20:33 - 2021-06-14 20:33 - 008534696 _____ (Malwarebytes) C:\Users\ann\Desktop\AdwCleaner.exe
2021-06-14 20:32 - 2021-06-14 20:32 - 041841192 _____ (Adlice Software ) C:\Users\ann\Downloads\RogueKiller_setup (1).exe
2021-06-14 20:31 - 2021-06-14 20:32 - 041841192 _____ (Adlice Software ) C:\Users\ann\Desktop\RogueKiller_setup.exe
2021-06-14 20:30 - 2021-06-14 20:31 - 002080712 _____ (Malwarebytes) C:\Users\ann\Desktop\MBSetup.exe
2021-06-14 06:29 - 2021-06-14 06:35 - 000032951 _____ C:\Users\ann\Desktop\Addition.txt
2021-06-14 06:17 - 2021-06-18 17:38 - 000025575 _____ C:\Users\ann\Desktop\FRST.txt
2021-06-14 06:17 - 2021-06-18 17:28 - 000000000 ____D C:\Users\ann\Desktop\FRST-OlderVersion
2021-06-14 06:16 - 2021-06-18 17:28 - 002300416 _____ (Farbar) C:\Users\ann\Desktop\FRST64.exe
2021-06-13 18:41 - 2021-06-18 17:35 - 000000000 ____D C:\FRST
2021-06-13 16:17 - 2021-06-18 17:22 - 000000000 _____ C:\WINDOWS\UV_LastPW.ini
2021-06-13 15:56 - 2021-06-13 19:08 - 000000000 ____D C:\Users\ann\AppData\Local\D3DSCache
2021-06-13 15:43 - 2021-06-13 15:53 - 000000000 ____D C:\Users\ann\AppData\Roaming\UltraViewer
2021-06-13 15:43 - 2021-06-13 15:43 - 000001154 _____ C:\Users\Public\Desktop\UltraViewer.lnk
2021-06-13 15:43 - 2021-06-13 15:43 - 000001154 _____ C:\ProgramData\Desktop\UltraViewer.lnk
2021-06-13 15:43 - 2021-06-13 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraViewer
2021-06-13 15:41 - 2021-06-13 15:43 - 000000000 ____D C:\Program Files (x86)\UltraViewer
2021-06-09 21:47 - 2021-06-09 21:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 21:47 - 2021-06-09 21:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 21:47 - 2021-06-09 21:47 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 21:47 - 2021-06-09 21:47 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 21:47 - 2021-06-09 21:47 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 21:47 - 2021-06-09 21:47 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 21:46 - 2021-06-09 21:46 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 21:46 - 2021-06-09 21:46 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 21:46 - 2021-06-09 21:46 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 21:46 - 2021-06-09 21:46 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 21:45 - 2021-06-09 21:45 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 21:45 - 2021-06-09 21:45 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 21:44 - 2021-06-09 21:44 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 21:44 - 2021-06-09 21:44 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 21:44 - 2021-06-09 21:44 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 21:44 - 2021-06-09 21:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-09 21:44 - 2021-06-09 21:44 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 21:43 - 2021-06-09 21:43 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-06 11:56 - 2021-06-06 11:56 - 000002681 _____ C:\Users\ann\Desktop\YouTube.lnk
2021-06-06 11:56 - 2021-06-06 11:56 - 000000000 ____D C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-18 17:37 - 2019-08-30 17:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 17:37 - 2019-08-30 17:10 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-18 17:37 - 2019-08-30 17:10 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-18 17:31 - 2020-11-18 15:20 - 000004146 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{C81A4A75-43AF-428B-906C-CF04CE0E9C79}
2021-06-18 17:30 - 2018-12-21 19:55 - 000000000 ____D C:\Users\ann\AppData\Local\CrashDumps
2021-06-18 17:26 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-18 17:23 - 2019-12-07 05:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-06-18 17:23 - 2015-09-25 23:33 - 000000000 __SHD C:\Users\ann\IntelGraphicsProfiles
2021-06-18 17:22 - 2020-11-17 22:02 - 000000000 ____D C:\Users\ann
2021-06-18 17:20 - 2020-11-18 15:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-18 17:20 - 2020-11-18 14:38 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-18 17:20 - 2020-11-18 14:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-15 05:13 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-15 05:10 - 2012-11-27 14:26 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-06-15 04:49 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-15 04:49 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-15 04:29 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-15 04:29 - 2014-09-09 15:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-15 04:28 - 2017-12-25 16:32 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-14 21:10 - 2018-12-17 02:39 - 000000000 ____D C:\ProgramData\RogueKiller
2021-06-14 20:37 - 2020-11-18 15:20 - 000003534 _____ C:\WINDOWS\system32\Tasks\ASUS Live Update2
2021-06-14 20:35 - 2018-12-17 02:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-06-14 20:35 - 2018-12-17 02:39 - 000000000 ____D C:\Program Files\RogueKiller
2021-06-14 20:29 - 2017-04-14 21:32 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2021-06-14 20:28 - 2018-12-19 22:19 - 000000500 _____ C:\Users\ann\AppData\Roaming\sp_data.sys
2021-06-13 18:12 - 2020-11-18 15:02 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-13 18:12 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-13 15:40 - 2020-06-15 11:59 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-13 15:40 - 2020-06-15 11:59 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-13 15:40 - 2020-06-15 11:59 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-09 22:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-09 22:37 - 2020-11-18 14:38 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 22:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 22:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 22:00 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 21:37 - 2020-11-18 15:20 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3275924145-2641615387-672222228-1001
2021-06-09 21:37 - 2020-11-17 22:02 - 000002414 _____ C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-09 21:37 - 2015-09-25 23:37 - 000000000 ___RD C:\Users\ann\OneDrive
2021-06-09 21:01 - 2020-11-15 15:57 - 000000000 ___HD C:\$WinREAgent
2021-06-09 20:49 - 2013-10-17 17:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 20:43 - 2013-10-17 17:11 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-03 21:31 - 2020-10-01 14:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-25 07:48 - 2020-10-01 14:20 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2020-10-01 14:20 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

==================== Files in the root of some directories ========

2018-12-19 22:19 - 2021-06-14 20:28 - 000000500 _____ () C:\Users\ann\AppData\Roaming\sp_data.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[theRadiantChild]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021
Ran by ann (18-06-2021 17:44:30)
Running from C:\Users\ann\Desktop
Windows 10 Home Version 2004 19041.1052 (X64) (2020-11-18 19:22:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3275924145-2641615387-672222228-500 - Administrator - Disabled)
ann (S-1-5-21-3275924145-2641615387-672222228-1001 - Administrator - Enabled) => C:\Users\ann
DefaultAccount (S-1-5-21-3275924145-2641615387-672222228-503 - Limited - Disabled)
Guest (S-1-5-21-3275924145-2641615387-672222228-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3275924145-2641615387-672222228-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3275924145-2641615387-672222228-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.143 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 24.0.6.31 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{1DEEE496-814A-4747-AF7F-493821C79297}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{2E960C0A-DC54-48F0-A2A8-15CFBE15D980}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{4e81ac57-fa02-490f-aa91-18b44ebae651}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.106 - Google LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{00ECC1A0-72EC-4E21-A03E-A9242A92CE1F}) (Version: 12.9.6.3 - Apple Inc.)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3275924145-2641615387-672222228-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{022C7C52-B294-4346-88BC-C7C2FF7FF1B7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Ralink Bluetooth Stack64 (HKLM\...\{ED818A3C-3DF5-CDCF-3DB2-A646D7B31A16}) (Version: 9.0.717.0 - Ralink Corporation)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
RogueKiller version 15.0.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.2.0 - Adlice Software)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
UltraViewer version 6.3.12 (HKLM-x32\...\{E0FABD74-083B-47F4-AC5B-CA4237BF8913}_is1) (Version: 6.3.12 - DucFabulous)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (HKLM-x32\...\{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (HKLM-x32\...\{017E337D-D709-437C-83DB-71F82AA78BF6}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_2.5.2.34894_x86__8wekyb3d8bbwe [2014-01-13] (Microsoft Studios)
ASUS Tutor -> C:\Program Files\WindowsApps\B9ECED6F.ASUSTutor_1.0.0.2_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-09-25] (ASUSTeK COMPUTER INC.)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2040.2.0_x86__kgqvnymyfvs32 [2021-06-15] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-07] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-26] (Microsoft Studios) [MS Ad]
The World Clock -> C:\Program Files\WindowsApps\B9ECED6F.TheWorldClock_1.0.0.6_neutral__qmba6cd70vzyy [2013-10-15] (ASUSTeK COMPUTER INC.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-15] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3275924145-2641615387-672222228-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-15] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ann\Desktop\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2015-05-01 18:48 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-05-01 18:48 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2015-05-01 18:48 - 2017-11-07 19:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2015-05-01 18:48 - 2017-08-18 11:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2015-05-01 18:48 - 2017-11-07 20:04 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2019-08-30 18:31 - 2017-11-07 19:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2015-05-01 18:48 - 2005-04-22 00:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2015-05-01 18:48 - 2013-03-08 02:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2021-03-16 16:56 - 2021-03-16 16:56 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2021-03-16 16:54 - 2021-03-16 16:54 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Toolbar: HKU\S-1-5-21-3275924145-2641615387-672222228-1001 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2020-06-25] (Bitdefender SRL -> Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-08-14] (Skype Technologies SA -> Skype Technologies)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2021-06-18 17:21 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3275924145-2641615387-672222228-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{315FFBE2-E43B-49F6-AAE7-A54CB13F0909}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [TCP Query User{A51C391A-3805-4B4C-8D7D-77E0553E94F1}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{520F1C86-7FDD-4E74-BA4F-08660BCE6C80}] => (Allow) LPort=54925
FirewallRules: [{482D649C-5E20-4079-8A63-5DC3047F0DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1F2C1C28-978F-423A-A74D-1026BABEB33D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{7300FDB2-10F1-40E2-B74A-CB55278F114F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{E3DF01D3-1AF7-42DF-A2A4-E808673B6600}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8740C6E0-7D15-4843-96D8-C09265E08285}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8B5880C-4490-4D5E-9A77-75696C4877C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{051DD04A-6FB5-45F7-ACAB-19901CFE66DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{431B35E4-BA44-488F-911C-249FE529B614}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D49398D6-CAD6-4E20-B141-505999B36F4B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{1166DFB0-AB58-4FA1-BC71-FBCAAC767C15}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{9C3EA2C3-CED5-4A17-AF58-07E8E27AC495}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{04D285CF-2E20-419A-B0E5-F6F2C5AC7B5A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7F3EE4D0-C8C2-46F5-993D-D585EBB7F7F3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{D4723671-300E-4877-839A-C2487C0345BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{41C7794B-A5D0-43A7-A10F-51E4B069E8D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0DA6071-907D-4E45-AB37-4D4CFD41B4D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D6C18B51-14A6-4D72-AC2A-5D52CC0C1CDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{786D88A2-FD58-461C-85CC-70C9CBB013BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82E1AD2D-C9B6-4B6F-85A4-255F44593F76}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DFBAADE7-10AF-4B34-AFC9-DDC9E5F5C770}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3AB122F-0376-45C5-96C8-F9DB09C0AC51}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D40F400B-F6EB-4F48-B475-171E101E13A9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{FA86187E-8A10-41B8-B4FD-044FF2EA277F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{342F3AD3-AE4F-4FBB-A75A-9B58B760F1CE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{519DD238-1520-4373-B2B6-65AB4B839EC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC5D23E1-B1DE-40DA-81BA-E14B6A02C66B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C1B989D2-6DE8-461E-9A44-BE2744307B7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

28-05-2021 11:46:25 Scheduled Checkpoint
09-06-2021 20:49:24 Windows Modules Installer
15-06-2021 05:08:44 AdwCleaner_BeforeCleaning_15/06/2021_05:08:43

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/18/2021 05:29:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1006, time stamp: 0x60a6743c
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x2534
Faulting application start time: 0x01d764887dc8b7c4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 02459628-6cc3-4105-85ee-7ab1d89ec6cc
Faulting package full name:
Faulting package-relative application ID:

Error: (06/14/2021 10:05:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Data (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/14/2021 10:05:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (06/12/2021 10:43:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname HoehnPC.local already in use; will try HoehnPC-2.local instead

Error: (06/12/2021 10:35:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 HoehnPC.local. Addr 192.168.1.65


System errors:
=============
Error: (06/18/2021 05:38:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Brother - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.

Error: (06/18/2021 05:26:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/18/2021 05:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASUS InstantOn service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/18/2021 05:21:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.

Error: (06/18/2021 05:20:12 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (06/18/2021 05:20:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:14:50 AM on ‎6/‎15/‎2021 was unexpected.

Error: (06/15/2021 05:19:29 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/15/2021 05:15:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASUS InstantOn service failed to start due to the following error:
The system cannot find the file specified.


==================== Memory info ===========================

BIOS: American Megatrends Inc. X75A.415 05/22/2013
Motherboard: ASUSTeK COMPUTER INC. X75A
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 8077.67 MB
Available physical RAM: 4322.8 MB
Total Virtual: 9357.67 MB
Available Virtual: 5551.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:217.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:397.61 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT

\\?\Volume{5975917d-3891-4e85-83f2-fc6400bc7ed7}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.44 GB) NTFS
\\?\Volume{70669f11-e8b3-45d8-b0eb-b3aca4e710da}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{3e8fc2a2-1158-442d-bc49-1ef339f1f09c}\ (Restore) (Fixed) (Total:20.01 GB) (Free:8.42 GB) NTFS
\\?\Volume{2825be3c-a830-413a-b913-334f17389c83}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04A53D1B)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[theRadiantChild]

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021
Ran by ann (19-06-2021 03:21:01) Run:1
Running from C:\Users\ann\Desktop
Loaded Profiles: ann
Boot Mode: Normal
==============================================

fixlist content:
*****************
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-09-20] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-09-20] <==== ATTENTION
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]
2018-12-19 22:19 - 2021-06-14 20:28 - 000000500 _____ () C:\Users\ann\AppData\Roaming\sp_data.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{315FFBE2-E43B-49F6-AAE7-A54CB13F0909}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [TCP Query User{A51C391A-3805-4B4C-8D7D-77E0553E94F1}C:\users\ann\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ann\appdata\local\akamai\netsession_win.exe => No File
FirewallRules: [{482D649C-5E20-4079-8A63-5DC3047F0DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1F2C1C28-978F-423A-A74D-1026BABEB33D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{7300FDB2-10F1-40E2-B74A-CB55278F114F}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe => No File
FirewallRules: [{431B35E4-BA44-488F-911C-249FE529B614}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D49398D6-CAD6-4E20-B141-505999B36F4B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{04D285CF-2E20-419A-B0E5-F6F2C5AC7B5A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{7F3EE4D0-C8C2-46F5-993D-D585EBB7F7F3}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{D4723671-300E-4877-839A-C2487C0345BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{41C7794B-A5D0-43A7-A10F-51E4B069E8D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{D40F400B-F6EB-4F48-B475-171E101E13A9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File

*****************

HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js => moved successfully
C:\Program Files\mozilla firefox\bd_config.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\ASUS InstantOn => removed successfully
ASUS InstantOn => service removed successfully
C:\Users\ann\AppData\Roaming\sp_data.sys => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{315FFBE2-E43B-49F6-AAE7-A54CB13F0909}C:\users\ann\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A51C391A-3805-4B4C-8D7D-77E0553E94F1}C:\users\ann\appdata\local\akamai\netsession_win.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{482D649C-5E20-4079-8A63-5DC3047F0DC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F2C1C28-978F-423A-A74D-1026BABEB33D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7300FDB2-10F1-40E2-B74A-CB55278F114F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{381E8562-61F2-430C-9154-FB9EA4AC6E37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E2B0167-C004-409D-8E55-72C2409D12B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{431B35E4-BA44-488F-911C-249FE529B614}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D49398D6-CAD6-4E20-B141-505999B36F4B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04D285CF-2E20-419A-B0E5-F6F2C5AC7B5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F3EE4D0-C8C2-46F5-993D-D585EBB7F7F3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4723671-300E-4877-839A-C2487C0345BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41C7794B-A5D0-43A7-A10F-51E4B069E8D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D40F400B-F6EB-4F48-B475-171E101E13A9}" => removed successfully

==== End of Fixlog 03:21:02 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program